Bug 64501 - Crash when closed by the window closing icon
Summary: Crash when closed by the window closing icon
Status: RESOLVED FIXED
Alias: None
Product: umbrello
Classification: Applications
Component: general (show other bugs)
Version: unspecified
Platform: Compiled Sources Linux
: NOR crash
Target Milestone: ---
Assignee: Umbrello Development Group
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-09-18 18:45 UTC by Sebastian Stein
Modified: 2003-10-05 11:03 UTC (History)
0 users

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Stein 2003-09-18 18:45:00 UTC 
Version:           1.2-alpha (using KDE 3.1.3)
Installed from:    compiled sources
Compiler:          gcc version 3.2.2
OS:          Linux (i686) release 2.4.20

by Pascal Cazabat <pcazabat@club-internet.fr>:
When you start Umbrello, then closing it immediately by pressing the "cross"
icon, at the upper left of the window, Umbrello chrash.

(It seems not be true when you have worked, and it's not true if you quit by
the "quit" entry in the menu)
Comment 1 Sebastian Stein 2003-09-18 18:46:11 UTC 
This bug seems to be valid for version 1.1.1 and current (03/09/18) CVS 
version. I also experienced this problem several times. Here is a backtrace: 
 
#4  0x41196b48 in sigaction () from /lib/libc.so.6 
#5  0x40d62e2e in QGList::clear() () from /usr/lib/qt-3.1.2/lib/libqt-mt.so.3 
#6  0x080f2e22 in UMLDoc::deleteContents() (this=0x833e528) 
    at /usr/lib/qt-3.1.2/include/qptrlist.h:78 
#7  0x080f1dcb in UMLDoc::saveModified() (this=0x833e528) 
    at 
/home/sstein/programmierung/cvs/kde/kdesdk/umbrello/umbrello/umldoc.cpp:178 
#8  0x08103125 in UMLApp::queryClose() (this=0x82eb058) 
    at 
/home/sstein/programmierung/cvs/kde/kdesdk/umbrello/umbrello/uml.cpp:624 
#9  0x4057b9a3 in KMainWindow::closeEvent(QCloseEvent*) () 
   from /opt/kde/lib/libkdeui.so.4 
#10 0x40b2dc01 in QWidget::event(QEvent*) () 
   from /usr/lib/qt-3.1.2/lib/libqt-mt.so.3 
#11 0x40bd5142 in QMainWindow::event(QEvent*) () 
   from /usr/lib/qt-3.1.2/lib/libqt-mt.so.3
Comment 2 Sebastian Stein 2003-10-01 15:40:24 UTC 
Subject: Re: [Uml-devel]  Crash when closed by the window closing icon

And another backtrace:

#4  0x4119fb48 in sigaction () from /lib/libc.so.6
#5  0x080ec076 in ~CodeClassField (this=0x8447870) at codeclassfield.cpp:55
#6  0x4005f174 in ~JavaCodeClassField (this=0x8401fa0) at
javacodeclassfield.cpp:49
#7  0x40aff992 in QObject::~QObject() () from
/usr/lib/qt-3.1.2/lib/libqt-mt.so.3
#8  0x0814d9db in ~UMLObject (this=0x8583020) at umlobject.cpp:36
#9  0x080defff in ~UMLAttribute (this=0x8583020) at attribute.cpp:17
#10 0x40aff992 in QObject::~QObject() () from
/usr/lib/qt-3.1.2/lib/libqt-mt.so.3
#11 0x0814d9db in ~UMLObject (this=0x8581b80) at umlobject.cpp:36
#12 0x081353b8 in ~UMLCanvasObject (this=0x8581b80) at umlcanvasobject.cpp:28
#13 0x080e2f6b in ~UMLClassifier (this=0x8581b80) at classifier.cpp:28
#14 0x080e07e2 in ~UMLClass (this=0x8581b80) at class.cpp:32
#15 0x40aff992 in QObject::~QObject() () from
/usr/lib/qt-3.1.2/lib/libqt-mt.so.3
#16 0x08136798 in ~UMLDoc (this=0x83497e0) at umldoc.cpp:88
#17 0x40b312a8 in QWidget::~QWidget() () from
/usr/lib/qt-3.1.2/lib/libqt-mt.so.3
#18 0x40bdc48f in QMainWindow::~QMainWindow() () from
/usr/lib/qt-3.1.2/lib/libqt-mt.so.3
Comment 3 Sebastian Stein 2003-10-03 00:44:10 UTC 
Subject: Re: [Uml-devel]  Crash when closed by the window closing icon

