205625 – Crash after editing toolbar (KXMLGUI::removeClient on deleted client, QDom)

Bug 205625 - Crash after editing toolbar (KXMLGUI::removeClient on deleted client, QDom)

Summary: Crash after editing toolbar (KXMLGUI::removeClient on deleted client, QDom)

Status:	RESOLVED DUPLICATE of bug 170806

Alias:	None

Product:	kdelibs
Classification:	Frameworks and Libraries
Component:	kdeui (show other bugs)
Version:	unspecified
Platform:	Unlisted Binaries Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	kdelibs bugs

URL:
Keywords:

Duplicates (13):	173717 190504 194494 195382 198928 201991 202934 203221 203660 203719 204869 205633 263875 (view as bug list)
Depends on:
Blocks:

Reported:	2009-08-30 00:09 UTC by Fif59
Modified:	2011-01-31 00:03 UTC (History)
CC List:	18 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Force crash when accessing deleted clients from factory (2.49 KB, patch) 2009-08-31 22:28 UTC, Christoph Feck	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Fif59 2009-08-30 00:09:31 UTC

Application that crashed: akregator
Version of the application: 1.5.0
KDE Version: 4.3.00 (KDE 4.3.0)
Qt Version: 4.5.2
Operating System: Linux 2.6.31-desktop-0.rc7.4.1mnb i686
Distribution: "Mandriva Linux 2010.0"

