308018 – Dolphin crashes instantly whenever trying to let it read out a marked filename

Bug 308018 - Dolphin crashes instantly whenever trying to let it read out a marked filename

Summary: Dolphin crashes instantly whenever trying to let it read out a marked filename

Status:	RESOLVED FIXED

Alias:	None

Product:	dolphin
Classification:	Applications
Component:	view-engine: general (show other bugs)
Version:	2.1
Platform:	Ubuntu Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Dolphin Bug Assignee

URL:
Keywords:	investigated, reproducible

Depends on:
Blocks:

Reported:	2012-10-07 11:56 UTC by Ettore Atalan
Modified:	2012-11-06 19:54 UTC (History)
CC List:	0 users

See Also:
Latest Commit:	http://commits.kde.org/kde-baseapps/951cb9c35d7a9ef814b3de5b359915968da9b881
Version Fixed In:	4.9.4

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Ettore Atalan 2012-10-07 11:56:40 UTC

Application: dolphin (2.1)
KDE Platform Version: 4.9.2
Qt Version: 4.8.2
Operating System: Linux 3.4.0-030400rc6-generic x86_64
Distribution: Ubuntu 12.04.1 LTS

-- Information about the crash:
- What I was doing when the application crashed:

I did a right click on a file, chose rename, then I did another right click on the marked filename and chose "Read out" ("Text vorlesen" on my german user interface).

After chosing this option, Dolphin crashes instantly each time.

The crash can be reproduced every time.

-- Backtrace:
Application: Dolphin (dolphin), signal: Segmentation fault
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Current thread is 1 (Thread 0x7fa7df8e8780 (LWP 4985))]

Thread 4 (Thread 0x7fa7d82fe700 (LWP 4988)):
#0  0x00007fa7f25bc8bd in read () at ../sysdeps/unix/syscall-template.S:82
#1  0x00007fa7e9e898cf in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007fa7e9e4eba4 in g_main_context_check () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007fa7e9e4efd6 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#4  0x00007fa7e9e4f164 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#5  0x00007fa7ef31c906 in QEventDispatcherGlib::processEvents (this=0x7fa7d00008c0, flags=...) at kernel/qeventdispatcher_glib.cpp:426
#6  0x00007fa7ef2ebe42 in QEventLoop::processEvents (this=<optimized out>, flags=...) at kernel/qeventloop.cpp:149
#7  0x00007fa7ef2ec097 in QEventLoop::exec (this=0x7fa7d82fddd0, flags=...) at kernel/qeventloop.cpp:204
#8  0x00007fa7ef1eb057 in QThread::exec (this=<optimized out>) at thread/qthread.cpp:501
#9  0x00007fa7ef2cbb4f in QInotifyFileSystemWatcherEngine::run (this=0x19fd3d0) at io/qfilesystemwatcher_inotify.cpp:248
#10 0x00007fa7ef1ee07b in QThreadPrivate::start (arg=0x19fd3d0) at thread/qthread_unix.cpp:307
#11 0x00007fa7ea713e9a in start_thread (arg=0x7fa7d82fe700) at pthread_create.c:308
#12 0x00007fa7f25c9cbd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#13 0x0000000000000000 in ?? ()

Thread 3 (Thread 0x7fa7d715d700 (LWP 4989)):
#0  0x00007fa7f25bc8bd in read () at ../sysdeps/unix/syscall-template.S:82
#1  0x00007fa7e9e898cf in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007fa7e9e4eba4 in g_main_context_check () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007fa7e9e4efd6 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#4  0x00007fa7e9e4f164 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#5  0x00007fa7ef31c906 in QEventDispatcherGlib::processEvents (this=0x7fa7c80008c0, flags=...) at kernel/qeventdispatcher_glib.cpp:426
#6  0x00007fa7ef2ebe42 in QEventLoop::processEvents (this=<optimized out>, flags=...) at kernel/qeventloop.cpp:149
#7  0x00007fa7ef2ec097 in QEventLoop::exec (this=0x7fa7d715cdd0, flags=...) at kernel/qeventloop.cpp:204
#8  0x00007fa7ef1eb057 in QThread::exec (this=<optimized out>) at thread/qthread.cpp:501
#9  0x00007fa7ef2cbb4f in QInotifyFileSystemWatcherEngine::run (this=0x1966200) at io/qfilesystemwatcher_inotify.cpp:248
#10 0x00007fa7ef1ee07b in QThreadPrivate::start (arg=0x1966200) at thread/qthread_unix.cpp:307
#11 0x00007fa7ea713e9a in start_thread (arg=0x7fa7d715d700) at pthread_create.c:308
#12 0x00007fa7f25c9cbd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#13 0x0000000000000000 in ?? ()