The bug can be reproduced:

add a class diagram
add 2 classes
add a composition (or other association) between both classes
close Umbrello with the X without saving

The bug must be in the association code...
Comment 4 Sebastian Stein 2003-10-04 19:19:28 UTC 
Subject: Re: [Uml-devel]  Crash when closed by the window closing icon

When closed by the Quit menu entry, the destructor of UMLApp isn't called.
Sure, we may work around it that the destructor isn't called as well when
clicking the close button, but this wouldn't be the right way to do. So when
clicking the close X the crash happens. You can see the problem here with
valgrind output. This code was done by Brian, so please have a look at it,
you know best how to handle!

queryClose
queryExit
WARNING: DESTROYED CODE DOCUMENT name:new_class id:0x4539c228
WARNING: DESTROYED CODE DOCUMENT name:new_interface id:0x46223774
WARNING: DESTROYED CODE DOCUMENT name:new_class_1 id:0x465f313c
WARNING: DESTROYED CODE DOCUMENT name:new_interface_1 id:0x46609cd0
WARNING: DESTROYED CODE DOCUMENT name:build id:0x46662c10
~UMLApp
==3916==
==3916== Invalid read of size 4
==3916==    at 0x80DAA62: CodeClassField::removeMethod(CodeAccessorMethod*) (codeclassfield.cpp:186)
==3916==    by 0x80DA419: CodeClassField::~CodeClassField() (codeclassfield.cpp:55)
==3916==    by 0x40267BE7: JavaCodeClassField::~JavaCodeClassField() (javacodeclassfield.cpp:45)
==3916==    by 0x40D28E01: QObject::~QObject() (in /usr/lib/qt-3.2.1/lib/libqt-mt.so.3.2.1)
==3916==    Address 0x4539C228 is 0 bytes inside a block of size 192 free'd
==3916==    at 0x4002974F: __builtin_delete (vg_replace_malloc.c:233)
==3916==    by 0x4002976D: operator delete(void*) (vg_replace_malloc.c:242)
==3916==    by 0x4026876E: JavaClassifierCodeDocument::~JavaClassifierCodeDocument() (javaclassifiercodedocument.cpp:44)
==3916==    by 0x80E361C: CodeGenerator::~CodeGenerator() (codegenerator.cpp:69)
disInstr: unhandled instruction bytes: 0x62 0x40 0x0 0x0
==3916==
==3916== Invalid read of size 1
==3916==    at 0x4063AD98: ???
==3916==    by 0x80DA419: CodeClassField::~CodeClassField() (codeclassfield.cpp:55)
==3916==    by 0x40267BE7: JavaCodeClassField::~JavaCodeClassField() (javacodeclassfield.cpp:45)
==3916==    by 0x40D28E01: QObject::~QObject() (in /usr/lib/qt-3.2.1/lib/libqt-mt.so.3.2.1)
==3916==    Address 0xABD1477E is not stack'd, malloc'd or free'd
==3916== Warning: client attempted to close Valgrind's logfile fd (2).
==3916==    Use --logfile-fd=<number> to select an alternative logfile fd.
KCrash: Application 'umbrello' crashing...
==3916== Warning: invalid file descriptor 8 in syscall write()
==3916== discard syms in /usr/lib/gconv/ISO8859-1.so due to munmap()
==3916==
==3916== Invalid read of size 4
==3916==    at 0x413C63F9: __gconv_release_step (in /lib/libc-2.3.2.so)
==3916==    by 0x413C6FFC: __gconv_close_transform (in /lib/libc-2.3.2.so)
==3916==    by 0x414477E6: _nl_cleanup_ctype (in /lib/libc-2.3.2.so)
==3916==    by 0x414C3512: _nl_archive_subfreeres (in /lib/libc-2.3.2.so)
==3916==    Address 0x44B77764 is 8 bytes inside a block of size 60 free'd
==3916==    at 0x400296C7: free (vg_replace_malloc.c:220)
==3916==    by 0x413C63A0: free_derivation (in /lib/libc-2.3.2.so)
==3916==    by 0x4148F532: tdestroy_recurse (in /lib/libc-2.3.2.so)
