Version: (using KDE Devel) Installed from: Compiled sources I have investigated a crash that I get when I right click on a audio file (ogg or wav tested) How to reproduce: * view a folder containing media files with konqueror * rightclick and select preview kaboom! Backtrace further down... This is what happens (I think) - debugged with breakpoints (texts in "" are objname) * "qt_viewport" is notified of a RMB down - OK * parent is notified of a RMB down - OK * "konq_popupmenu" is notified of a RMB release - OK ("qt_viewport" gets deleted, since screen is updated to handle plugins) * the deleted and reused [Note the this pointer = 0x1] for other purposes "qt_viewport" is notified with a RMB release - CRASH! (since the object does not exist - I have seen objnames like ":"?") #5 <signal handler called> #6 QShared::deref (this=0x1) at /opt/qt-copy/include/qshared.h:50 #7 0x080522f3 in QValueListPrivate<QString>::derefAndDelete (this=0x1) at /opt/qt-copy/include/qvaluelist.h:234 #8 0x080521d7 in QValueList<QString>::operator= (this=0x8302ea4, l=@0xbfffe9a8) at /opt/qt-copy/include/qvaluelist.h:449 #9 0x08051928 in QStringList::operator= (this=0x8302ea4, _ctor_arg=@0xbfffe9a8) at kinit.cpp:315 #10 0x40a63fe7 in QProcess::setArguments (this=0x8302e58, args=@0xbfffe9a8) at kernel/qprocess.cpp:301 #11 0x40a7cb5b in QWidget::event (this=0x8302e58, e=0xbfffe9a8) at kernel/qwidget.cpp:4308 #12 0x409fb179 in QApplication::internalNotify (this=0xbfffef58, receiver=0x8302e58, e=0xbfffe9a8) at kernel/qapplication.cpp:2288 #13 0x409fa870 in QApplication::notify (this=0xbfffef58, receiver=0x8302e58, e=0xbfffe9a8) at kernel/qapplication.cpp:2096 #14 0x40665e54 in KApplication::notify (this=0xbfffef58, receiver=0x8302e58, event=0xbfffe9a8) at kapplication.cpp:440 #15 0x40ddb4f4 in QApplication::sendSpontaneousEvent (receiver=0x8302e58, event=0xbfffe9a8) at .moc/debug-shared-mt/../../kernel/qapplication.h:480 #16 0x409a7c9d in QETWidget::translateMouseEvent (this=0x8302e58, event=0xbfffed00) at kernel/qapplication_x11.cpp:4235 #17 0x409a54b5 in QApplication::x11ProcessEvent (this=0xbfffef58, event=0xbfffed00) at kernel/qapplication_x11.cpp:3383 #18 0x409b7b4c in QEventLoop::processEvents (this=0x80b07f0, flags=4) at kernel/qeventloop_x11.cpp:167 #19 0x40a0dc00 in QEventLoop::enterLoop (this=0x80b07f0) at kernel/qeventloop.cpp:188 #20 0x40a0db45 in QEventLoop::exec (this=0x80b07f0) at kernel/qeventloop.cpp:138 #21 0x409fb375 in QApplication::exec (this=0xbfffef58) at kernel/qapplication.cpp:2409 #22 0x41357e94 in main (argc=3, argv=0x805f2a8) at konq_main.cc:130
Reviewing this while awake... "Preview" should be read as "Preview in embedded player"
Still happens in 3.1rc2
Noticed that I could get better debug output with kdebugdialog... konqueror: KonqView::setLocationBarURL file:/var/downloaded/Media/korva.wav this=0x82b3770 konqueror: KonqMainWindow::setLocationBarURL: url = file:/var/downloaded/Media/korva.wav konqueror: changeViewMode: serviceType is audio/x-wav serviceName is kaboodle_component current service name is konq_detailedlistview konqueror: Switching view modes... konqueror: Trying to create view for "audio/x-wav" konqueror: Found requested service kaboodle_component konqueror: Trying to open lib for requested service kaboodle_component konqueror: KonqView::switchView mcop warning: user defined signal handler found for SIG_PIPE, overriding konqueror: KonqMainWindow::slotPartChanged kparts: WARNING: Part '' has a widget view widget with a focus policy of NoFocus. It should have at least a ClickFocus policy, for part activation to work well. konqueror: KonqMainWindow::slotPartActivated 0x83eb6e8 kaboodle konqueror: New current view 0x82b3770 konqueror: -KonqBaseListViewWidget konqueror: KonqView::openURL url=file:/var/downloaded/Media/korva.wav locationBarURL=file:/var/downloaded/Media/korva.wav konqueror: KonqView::setLocationBarURL file:/var/downloaded/Media/korva.wav this=0x82b3770 konqueror: KonqMainWindow::setLocationBarURL: url = file:/var/downloaded/Media/korva.wav konqueror: [void KonqView::setLoading(bool, bool = false)] loading=true hasPending=false konqueror: KonqView::slotCompleted hasPending=false libkonq: ## addToHistory: Typed URL: , Title: konqueror: [void KonqView::setLoading(bool, bool = false)] loading=false hasPending=false konqueror: KonqMainWindow::setCaption(file:/var/downloaded/Media/korva.wav) libkonq: ## addToHistory: file:/var/downloaded/Media/korva.wavTyped URL: file:/var/downloaded/Media/korva.wav, Title: konqueror: -------- KonqMainWindow::slotPopupMenu() - m_oldView = 0x82b3770, currentView = 0x82b3770, m_currentView = 0x82b3770 libkonq: ~KonqPopupMenu leave Program received signal SIGSEGV, Segmentation fault.