Thread 2 (Thread 0x7fa7d530f700 (LWP 4997)):
#0  0x00007fa7f25bc8bd in read () at ../sysdeps/unix/syscall-template.S:82
#1  0x00007fa7e9e898cf in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007fa7e9e4eba4 in g_main_context_check () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007fa7e9e4efd6 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#4  0x00007fa7e9e4f164 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#5  0x00007fa7ef31c906 in QEventDispatcherGlib::processEvents (this=0x7fa7c00008c0, flags=...) at kernel/qeventdispatcher_glib.cpp:426
#6  0x00007fa7ef2ebe42 in QEventLoop::processEvents (this=<optimized out>, flags=...) at kernel/qeventloop.cpp:149
#7  0x00007fa7ef2ec097 in QEventLoop::exec (this=0x7fa7d530edd0, flags=...) at kernel/qeventloop.cpp:204
#8  0x00007fa7ef1eb057 in QThread::exec (this=<optimized out>) at thread/qthread.cpp:501
#9  0x00007fa7ef2cbb4f in QInotifyFileSystemWatcherEngine::run (this=0x21bb770) at io/qfilesystemwatcher_inotify.cpp:248
#10 0x00007fa7ef1ee07b in QThreadPrivate::start (arg=0x21bb770) at thread/qthread_unix.cpp:307
#11 0x00007fa7ea713e9a in start_thread (arg=0x7fa7d530f700) at pthread_create.c:308
#12 0x00007fa7f25c9cbd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#13 0x0000000000000000 in ?? ()

Thread 1 (Thread 0x7fa7df8e8780 (LWP 4985)):
[KCrash Handler]
#6  0x0000000000000000 in ?? ()
#7  0x00007fa7efe3abfd in KTextEdit::contextMenuEvent (this=0x27b6800, event=0x7fff5a201870) at ../../kdeui/widgets/ktextedit.cpp:620
#8  0x00007fa7ee441d04 in QWidget::event (this=0x27b6800, event=0x7fff5a201870) at kernel/qwidget.cpp:8538
#9  0x00007fa7ee802836 in QFrame::event (this=0x27b6800, e=0x7fff5a201870) at widgets/qframe.cpp:557
#10 0x00007fa7ef2ed498 in QCoreApplicationPrivate::sendThroughObjectEventFilters (this=<optimized out>, receiver=0x27c24d0, event=0x7fff5a201870) at kernel/qcoreapplication.cpp:1025
#11 0x00007fa7ee3f177f in notify_helper (e=0x7fff5a201870, receiver=0x27c24d0, this=0x1919a90) at kernel/qapplication.cpp:4552
#12 QApplicationPrivate::notify_helper (this=0x1919a90, receiver=0x27c24d0, e=0x7fff5a201870) at kernel/qapplication.cpp:4528
#13 0x00007fa7ee3f6a3d in QApplication::notify (this=<optimized out>, receiver=0x27c24d0, e=0x7fff5a201870) at kernel/qapplication.cpp:4178
#14 0x00007fa7efd53756 in KApplication::notify (this=0x7fff5a202520, receiver=0x27c24d0, event=0x7fff5a201870) at ../../kdeui/kernel/kapplication.cpp:311
#15 0x00007fa7ef2ed30c in QCoreApplication::notifyInternal (this=0x7fff5a202520, receiver=0x27c24d0, event=0x7fff5a201870) at kernel/qcoreapplication.cpp:915
#16 0x00007fa7ee471b78 in sendSpontaneousEvent (event=0x7fff5a201870, receiver=0x27c24d0) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:234
#17 QETWidget::translateMouseEvent (this=<optimized out>, event=<optimized out>) at kernel/qapplication_x11.cpp:4622
#18 0x00007fa7ee470ace in QApplication::x11ProcessEvent (this=0x7fff5a202520, event=0x7fff5a202110) at kernel/qapplication_x11.cpp:3732
#19 0x00007fa7ee49a052 in x11EventSourceDispatch (s=0x191cd70, callback=0, user_data=0x0) at kernel/qguieventdispatcher_glib.cpp:146
#20 0x00007fa7e9e4ed53 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#21 0x00007fa7e9e4f0a0 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#22 0x00007fa7e9e4f164 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#23 0x00007fa7ef31c89f in QEventDispatcherGlib::processEvents (this=0x18ecb10, flags=...) at kernel/qeventdispatcher_glib.cpp:424
#24 0x00007fa7ee499cde in QGuiEventDispatcherGlib::processEvents (this=<optimized out>, flags=...) at kernel/qguieventdispatcher_glib.cpp:204
#25 0x00007fa7ef2ebe42 in QEventLoop::processEvents (this=<optimized out>, flags=...) at kernel/qeventloop.cpp:149
#26 0x00007fa7ef2ec097 in QEventLoop::exec (this=0x7fff5a2024b0, flags=...) at kernel/qeventloop.cpp:204
#27 0x00007fa7ef2f13e7 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1187
#28 0x00007fa7f28e5677 in kdemain () from /usr/lib/kde4/libkdeinit/libkdeinit4_dolphin.so
#29 0x00007fa7f24f776d in __libc_start_main (main=0x400640, argc=5, ubp_av=0x7fff5a202a78, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff5a202a68) at libc-start.c:226
#30 0x0000000000400671 in _start ()

