251388 – kwin crashed when playing with knotes window decoration

Bug 251388 - kwin crashed when playing with knotes window decoration

Summary: kwin crashed when playing with knotes window decoration

Status:	RESOLVED FIXED

Alias:	None

Product:	kwin
Classification:	Plasma
Component:	general (show other bugs)
Version:	unspecified
Platform:	Compiled Sources Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Thomas Lübking

URL:
Keywords:

Duplicates (1):	266333 (view as bug list)
Depends on:
Blocks:

Reported:	2010-09-16 00:30 UTC by Wonko
Modified:	2011-02-14 22:24 UTC (History)
CC List:	2 users (show)

See Also:
Latest Commit:
Version Fixed In:	4.5.4

Attachments
New crash information added by DrKonqi (3.01 KB, text/plain) 2010-09-17 13:44 UTC, Wonko	Details
Secure clientGroup() calls in bridge.cpp (2.20 KB, patch) 2010-09-17 15:22 UTC, Thomas Lübking	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Wonko 2010-09-16 00:30:45 UTC

Application: kwin (4.5.1 (KDE 4.5.1))
KDE Platform Version: 4.5.1 (KDE 4.5.1) (Compiled from sources)
Qt Version: 4.6.3
Operating System: Linux 2.6.35-tuxonice-r1 x86_64
Distribution (Platform): Gentoo Packages

-- Information about the crash:
To reproduce my crash:
1. open a knotes window
2. enable its window decorations via kwin shortcut; the window now has two titles
3. right click on the window decoration; the window jumps a little up
4. immediately right click again on the window decoration -> crash

I can send some screenshots if you cannot reproduce this.

The crash can be reproduced every time.

-- Backtrace:
Application: KWin (kwin), signal: Segmentation fault
[KCrash Handler]
#6  0x00007f85c062920b in KWin::ClientGroup::displayClientMenu(int, QPoint const&) () from /usr/lib/libkdeinit4_kwin.so
#7  0x00007f85a7dd9209 in Oxygen::Client::mousePressEvent(QMouseEvent*) () from /usr/lib64/kde4/kwin3_oxygen.so
#8  0x00007f85a7dd9448 in Oxygen::Client::eventFilter(QObject*, QEvent*) () from /usr/lib64/kde4/kwin3_oxygen.so
#9  0x00007f85bbf5419e in QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) () from /usr/lib64/qt4/libQtCore.so.4
#10 0x00007f85bcb71b6c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib64/qt4/libQtGui.so.4
#11 0x00007f85bcb7884d in QApplication::notify(QObject*, QEvent*) () from /usr/lib64/qt4/libQtGui.so.4
#12 0x00007f85bfe6c886 in KApplication::notify(QObject*, QEvent*) () from /usr/lib/libkdeui.so.5
#13 0x00007f85bbf54d5b in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib64/qt4/libQtCore.so.4
#14 0x00007f85bcb77985 in QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool) () from /usr/lib64/qt4/libQtGui.so.4
#15 0x00007f85bcbf6923 in ?? () from /usr/lib64/qt4/libQtGui.so.4
#16 0x00007f85bcbf5649 in QApplication::x11ProcessEvent(_XEvent*) () from /usr/lib64/qt4/libQtGui.so.4
#17 0x00007f85bcc20861 in ?? () from /usr/lib64/qt4/libQtGui.so.4
#18 0x00007f85bbf536f2 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/qt4/libQtCore.so.4
#19 0x00007f85bbf53acd in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/qt4/libQtCore.so.4
#20 0x00007f85bbf58633 in QCoreApplication::exec() () from /usr/lib64/qt4/libQtCore.so.4
#21 0x00007f85c0633f0b in kdemain () from /usr/lib/libkdeinit4_kwin.so
#22 0x00007f85c02a5bbd in __libc_start_main () from /lib/libc.so.6
#23 0x0000000000400789 in _start ()

Reported using DrKonqi

Comment 1 Martin Flöser 2010-09-16 18:17:58 UTC

Unfortuantely this backtrace is missing the important debug information. If you are able to reproduce please install the debug packages provided by your distribution and attach a new backtrace. Thanks.

Comment 2 Wonko 2010-09-17 13:44:06 UTC

Created attachment 51753 [details]
New crash information added by DrKonqi

kwin (4.5.1 (KDE 4.5.1)) on KDE Platform 4.5.1 (KDE 4.5.1) using Qt 4.6.3

Okay, I re-compiled knotes and kwin with debug information.

This time, the crash did not always happen at the 2nd mouse click, I sometimes had to disable and enable the window decoration again for this. And I noticed that this does only seem to happen with desktop effects enabled.

-- Backtrace (Reduced):
#6  detach (this=0x0, index=0, pos=...) at /usr/include/qt4/QtCore/qlist.h:122
#7  operator[] (this=0x0, index=0, pos=...) at /usr/include/qt4/QtCore/qlist.h:448
#8  KWin::ClientGroup::displayClientMenu (this=0x0, index=0, pos=...) at /var/portage/tmp/portage/kde-base/kwin-4.5.1/work/kwin-4.5.1/kwin/clientgroup.cpp:245
#9  0x00007f6910d6d209 in Oxygen::Client::mousePressEvent (this=0xf2aaa0, event=0x7fff6cc878a0) at /var/portage/tmp/portage/kde-base/kwin-4.5.1/work/kwin-4.5.1/kwin/clients/oxygen/oxygenclient.cpp:1484
#10 0x00007f6910d6d448 in Oxygen::Client::eventFilter (this=0xf2aaa0, object=0x6c7540, event=0x7fff6cc878a0) at /var/portage/tmp/portage/kde-base/kwin-4.5.1/work/kwin-4.5.1/kwin/clients/oxygen/oxygenclient.cpp:1275

Comment 3 Thomas Lübking 2010-09-17 15:22:10 UTC

Created attachment 51757 [details]
Secure clientGroup() calls in bridge.cpp

because of the wonky state of clientGroup() it should actually be tested before every call (bridge.cpp in this case) :-(

patch for bridge.cpp attached...

Comment 4 Thomas Lübking 2010-10-06 19:39:32 UTC

SVN commit 1183245 by luebking:

secure clientGroup pointer accesses

BUG: 251388
CCBUG: 195907
CCBUG: 233756


 M  +10 -0     bridge.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1183245

Comment 5 Thomas Lübking 2010-11-23 23:09:21 UTC

SVN commit 1200088 by luebking:

backporting r1183245 "secure clientGroup pointer accesses"

CCBUG: 251388
CCBUG: 195907
CCBUG: 233756


 M  +10 -0     bridge.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1200088

Comment 6 Thomas Lübking 2011-02-14 22:24:07 UTC

*** Bug 266333 has been marked as a duplicate of this bug. ***