 -- Backtrace:
Application: Akregator (akregator), signal: Segmentation fault
[KCrash Handler]
#6  QString::operator= (this=0x9c569cc, other=@0x9b9e3e4) at ../../src/corelib/arch/qatomic_i386.h:120
#7  0xb671530d in QDomNodePrivate (this=0x9c569a8, n=0x9b9e3c0, deep=true) at dom/qdom.cpp:1475
#8  0xb6715537 in QDomAttrPrivate (this=0x9c569a8, n=0x9b9e3c0, deep=false) at dom/qdom.cpp:4117
#9  0xb6715ba7 in QDomAttrPrivate::cloneNode (this=0x9b9e3c0, deep=true) at dom/qdom.cpp:4136
#10 0xb67183b3 in QDomNamedNodeMapPrivate::clone (this=0x950ea40, p=0x9c56948) at dom/qdom.cpp:3069
#11 0xb671b34e in QDomElementPrivate (this=0x9c56948, n=0x92f00e8, deep=<value optimized out>) at dom/qdom.cpp:4424
#12 0xb671b657 in QDomElementPrivate::cloneNode (this=0x92f00e8, deep=true) at dom/qdom.cpp:4437
#13 0xb6715360 in QDomNodePrivate (this=0x9fbbec8, n=0x9c4de80, deep=true) at dom/qdom.cpp:1485
#14 0xb671b337 in QDomElementPrivate (this=0x9fbbec8, n=0x9c4de80, deep=false) at dom/qdom.cpp:4422
#15 0xb671b657 in QDomElementPrivate::cloneNode (this=0x9c4de80, deep=true) at dom/qdom.cpp:4437
#16 0xb6715360 in QDomNodePrivate (this=0x94cbf38, n=0x94ad998, deep=true) at dom/qdom.cpp:1485
#17 0xb671b337 in QDomElementPrivate (this=0x94cbf38, n=0x94ad998, deep=false) at dom/qdom.cpp:4422
#18 0xb671b657 in QDomElementPrivate::cloneNode (this=0x94ad998, deep=true) at dom/qdom.cpp:4437
#19 0xb6715360 in QDomNodePrivate (this=0x9ba5600, n=0xa04a8f0, deep=true) at dom/qdom.cpp:1485
#20 0xb671ac57 in QDomDocumentPrivate (this=0x9ba5600, n=0xa04a8f0, deep=false) at dom/qdom.cpp:6185
#21 0xb671ad17 in QDomDocumentPrivate::cloneNode (this=0xa04a8f0, deep=true) at dom/qdom.cpp:6260
#22 0xb67125a8 in QDomNode::cloneNode (this=0xbff41c5c, deep=true) at dom/qdom.cpp:2358
#23 0xb7de6b92 in KXMLGUIFactory::removeClient (this=0x93071a8, client=0x9303110) at /usr/src/debug/kdelibs-4.3.0/kdeui/xmlgui/kxmlguifactory.cpp:425
#24 0xb7c37b0e in KDEPrivate::KEditToolBarWidget::rebuildKXMLGUIClients (this=0x94f0b58) at /usr/src/debug/kdelibs-4.3.0/kdeui/dialogs/kedittoolbar.cpp:791
#25 0xb7c380c7 in KDEPrivate::KEditToolBarWidget::save (this=0x94f0b58) at /usr/src/debug/kdelibs-4.3.0/kdeui/dialogs/kedittoolbar.cpp:769
#26 0xb7c3811b in KEditToolBarPrivate::_k_slotOk (this=0x92dea38) at /usr/src/debug/kdelibs-4.3.0/kdeui/dialogs/kedittoolbar.cpp:599
#27 0xb7c3d167 in KEditToolBar::qt_metacall (this=0xbff44154, _c=QMetaObject::InvokeMetaMethod, _id=75, _a=0xbff41ecc) at /usr/src/debug/kdelibs-4.3.0/build/kdeui/kedittoolbar.moc:78
#28 0xb775ec44 in QMetaObject::activate (sender=0xbff44154, from_signal_index=45, to_signal_index=45, argv=0x0) at kernel/qobject.cpp:3112
#29 0xb775f965 in QMetaObject::activate (sender=0xbff44154, m=0xb7ee3124, local_signal_index=9, argv=0x0) at kernel/qobject.cpp:3186
#30 0xb7c2f075 in KDialog::okClicked (this=0xbff44154) at /usr/src/debug/kdelibs-4.3.0/build/kdeui/kdialog.moc:252
#31 0xb7c30755 in KDialog::slotButtonClicked (this=0xbff44154, button=4) at /usr/src/debug/kdelibs-4.3.0/kdeui/dialogs/kdialog.cpp:854
#32 0xb7c32ceb in KDialog::qt_metacall (this=0xbff44154, _c=QMetaObject::InvokeMetaMethod, _id=33, _a=0xbff420b8) at /usr/src/debug/kdelibs-4.3.0/build/kdeui/kdialog.moc:184
#33 0xb7c3d102 in KEditToolBar::qt_metacall (this=0xbff44154, _c=QMetaObject::InvokeMetaMethod, _id=69, _a=0xbff420b8) at /usr/src/debug/kdelibs-4.3.0/build/kdeui/kedittoolbar.moc:71
#34 0xb775ec44 in QMetaObject::activate (sender=0x94c0258, from_signal_index=4, to_signal_index=4, argv=0xbff420b8) at kernel/qobject.cpp:3112
#35 0xb775f965 in QMetaObject::activate (sender=0x94c0258, m=0xb783a878, local_signal_index=0, argv=0xbff420b8) at kernel/qobject.cpp:3186
#36 0xb7761985 in QSignalMapper::mapped (this=0x94c0258, _t1=4) at .moc/release-shared/moc_qsignalmapper.cpp:95
#37 0xb776225c in QSignalMapper::map (this=0x94c0258, sender=0x9e4d8e8) at kernel/qsignalmapper.cpp:266
#38 0xb776243e in QSignalMapper::map (this=0x94c0258) at kernel/qsignalmapper.cpp:257
#39 0xb7762c60 in QSignalMapper::qt_metacall (this=0x94c0258, _c=QMetaObject::InvokeMetaMethod, _id=4, _a=0xbff42268) at .moc/release-shared/moc_qsignalmapper.cpp:81
