Bug 313146 - Crash when I close Okular after reloading a document without table of contents
Summary: Crash when I close Okular after reloading a document without table of contents
Status: RESOLVED FIXED
Alias: None
Product: okular
Classification: Applications
Component: general (show other bugs)
Version: 0.16.60
Platform: Other Linux
: NOR normal
Target Milestone: ---
Assignee: Okular developers
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-01-12 19:54 UTC by Fabio D'Urso
Modified: 2013-01-15 00:21 UTC (History)
1 user (show)

See Also:
Latest Commit: http://commits.kde.org/okular/0413d538574202034b04e07260702c5e49afe64e
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Fabio D'Urso 2013-01-12 19:54:51 UTC 
I'm getting a crash in git master when I close Okular after reloading a document *without* TOC (Open document -> Press F5 -> Close okular -> CRASH).

Seems that we're trying to delete the old TOCModel that Qt has already freed for us, here's what valgrind has to say:
==16723== Invalid read of size 4
==16723==    at 0x71EE1FC: TOCModelPrivate::~TOCModelPrivate() (tocmodel.cpp:108)
==16723==    by 0x71EE280: TOCModel::~TOCModel() (tocmodel.cpp:169)
==16723==    by 0x71EE2C1: TOCModel::~TOCModel() (tocmodel.cpp:170)
==16723==    by 0x428FA1B9: QObjectPrivate::deleteChildren() (in /usr/lib/libQtCore.so.4.8.4)
==16723==    by 0x458D5B6F: QWidget::~QWidget() (in /usr/lib/libQtGui.so.4.8.4)
==16723==    by 0x45CF16B1: QFrame::~QFrame() (in /usr/lib/libQtGui.so.4.8.4)
==16723==    by 0x45D83F6A: QAbstractScrollArea::~QAbstractScrollArea() (in /usr/lib/libQtGui.so.4.8.4)
==16723==    by 0x45E23041: QAbstractItemView::~QAbstractItemView() (in /usr/lib/libQtGui.so.4.8.4)
==16723==    by 0x45E67C11: QTreeView::~QTreeView() (in /usr/lib/libQtGui.so.4.8.4)
==16723==    by 0x45E67C52: QTreeView::~QTreeView() (in /usr/lib/libQtGui.so.4.8.4)
==16723==    by 0x428FA1B9: QObjectPrivate::deleteChildren() (in /usr/lib/libQtCore.so.4.8.4)
==16723==    by 0x458D5B6F: QWidget::~QWidget() (in /usr/lib/libQtGui.so.4.8.4)
==16723==  Address 0x8c26b28 is 0 bytes inside a block of size 12 free'd
==16723==    at 0x4007AEE: operator delete(void*) (vg_replace_malloc.c:480)
==16723==    by 0x71EE2C9: TOCModel::~TOCModel() (tocmodel.cpp:170)
==16723==    by 0x428FA1B9: QObjectPrivate::deleteChildren() (in /usr/lib/libQtCore.so.4.8.4)
==16723==    by 0x458D5B6F: QWidget::~QWidget() (in /usr/lib/libQtGui.so.4.8.4)
==16723==    by 0x45CF16B1: QFrame::~QFrame() (in /usr/lib/libQtGui.so.4.8.4)
==16723==    by 0x45D83F6A: QAbstractScrollArea::~QAbstractScrollArea() (in /usr/lib/libQtGui.so.4.8.4)
==16723==    by 0x45E23041: QAbstractItemView::~QAbstractItemView() (in /usr/lib/libQtGui.so.4.8.4)
==16723==    by 0x45E67C11: QTreeView::~QTreeView() (in /usr/lib/libQtGui.so.4.8.4)
==16723==    by 0x45E67C52: QTreeView::~QTreeView() (in /usr/lib/libQtGui.so.4.8.4)
==16723==    by 0x428FA1B9: QObjectPrivate::deleteChildren() (in /usr/lib/libQtCore.so.4.8.4)
==16723==    by 0x458D5B6F: QWidget::~QWidget() (in /usr/lib/libQtGui.so.4.8.4)
==16723==    by 0x71EBC98: TOC::~TOC() (toc.cpp:55)

I've had a look at the code, and I think this happens because in documents without TOC TOCModel::fill is never called and therefore
    delete d->m_oldModel;
    d->m_oldModel = 0;
is never executed.
When I close Okular, Qt automatically deletes the current TOCModel, but since d->m_oldModel stayed not equal to zero, we too try to delete it.

I've tried to fix it by executing those two lines for documents without TOC too, it fixed the crash but broke Jaydeep's work on document with TOC (TOC wasn't restored any more) so it's a no-go :D

Reproducible: Always
Comment 1 Albert Astals Cid 2013-01-15 00:21:55 UTC 
Git commit 0413d538574202034b04e07260702c5e49afe64e by Albert Astals Cid.
Committed on 15/01/2013 at 01:16.
Pushed by aacid into branch 'master'.

Delete the oldModel even if the new doc has no toc

M  +0    -8    ui/toc.cpp
M  +5    -1    ui/tocmodel.cpp

http://commits.kde.org/okular/0413d538574202034b04e07260702c5e49afe64e