Created attachment 350 [details] Traceback from the fatal delete, note the usages higher up I have done some more debugging and noticed that it was when processing an event to qt_viewport that the object get deleted... When returning from this one have to be really careful not to use any of its members or make a virtual call. With the long call chain in this case it is almost impossible. One critical point is in the end of QScrollView::eventFilter [widgets/qscrollview.cpp:1538] return QFrame::eventFilter( obj, e ); // always continue with standard event processing * It forgets that it did accept and process the event... the code should be something like this return QFrame::eventFilter( obj, e ) || consumed_above; Doing it like this will abort the processing in QObject::event a few levels above. But it is still VERY hard to get right. My suggestion is to defere the deletion to a later time - is that possible? It might not even be necessary to delete the object - often it will be reused again really soon. (Preview in kaboodle, back to the qt_viewport)
Created attachment 351 [details] Traceback from fatal delete - It is even worse... as the blue pointers are used higher up in the call chain too... the green object pointer is OK to delete - I think...
Subject: Critical for KDE 3.1 RC2? Hi, Soon there will be an RC2 - I have found a bug that I think is pretty bad. (It has not yet been confirmed by anyone else, maybe not even noticed - since no one has commented on it yet) Summary: Working with deleted objects [Two notes: It says that it still happens in KDE 3.1rc2 I hope this will not be the case (happens with recent cvs)... It happens with embedded previews for KHTML too...] http://bugs.kde.org/show_bug.cgi?id=49600 Having bugs of this kind can both produce crashes AND all sort of strange behavior...
please try upgrading qt-copy. *** This bug has been marked as a duplicate of 49896 ***
Subject: Re: event delivered to deleted object - kaboodle audio preview I checked out the new qt-copy Recompiled qt-copy (no clean - could still be a problem) Recompiled kde (cvs clean, cvs refresh, clean install)' And retested - Still crashes... I noticed that in the callchain there is still a timer event in the call chain. (Below the point where the deleted object is used) I have made this patch to QObjects destructor - the qWarning line is great for a breakpoint... (add one and retest even if your konqueror does not crash - a corrupt pointer is bad even without a crash) Notice the "delete oldPart" in KonqView::switchView shouldn't it be deferred with a new timer event? /RogerL Index: qobject.cpp =================================================================== RCS file: /cvs/qt-copy/src/kernel/qobject.cpp,v retrieving revision 1.52 diff -u -3 -p -r1.52 qobject.cpp --- qobject.cpp 2002/10/30 10:59:31 1.52 +++ qobject.cpp 2002/11/02 23:29:21 @@ -379,6 +379,9 @@ QObject::QObject( QObject *parent, const QObject::~QObject() { + if (objname && strcmp(objname, "qt_viewport") == 0) + qWarning(QString("Deleting qt_viewport this=%1").arg((long)this,0,16)); + if ( wasDeleted ) { #if defined(QT_DEBUG) qWarning( "Double QObject deletion detected." );
reopening
Looking at the second backtrace I believe this should be fixed in qt-copy already. If you grep for 'shortcut' in qt-copy/src/kernel/qeventloop_p.h , do you get any hints?
No, there is no sign of 'shortcut' in qeventloop_p.h in my files. But neither are there in http://kdewebcvs.pandmservices.com/cgi-bin/cvsweb.cgi/qt-copy/src/kernel/qapplication_p.h or my cvs source kdecvs.radar.tugraz.at
Created attachment 368 [details] event loop patch from qt-copy
Ok, looks like anoncvs and webcvs are outdated. Please try attachment 1 [details] , it's the event loop patch from Brad that I believe should fix this bug.
*** This bug has been marked as a duplicate of 49896 ***