==3916==    by 0x4148F555: tdestroy_recurse (in /lib/libc-2.3.2.so)
==3916==
==3916== Invalid write of size 4
==3916==    at 0x413C63FF: __gconv_release_step (in /lib/libc-2.3.2.so)
==3916==    by 0x413C6FFC: __gconv_close_transform (in /lib/libc-2.3.2.so)
==3916==    by 0x414477E6: _nl_cleanup_ctype (in /lib/libc-2.3.2.so)
==3916==    by 0x414C3512: _nl_archive_subfreeres (in /lib/libc-2.3.2.so)
==3916==    Address 0x44B77764 is 8 bytes inside a block of size 60 free'd
==3916==    at 0x400296C7: free (vg_replace_malloc.c:220)
==3916==    by 0x413C63A0: free_derivation (in /lib/libc-2.3.2.so)
==3916==    by 0x4148F532: tdestroy_recurse (in /lib/libc-2.3.2.so)
==3916==    by 0x4148F555: tdestroy_recurse (in /lib/libc-2.3.2.so)
==3916==
==3916== Invalid read of size 4
==3916==    at 0x413C6404: __gconv_release_step (in /lib/libc-2.3.2.so)
==3916==    by 0x413C6FFC: __gconv_close_transform (in /lib/libc-2.3.2.so)
==3916==    by 0x414477E6: _nl_cleanup_ctype (in /lib/libc-2.3.2.so)
==3916==    by 0x414C3512: _nl_archive_subfreeres (in /lib/libc-2.3.2.so)
==3916==    Address 0x44B7777C is 32 bytes inside a block of size 60 free'd
==3916==    at 0x400296C7: free (vg_replace_malloc.c:220)
==3916==    by 0x413C63A0: free_derivation (in /lib/libc-2.3.2.so)
==3916==    by 0x4148F532: tdestroy_recurse (in /lib/libc-2.3.2.so)
==3916==    by 0x4148F555: tdestroy_recurse (in /lib/libc-2.3.2.so)
==3916==
==3916== Invalid read of size 4
==3916==    at 0x413C640B: __gconv_release_step (in /lib/libc-2.3.2.so)
==3916==    by 0x413C6FFC: __gconv_close_transform (in /lib/libc-2.3.2.so)
==3916==    by 0x414477E6: _nl_cleanup_ctype (in /lib/libc-2.3.2.so)
==3916==    by 0x414C3512: _nl_archive_subfreeres (in /lib/libc-2.3.2.so)
==3916==    Address 0x44B7775C is 0 bytes inside a block of size 60 free'd
==3916==    at 0x400296C7: free (vg_replace_malloc.c:220)
==3916==    by 0x413C63A0: free_derivation (in /lib/libc-2.3.2.so)
==3916==    by 0x4148F532: tdestroy_recurse (in /lib/libc-2.3.2.so)
==3916==    by 0x4148F555: tdestroy_recurse (in /lib/libc-2.3.2.so)
==3916==
==3916== Invalid write of size 4
==3916==    at 0x413C6425: __gconv_release_step (in /lib/libc-2.3.2.so)
==3916==    by 0x413C6FFC: __gconv_close_transform (in /lib/libc-2.3.2.so)
==3916==    by 0x414477E6: _nl_cleanup_ctype (in /lib/libc-2.3.2.so)
==3916==    by 0x414C3512: _nl_archive_subfreeres (in /lib/libc-2.3.2.so)
==3916==    Address 0x44B7775C is 0 bytes inside a block of size 60 free'd
==3916==    at 0x400296C7: free (vg_replace_malloc.c:220)
==3916==    by 0x413C63A0: free_derivation (in /lib/libc-2.3.2.so)
==3916==    by 0x4148F532: tdestroy_recurse (in /lib/libc-2.3.2.so)
==3916==    by 0x4148F555: tdestroy_recurse (in /lib/libc-2.3.2.so)
==3916==
==3916== Invalid read of size 4
==3916==    at 0x413C63F9: __gconv_release_step (in /lib/libc-2.3.2.so)
==3916==    by 0x413C6FFC: __gconv_close_transform (in /lib/libc-2.3.2.so)
==3916==    by 0x414477F0: _nl_cleanup_ctype (in /lib/libc-2.3.2.so)
==3916==    by 0x414C3512: _nl_archive_subfreeres (in /lib/libc-2.3.2.so)
==3916==    Address 0x44B77110 is 8 bytes inside a block of size 60 free'd
==3916==    at 0x400296C7: free (vg_replace_malloc.c:220)
==3916==    by 0x413C63A0: free_derivation (in /lib/libc-2.3.2.so)
==3916==    by 0x4148F532: tdestroy_recurse (in /lib/libc-2.3.2.so)
