I'm getting a crash in git master when I close Okular after reloading a document *without* TOC (Open document -> Press F5 -> Close okular -> CRASH). Seems that we're trying to delete the old TOCModel that Qt has already freed for us, here's what valgrind has to say: ==16723== Invalid read of size 4 ==16723== at 0x71EE1FC: TOCModelPrivate::~TOCModelPrivate() (tocmodel.cpp:108) ==16723== by 0x71EE280: TOCModel::~TOCModel() (tocmodel.cpp:169) ==16723== by 0x71EE2C1: TOCModel::~TOCModel() (tocmodel.cpp:170) ==16723== by 0x428FA1B9: QObjectPrivate::deleteChildren() (in /usr/lib/libQtCore.so.4.8.4) ==16723== by 0x458D5B6F: QWidget::~QWidget() (in /usr/lib/libQtGui.so.4.8.4) ==16723== by 0x45CF16B1: QFrame::~QFrame() (in /usr/lib/libQtGui.so.4.8.4) ==16723== by 0x45D83F6A: QAbstractScrollArea::~QAbstractScrollArea() (in /usr/lib/libQtGui.so.4.8.4) ==16723== by 0x45E23041: QAbstractItemView::~QAbstractItemView() (in /usr/lib/libQtGui.so.4.8.4) ==16723== by 0x45E67C11: QTreeView::~QTreeView() (in /usr/lib/libQtGui.so.4.8.4) ==16723== by 0x45E67C52: QTreeView::~QTreeView() (in /usr/lib/libQtGui.so.4.8.4) ==16723== by 0x428FA1B9: QObjectPrivate::deleteChildren() (in /usr/lib/libQtCore.so.4.8.4) ==16723== by 0x458D5B6F: QWidget::~QWidget() (in /usr/lib/libQtGui.so.4.8.4) ==16723== Address 0x8c26b28 is 0 bytes inside a block of size 12 free'd ==16723== at 0x4007AEE: operator delete(void*) (vg_replace_malloc.c:480) ==16723== by 0x71EE2C9: TOCModel::~TOCModel() (tocmodel.cpp:170) ==16723== by 0x428FA1B9: QObjectPrivate::deleteChildren() (in /usr/lib/libQtCore.so.4.8.4) ==16723== by 0x458D5B6F: QWidget::~QWidget() (in /usr/lib/libQtGui.so.4.8.4) ==16723== by 0x45CF16B1: QFrame::~QFrame() (in /usr/lib/libQtGui.so.4.8.4) ==16723== by 0x45D83F6A: QAbstractScrollArea::~QAbstractScrollArea() (in /usr/lib/libQtGui.so.4.8.4) ==16723== by 0x45E23041: QAbstractItemView::~QAbstractItemView() (in /usr/lib/libQtGui.so.4.8.4) ==16723== by 0x45E67C11: QTreeView::~QTreeView() (in /usr/lib/libQtGui.so.4.8.4) ==16723== by 0x45E67C52: QTreeView::~QTreeView() (in /usr/lib/libQtGui.so.4.8.4) ==16723== by 0x428FA1B9: QObjectPrivate::deleteChildren() (in /usr/lib/libQtCore.so.4.8.4) ==16723== by 0x458D5B6F: QWidget::~QWidget() (in /usr/lib/libQtGui.so.4.8.4) ==16723== by 0x71EBC98: TOC::~TOC() (toc.cpp:55) I've had a look at the code, and I think this happens because in documents without TOC TOCModel::fill is never called and therefore delete d->m_oldModel; d->m_oldModel = 0; is never executed. When I close Okular, Qt automatically deletes the current TOCModel, but since d->m_oldModel stayed not equal to zero, we too try to delete it. I've tried to fix it by executing those two lines for documents without TOC too, it fixed the crash but broke Jaydeep's work on document with TOC (TOC wasn't restored any more) so it's a no-go :D Reproducible: Always
Git commit 0413d538574202034b04e07260702c5e49afe64e by Albert Astals Cid. Committed on 15/01/2013 at 01:16. Pushed by aacid into branch 'master'. Delete the oldModel even if the new doc has no toc M +0 -8 ui/toc.cpp M +5 -1 ui/tocmodel.cpp http://commits.kde.org/okular/0413d538574202034b04e07260702c5e49afe64e