#40 0xb775ec44 in QMetaObject::activate (sender=0x9e4d8e8, from_signal_index=29, to_signal_index=30, argv=0xbff42268) at kernel/qobject.cpp:3112
#41 0xb775f121 in QMetaObject::activate (sender=0x9e4d8e8, m=0xb75fd0c4, from_local_signal_index=2, to_local_signal_index=3, argv=0xbff42268) at kernel/qobject.cpp:3206
#42 0xb7418755 in QAbstractButton::clicked (this=0x9e4d8e8, _t1=false) at .moc/release-shared/moc_qabstractbutton.cpp:200
#43 0xb71303dd in QAbstractButtonPrivate::emitClicked (this=0x9bd5e70) at widgets/qabstractbutton.cpp:543
#44 0xb713211b in QAbstractButtonPrivate::click (this=0x9bd5e70) at widgets/qabstractbutton.cpp:536
#45 0xb71323b6 in QAbstractButton::mouseReleaseEvent (this=0x9e4d8e8, e=0xbff42800) at widgets/qabstractbutton.cpp:1115
#46 0xb6dc492c in QWidget::event (this=0x9e4d8e8, event=0xbff42800) at kernel/qwidget.cpp:7549
#47 0xb7130270 in QAbstractButton::event (this=0x9e4d8e8, e=0x9c56901) at widgets/qabstractbutton.cpp:1077
#48 0xb71dd3a3 in QPushButton::event (this=0x9e4d8e8, e=0xbff42800) at widgets/qpushbutton.cpp:662
#49 0xb6d6d6cc in QApplicationPrivate::notify_helper (this=0x912dfe8, receiver=0x9e4d8e8, e=0xbff42800) at kernel/qapplication.cpp:4056
#50 0xb6d7597b in QApplication::notify (this=0x9e4d8e8, receiver=0x9e4d8e8, e=0xbff42800) at kernel/qapplication.cpp:3758
#51 0xb7cc1528 in KApplication::notify (this=0xbff481ac, receiver=0x9e4d8e8, event=0xbff42800) at /usr/src/debug/kdelibs-4.3.0/kdeui/kernel/kapplication.cpp:302
#52 0xb774875e in QCoreApplication::notifyInternal (this=0xbff481ac, receiver=0x9e4d8e8, event=0xbff42800) at kernel/qcoreapplication.cpp:610
#53 0xb6d7499c in QApplicationPrivate::sendMouseEvent (receiver=0x9e4d8e8, event=0xbff42800, alienWidget=0x9e4d8e8, nativeWidget=0xbff44154, buttonDown=0xb7604a60, lastMouseReceiver=@0xb7604a64)
    at ../../src/corelib/kernel/qcoreapplication.h:216
#54 0xb6de566a in QETWidget::translateMouseEvent (this=0xbff44154, event=0xbff43e4c) at kernel/qapplication_x11.cpp:4409
#55 0xb6de4ba0 in QApplication::x11ProcessEvent (this=0xbff481ac, event=0xbff43e4c) at kernel/qapplication_x11.cpp:3428
#56 0xb6e0fde8 in x11EventSourceDispatch (s=0x913ea00, callback=0, user_data=0x0) at kernel/qguieventdispatcher_glib.cpp:146
#57 0xb586eb12 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#58 0xb58723e8 in ?? () from /usr/lib/libglib-2.0.so.0
#59 0xb587250e in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#60 0xb77743c8 in QEventDispatcherGlib::processEvents (this=0x912dae0, flags={i = 100}) at kernel/qeventdispatcher_glib.cpp:327
#61 0xb6e0f51a in QGuiEventDispatcherGlib::processEvents (this=0x912dae0, flags={i = 100}) at kernel/qguieventdispatcher_glib.cpp:202
#62 0xb7746d7d in QEventLoop::processEvents (this=0xbff44100, flags=) at kernel/qeventloop.cpp:149
#63 0xb77471c9 in QEventLoop::exec (this=0xbff44100, flags={i = 64}) at kernel/qeventloop.cpp:201
#64 0xb726d6a1 in QDialog::exec (this=0xbff44154) at dialogs/qdialog.cpp:498
#65 0x080506d2 in ?? ()
#66 0x080508dc in ?? ()
#67 0xb775ec44 in QMetaObject::activate (sender=0x925b008, from_signal_index=5, to_signal_index=6, argv=0xbff442c8) at kernel/qobject.cpp:3112
#68 0xb775f121 in QMetaObject::activate (sender=0x925b008, m=0xb75ebf08, from_local_signal_index=1, to_local_signal_index=2, argv=0xbff442c8) at kernel/qobject.cpp:3206
#69 0xb6d66e95 in QAction::triggered (this=0x925b008, _t1=false) at .moc/release-shared/moc_qaction.cpp:236
#70 0xb6d684c2 in QAction::activate (this=0x925b008, event=QAction::Trigger) at kernel/qaction.cpp:1160
#71 0xb71c6167 in QMenuPrivate::activateCausedStack (this=0x9b98fc8, causedStack=@0xbff443cc, action=0x925b008, action_e=QAction::Trigger, self=true) at widgets/qmenu.cpp:967
#72 0xb71cca98 in QMenuPrivate::activateAction (this=0x9b98fc8, action=0x925b008, action_e=QAction::Trigger, self=true) at widgets/qmenu.cpp:1060
#73 0xb71cd638 in QMenu::mouseReleaseEvent (this=0x95dc358, e=0xbff44a20) at widgets/qmenu.cpp:2254
#74 0xb7d9f5e1 in KMenu::mouseReleaseEvent (this=0x95dc358, e=0xbff44a20) at /usr/src/debug/kdelibs-4.3.0/kdeui/widgets/kmenu.cpp:456
#75 0xb6dc492c in QWidget::event (this=0x95dc358, event=0xbff44a20) at kernel/qwidget.cpp:7549
#76 0xb71cf8d4 in QMenu::event (this=0x95dc358, e=0xbff44a20) at widgets/qmenu.cpp:2353
