Bug 119600

Summary: Crash when removing all jobs
Product: [Applications] kaudiocreator Reporter: Markus Brueffer <markus>
Component: generalAssignee: Gerd Fleischer <gerdfleischer>
Status: RESOLVED FIXED    
Severity: crash    
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Compiled Sources   
OS: FreeBSD   
Latest Commit: Version Fixed In:

Description Markus Brueffer 2006-01-06 00:14:58 UTC 
Version:            (using KDE KDE 3.5.0)
Installed from:    Compiled From Sources
Compiler:          gcc (GCC) 3.4.4 [FreeBSD] 20050518 
OS:                FreeBSD

When clicking on "Remove All Jobs" while the current enqueued jobs are being processed, kaudiocreator crashes. This is with 3.5 branch at revision 494658

Backtrace:
Program received signal SIGBUS, Bus error.
[Switching to Thread 0x563000 (LWP 100116)]
0x0000000803204e3b in __dynamic_cast () from /usr/lib/libstdc++.so.5
(gdb) bt
#0  0x0000000803204e3b in __dynamic_cast () from /usr/lib/libstdc++.so.5
#1  0x0000000000422e6d in Ripper::removeJob (this=0x71bb00, id=1) at ripper.cpp:97
#2  0x0000000000423041 in Ripper::qt_invoke (this=0x71bb00, _id=4, _o=0x7fffffffdb60) at ripper.moc:191
#3  0x000000080221a4b7 in QObject::activate_signal () from /usr/X11R6/lib/libqt-mt.so.3
#4  0x000000080221ab2f in QObject::activate_signal () from /usr/X11R6/lib/libqt-mt.so.3
#5  0x000000000042147d in JobQueImp::removeJob (this=0x710e00, item=0x677400, kill=true, prompt=160) at jobqueimp.cpp:170
#6  0x00000000004216e5 in JobQueImp::removeAllJobs (this=0x710e00) at jobqueimp.cpp:224
#7  0x0000000000421b08 in JobQueImp::qt_invoke (this=0x710e00, _id=50, _o=0x7fffffffdda0) at jobqueimp.moc:115
#8  0x000000080221a528 in QObject::activate_signal () from /usr/X11R6/lib/libqt-mt.so.3
#9  0x000000080221ac92 in QObject::activate_signal () from /usr/X11R6/lib/libqt-mt.so.3
#10 0x000000080224ceac in QWidget::event () from /usr/X11R6/lib/libqt-mt.so.3
#11 0x00000008021bfecd in QApplication::internalNotify () from /usr/X11R6/lib/libqt-mt.so.3
#12 0x00000008021c0401 in QApplication::notify () from /usr/X11R6/lib/libqt-mt.so.3
#13 0x00000008016824d0 in KApplication::notify (this=0x7fffffffe6a0, receiver=0x67e500, event=0x7fffffffe0c0) at kapplication.cpp:550
#14 0x0000000802162877 in QETWidget::translateMouseEvent () from /usr/X11R6/lib/libqt-mt.so.3
#15 0x0000000802161581 in QApplication::x11ProcessEvent () from /usr/X11R6/lib/libqt-mt.so.3
#16 0x0000000802172e2a in QEventLoop::processEvents () from /usr/X11R6/lib/libqt-mt.so.3
#17 0x00000008021d42d9 in QEventLoop::enterLoop () from /usr/X11R6/lib/libqt-mt.so.3
#18 0x00000008021d4232 in QEventLoop::exec () from /usr/X11R6/lib/libqt-mt.so.3
#19 0x0000000000417deb in main (argc=6919168, argv=0x558640) at main.cpp:50
Comment 1 Richard Lärkäng 2007-08-18 11:37:42 UTC 
SVN commit 701441 by larkang:

Backport:
Fix crash when removing jobs, don't use the iterator after the item is removed

(doesn't crash for me with 3.5, but I think it's the cause of bug #119600,
 at least valgrind shows an Invalid Read)

BUG: 119600


 M  +1 -1      ripper.cpp  


--- branches/KDE/3.5/kdemultimedia/kaudiocreator/ripper.cpp #701440:701441
@@ -92,7 +92,6 @@
 	QMap<KIO::Job*, Job*>::Iterator it;
 	for( it = jobs.begin(); it != jobs.end(); ++it ){
 		if(it.data()->id == id){
-			jobs.remove(it.key());
 			KIO::FileCopyJob *copyJob = dynamic_cast<KIO::FileCopyJob*> (it.key());
 			if(copyJob){
 				QString fileDestination = (copyJob->destURL()).path();
@@ -107,6 +106,7 @@
 					f.remove();
 				}
 			}
+			jobs.remove(it.key());
 			break;
 		}
 	}