==3916==    by 0x414C3281: free_mem (in /lib/libc-2.3.2.so)
==3916==
==3916== Invalid write of size 4
==3916==    at 0x413C63FF: __gconv_release_step (in /lib/libc-2.3.2.so)
==3916==    by 0x413C6FFC: __gconv_close_transform (in /lib/libc-2.3.2.so)
==3916==    by 0x414477F0: _nl_cleanup_ctype (in /lib/libc-2.3.2.so)
==3916==    by 0x414C3512: _nl_archive_subfreeres (in /lib/libc-2.3.2.so)
==3916==    Address 0x44B77110 is 8 bytes inside a block of size 60 free'd
==3916==    at 0x400296C7: free (vg_replace_malloc.c:220)
==3916==    by 0x413C63A0: free_derivation (in /lib/libc-2.3.2.so)
==3916==    by 0x4148F532: tdestroy_recurse (in /lib/libc-2.3.2.so)
==3916==    by 0x414C3281: free_mem (in /lib/libc-2.3.2.so)
==3916==
==3916== Invalid read of size 4
==3916==    at 0x413C6404: __gconv_release_step (in /lib/libc-2.3.2.so)
==3916==    by 0x413C6FFC: __gconv_close_transform (in /lib/libc-2.3.2.so)
==3916==    by 0x414477F0: _nl_cleanup_ctype (in /lib/libc-2.3.2.so)
==3916==    by 0x414C3512: _nl_archive_subfreeres (in /lib/libc-2.3.2.so)
==3916==    Address 0x44B77128 is 32 bytes inside a block of size 60 free'd
==3916==    at 0x400296C7: free (vg_replace_malloc.c:220)
==3916==    by 0x413C63A0: free_derivation (in /lib/libc-2.3.2.so)
==3916==    by 0x4148F532: tdestroy_recurse (in /lib/libc-2.3.2.so)
==3916==    by 0x414C3281: free_mem (in /lib/libc-2.3.2.so)
==3916==
==3916== Invalid read of size 4
==3916==    at 0x413C640B: __gconv_release_step (in /lib/libc-2.3.2.so)
==3916==    by 0x413C6FFC: __gconv_close_transform (in /lib/libc-2.3.2.so)
==3916==    by 0x414477F0: _nl_cleanup_ctype (in /lib/libc-2.3.2.so)
==3916==    by 0x414C3512: _nl_archive_subfreeres (in /lib/libc-2.3.2.so)
==3916==    Address 0x44B77108 is 0 bytes inside a block of size 60 free'd
==3916==    at 0x400296C7: free (vg_replace_malloc.c:220)
==3916==    by 0x413C63A0: free_derivation (in /lib/libc-2.3.2.so)
==3916==    by 0x4148F532: tdestroy_recurse (in /lib/libc-2.3.2.so)
==3916==    by 0x414C3281: free_mem (in /lib/libc-2.3.2.so)
==3916==
==3916== Invalid write of size 4
==3916==    at 0x413C6425: __gconv_release_step (in /lib/libc-2.3.2.so)
==3916==    by 0x413C6FFC: __gconv_close_transform (in /lib/libc-2.3.2.so)
==3916==    by 0x414477F0: _nl_cleanup_ctype (in /lib/libc-2.3.2.so)
==3916==    by 0x414C3512: _nl_archive_subfreeres (in /lib/libc-2.3.2.so)
==3916==    Address 0x44B77108 is 0 bytes inside a block of size 60 free'd
==3916==    at 0x400296C7: free (vg_replace_malloc.c:220)
==3916==    by 0x413C63A0: free_derivation (in /lib/libc-2.3.2.so)
==3916==    by 0x4148F532: tdestroy_recurse (in /lib/libc-2.3.2.so)
==3916==    by 0x414C3281: free_mem (in /lib/libc-2.3.2.so)
==3916== discard syms in /lib/libnss_compat-2.3.2.so due to munmap()
==3916== discard syms in /lib/libnsl-2.3.2.so due to munmap()
==3916==
==3916== Invalid free() / delete / delete[]
==3916==    at 0x400296C7: free (vg_replace_malloc.c:220)
==3916==    by 0x414C3A5B: free_mem (in /lib/libc-2.3.2.so)
==3916==    by 0x414C37C8: __GI___libc_freeres (in /lib/libc-2.3.2.so)
==3916==    by 0x40181E00: vgPlain___libc_freeres_wrapper (vg_intercept.c:831)
==3916==    Address 0x41383D00 is not stack'd, malloc'd or free'd
==3916==
Comment 5 Sebastian Stein 2003-10-05 11:03:37 UTC 
fixed by Brian Thomas