#77 0xb6d6d6cc in QApplicationPrivate::notify_helper (this=0x912dfe8, receiver=0x95dc358, e=0xbff44a20) at kernel/qapplication.cpp:4056
#78 0xb6d7597b in QApplication::notify (this=0x95dc358, receiver=0x95dc358, e=0xbff44a20) at kernel/qapplication.cpp:3758
#79 0xb7cc1528 in KApplication::notify (this=0xbff481ac, receiver=0x95dc358, event=0xbff44a20) at /usr/src/debug/kdelibs-4.3.0/kdeui/kernel/kapplication.cpp:302
#80 0xb774875e in QCoreApplication::notifyInternal (this=0xbff481ac, receiver=0x95dc358, event=0xbff44a20) at kernel/qcoreapplication.cpp:610
#81 0xb6d7499c in QApplicationPrivate::sendMouseEvent (receiver=0x95dc358, event=0xbff44a20, alienWidget=0x0, nativeWidget=0x95dc358, buttonDown=0xb7604a60, lastMouseReceiver=@0xb7604a64)
    at ../../src/corelib/kernel/qcoreapplication.h:216
#82 0xb6de5ae6 in QETWidget::translateMouseEvent (this=0x95dc358, event=0xbff4606c) at kernel/qapplication_x11.cpp:4343
#83 0xb6de4ba0 in QApplication::x11ProcessEvent (this=0xbff481ac, event=0xbff4606c) at kernel/qapplication_x11.cpp:3428
#84 0xb6e0fde8 in x11EventSourceDispatch (s=0x913ea00, callback=0, user_data=0x0) at kernel/qguieventdispatcher_glib.cpp:146
#85 0xb586eb12 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#86 0xb58723e8 in ?? () from /usr/lib/libglib-2.0.so.0
#87 0xb587250e in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#88 0xb77743c8 in QEventDispatcherGlib::processEvents (this=0x912dae0, flags={i = 36}) at kernel/qeventdispatcher_glib.cpp:327
#89 0xb6e0f51a in QGuiEventDispatcherGlib::processEvents (this=0x912dae0, flags={i = 36}) at kernel/qguieventdispatcher_glib.cpp:202
#90 0xb7746d7d in QEventLoop::processEvents (this=0xbff46320, flags=) at kernel/qeventloop.cpp:149
#91 0xb77471c9 in QEventLoop::exec (this=0xbff46320, flags={i = 0}) at kernel/qeventloop.cpp:201
#92 0xb71cf717 in QMenu::exec (this=0x95dc358, p=@0xbff46668, action=0x0) at widgets/qmenu.cpp:1993
#93 0xb7dd3904 in KToolBar::contextMenuEvent (this=0x93092a0, event=0xbff46650) at /usr/src/debug/kdelibs-4.3.0/kdeui/widgets/ktoolbar.cpp:763
#94 0xb6dc4e20 in QWidget::event (this=0x93092a0, event=0xbff46650) at kernel/qwidget.cpp:7708
#95 0xb7213f04 in QToolBar::event (this=0x93092a0, event=0xbff46650) at widgets/qtoolbar.cpp:1193
#96 0xb6d6d6cc in QApplicationPrivate::notify_helper (this=0x912dfe8, receiver=0x93092a0, e=0xbff46650) at kernel/qapplication.cpp:4056
#97 0xb6d75561 in QApplication::notify (this=0x93092a0, receiver=0x92f0208, e=0xbff46858) at kernel/qapplication.cpp:3845
#98 0xb7cc1528 in KApplication::notify (this=0xbff481ac, receiver=0x92f0208, event=0xbff46858) at /usr/src/debug/kdelibs-4.3.0/kdeui/kernel/kapplication.cpp:302
#99 0xb774875e in QCoreApplication::notifyInternal (this=0xbff481ac, receiver=0x92f0208, event=0xbff46858) at kernel/qcoreapplication.cpp:610
#100 0xb6deb07d in QCoreApplication::sendSpontaneousEvent (receiver=0x92f0208, event=0x9c56901) at ../../src/corelib/kernel/qcoreapplication.h:216
#101 0xb6de5ca8 in QETWidget::translateMouseEvent (this=0x91b5918, event=0xbff47e7c) at kernel/qapplication_x11.cpp:4415
#102 0xb6de4ba0 in QApplication::x11ProcessEvent (this=0xbff481ac, event=0xbff47e7c) at kernel/qapplication_x11.cpp:3428
#103 0xb6e0fde8 in x11EventSourceDispatch (s=0x913ea00, callback=0, user_data=0x0) at kernel/qguieventdispatcher_glib.cpp:146
#104 0xb586eb12 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#105 0xb58723e8 in ?? () from /usr/lib/libglib-2.0.so.0
#106 0xb587250e in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#107 0xb77743c8 in QEventDispatcherGlib::processEvents (this=0x912dae0, flags={i = 36}) at kernel/qeventdispatcher_glib.cpp:327
#108 0xb6e0f51a in QGuiEventDispatcherGlib::processEvents (this=0x912dae0, flags={i = 36}) at kernel/qguieventdispatcher_glib.cpp:202
#109 0xb7746d7d in QEventLoop::processEvents (this=0xbff48134, flags=) at kernel/qeventloop.cpp:149
#110 0xb77471c9 in QEventLoop::exec (this=0xbff48134, flags={i = 0}) at kernel/qeventloop.cpp:201
#111 0xb7749660 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:888
#112 0xb6d6d544 in QApplication::exec () at kernel/qapplication.cpp:3525
#113 0x0804ea8a in _start ()