Possible duplicates by query: bug 233026.

Reported using DrKonqi

Comment 1 Frank Reininghaus 2012-10-08 17:01:12 UTC

Thanks for the bug report! I can confirm this crash.

Comment 2 Frank Reininghaus 2012-10-09 21:58:49 UTC

When running in Valgrind, such that everything is really slow, I can see that an error message box pops up, telling me that something about the text-to-speech setup is wrong.

When this box gets the focus from KItemListRoleEditor, KItemListRoleEditor::event(QEvent* event) makes sure that the roleEditingFinished() signal is emitted, which invokes KStandardItemListWidget::slotRoleEditingFinished(), which calls KStandardItemListWidget::closeRoleEditor(), which deletes the role editor using deleteLater().

Unfortunately, the KItemListRoleEditor, which is a subclass of KTextEdit, is deleted then inside the context menu's event loop while the function that created it, KTextEdit::contextMenuEvent(), is still being executed. As soon as we return to that function, we therefore get a crash.

I thought that using Qt::QueuedConnection for the connections in KStandardItemListWidget::editedRoleChanged() might be sufficient to fix this, but the slot is still called inside the nested event loop, so we need something better.

Comment 3 Frank Reininghaus 2012-11-05 21:09:53 UTC

Git commit 951cb9c35d7a9ef814b3de5b359915968da9b881 by Frank Reininghaus.
Committed on 05/11/2012 at 22:03.
Pushed by freininghaus into branch 'KDE/4.9'.

Prevent crashes caused by nested event loops run when renaming inline

When renaming inline and starting a drag or invoking the context menu,
a nested event loop will be run. If the role editor loses focus and
emits roleEditingFinished(), we must prevent that deleteLater() is
called because this would delete the role editor inside a nested event
loop which is run from one of its own functions. We would get a crash
when returning from that event loop otherwise.
Related: bug 309421
FIXED-IN: 4.9.4

M  +9    -2    dolphin/src/kitemviews/kstandarditemlistwidget.cpp
M  +47   -2    dolphin/src/kitemviews/private/kitemlistroleeditor.cpp
M  +12   -0    dolphin/src/kitemviews/private/kitemlistroleeditor.h

http://commits.kde.org/kde-baseapps/951cb9c35d7a9ef814b3de5b359915968da9b881

Comment 4 Ettore Atalan 2012-11-06 19:54:01 UTC

Thanks!