Reported using DrKonqi

Comment 1 Christoph Feck 2009-08-30 13:53:59 UTC

Thanks for the detailed crash report, there are already duplicates, but I will close the old ones as duplicates of this one, so that we have a pretty good and recent backtrace to look at.

Comment 2 Christoph Feck 2009-08-30 14:00:48 UTC

*** Bug 173717 has been marked as a duplicate of this bug. ***

Comment 3 Christoph Feck 2009-08-30 14:06:10 UTC

*** Bug 189084 has been marked as a duplicate of this bug. ***

Comment 4 Christoph Feck 2009-08-30 14:07:13 UTC

*** Bug 201991 has been marked as a duplicate of this bug. ***

Comment 5 Christoph Feck 2009-08-30 14:08:52 UTC

*** Bug 195382 has been marked as a duplicate of this bug. ***

Comment 6 Christoph Feck 2009-08-30 14:12:02 UTC

*** Bug 198928 has been marked as a duplicate of this bug. ***

Comment 7 Christoph Feck 2009-08-30 14:12:29 UTC

*** Bug 203660 has been marked as a duplicate of this bug. ***

Comment 8 Christoph Feck 2009-08-30 14:58:37 UTC

*** Bug 190504 has been marked as a duplicate of this bug. ***

Comment 9 Christoph Feck 2009-08-30 14:59:18 UTC

*** Bug 194494 has been marked as a duplicate of this bug. ***

Comment 10 Christoph Feck 2009-08-30 15:01:59 UTC

*** Bug 202934 has been marked as a duplicate of this bug. ***

Comment 11 Christoph Feck 2009-08-30 15:03:28 UTC

*** Bug 203221 has been marked as a duplicate of this bug. ***

Comment 12 Christoph Feck 2009-08-30 15:07:25 UTC

*** Bug 203719 has been marked as a duplicate of this bug. ***

Comment 13 David Faure 2009-08-31 21:16:51 UTC

Isn't this the crash I fixed in bug 200815?

Comment 14 Christoph Feck 2009-08-31 22:28:55 UTC

Created attachment 36598 [details]
Force crash when accessing deleted clients from factory

David, I am not sure.

The backtrace from bug 200815 is when the action has completed, and returns to the (now deleted, because of rebuild) KMenu.

But this crash happens during KXMLGUIFactory::removeClient called from KEditToolBarWidget::rebuildKXMLGUIClients. It has not completed the action yet, but already crashed.

If your fix is backported, then we will see with 4.3.1 reports.

Attached is what I have currently in my trunk, but I wasn't able to get a crash yet, not sure if accesses to 0xeeee0000 would crash at all.

Comment 15 Dario Andres 2009-09-02 04:49:03 UTC

*** Bug 205633 has been marked as a duplicate of this bug. ***

Comment 16 David Faure 2010-07-10 00:54:12 UTC

This now looks very likely to be the same as bug 170806, fixed in trunk in r1145720 (for kde-4.6; to be backported if it proves stable).

Comment 17 Christoph Feck 2010-08-29 19:03:49 UTC

*** Bug 204869 has been marked as a duplicate of this bug. ***

Comment 18 Christoph Feck 2010-10-13 17:56:22 UTC

Closing this as a duplicate of bug 170806 because the backtrace indicates that the XMLGUI client list contains stray pointers.

If you are experiencing toolbar or shortcut related crashes again with KDE 4.5.3 or later, please create a new bug report.

*** This bug has been marked as a duplicate of bug 170806 ***

Comment 19 Dario Andres 2011-01-31 00:03:26 UTC

*** Bug 263875 has been marked as a duplicate of this bug. ***