| Summary: | knetwalk crashes on game won if there is exactly 1 entry in highscorelist | ||
|---|---|---|---|
| Product: | [Applications] knetwalk | Reporter: | Sune Vuorela <debian> |
| Component: | general | Assignee: | Fela Winkelmolen <fela.kde> |
| Status: | RESOLVED FIXED | ||
| Severity: | crash | ||
| Priority: | NOR | ||
| Version First Reported In: | unspecified | ||
| Target Milestone: | --- | ||
| Platform: | Debian testing | ||
| OS: | Linux | ||
| Latest Commit: | Version Fixed/Implemented In: | ||
| Sentry Crash Report: | |||
| Attachments: | patch to hopefully fix knetwalk crash | ||
This is also debian #388619 (http://bugs.debian.org/nnnn) and 383442 347757 361514 /Sune and sometimes I can only reproduce it when there is no knetwalkrc :/ /Sune I can't reproduce it, but here is what could be happening as far as I can tell:
knetwalk never calls setScoreHistogram() on it's Manager subclass object, so createHistoItems() is never called on the PlayerInfos object. Therefore, _histogram has size 0, but _bound is never initialized anywhere.
If _bound happens to be 0, PlayerInfos::histoSize() will return 1.
So, in the code snippet reported above, i is 0 and sh.size() is 0, so we call item(histoName(0))->increment(_id)
In histoName(0), we pass the Q_ASSERT (which looks buggy - I think it should be Q_ASSERT( i<sh.size() || (!_bound && i==sh.size()) ); , as right now it always passes if _bound is true, no matter what i is). Again, i == sh.size() so we return QString("nb scores greater that %1").arg(sh[-1]);
Even if this doesn't crash, we now lookup "nb scores greater than X" using findIndex(), but it doesn't exist, since createHistoItems() was never called, so it returns -1. This should trigger kdError(11002) and then return the item at(-1).
Finally, we call the ->increment(_id) function on the non-existent item at index -1.
Anyway, this is mostly speculation, since I can't reproduce the crash, but it seems possible for this to happen from looking at the code.
Created attachment 18474 [details]
patch to hopefully fix knetwalk crash
Hopefully this patch fixes the knetwalk crash. I haven't tested it, as I can't
reproduce the crash anyway, so it is only based on code analysis.
I have tried the proposed patch from jdmetz - and I have until now been unable to reproduce the crash. /Sune Actually, looking at the code this morning, it doesn't seem that that could be the cause of the crash, as the loop runs from (uint i=1; i<histoSize(); i++). I don't see how histoSize() could possibly be greater than 1 in this case, and even with histoSize() == 1, the inside of the loop should never be executed. My knetwalk crashes on game won, if I haven't selected a type of game at start. Starting knetwalk with the appropriate option solves this. For your information: I cannot reproduce the crash with KNetwalk 1.0 on KDE 3.5.7... Is it fixed? I cannot reproduce it either. steps I done : remove ~/.kde/share/config/knetwalkrc run knetwalk (in easy mode :p) win the game quit knetwalk run knetwalk win the game quit knetwalk => no crash so far. using kde 3.5.7 Could you try if the bug is reproductible for you please ? Is fixed downstream so can probably be closed now. *** Bug has been marked as fixed ***. |
Version: 3.5.5 (using KDE KDE 3.5.5) Installed from: Debian testing/unstable Packages OS: Linux Occasionally knetwalk crashes. I think I have tracked it down to when .kde/share/config/knetwalkrc has existed during exactly won game. If I delete knetwalkrc, I can play one game I think, then it crashes on the next. I have reproduced it a couple of times. Based on the backtrace and the code, it seems that 447 if ( score.type()==Won ) { 448 const QMemArray<uint> &sh = _histogram; 449 for (uint i=1; i<histoSize(); i++) 450 if ( i==sh.size() || score.score()<sh[i] ) { 451 item(histoName(i))->increment(_id); 452 break; 453 } 454 } in libkdegames/highscore/kexthighscore_internal.cpp is the bad part Backtrace follows here - I have also a full strace if wanted. I put the bit I might find interesting here: 4480 ioctl(5, FIONREAD, [0]) = 0 4480 write(6, "\0", 1) = 1 4480 time([1163023941]) = 1163023941 4480 gettimeofday({1163023941, 616853}, NULL) = 0 4480 write(2, "QGArray::at: Absolute index 4 ou"..., 43) = 43 4480 --- SIGSEGV (Segmentation fault) @ 0 (0) --- 4480 rt_sigaction(SIGALRM, {SIG_DFL}, {SIG_DFL Backtrace Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1". [Thread debugging using libthread_db enabled] [New Thread -1233353024 (LWP 5027)] [KCrash handler] #9 0xb7eef0db in KExtHighscore::PlayerInfos::submitScore (this=0x80994b8, score=@0xbfeab880) at /tmp/buildd/kdegames-3.5.5/build-tree/kdegames-3.5.5/libkdegames/highscore/kexthighscore_internal.cpp:450 #10 0xb7ef41bc in KExtHighscore::ManagerPrivate::submitScore (this=0x809a438, ascore=@0xbfeab91c, widget=0x80b6078, askIfAnonymous=true) at /tmp/buildd/kdegames-3.5.5/build-tree/kdegames-3.5.5/libkdegames/highscore/kexthighscore_internal.cpp:804 #11 0xb7ef7c15 in KExtHighscore::submitScore (score=@0xbfeab91c, widget=0x80b6078) at /tmp/buildd/kdegames-3.5.5/build-tree/kdegames-3.5.5/libkdegames/highscore/kexthighscore.cpp:67 #12 0x08052a14 in MainWindow::rotate (this=0x80b6078, index=22, toleft=true) at /tmp/buildd/kdegames-3.5.5/build-tree/kdegames-3.5.5/knetwalk/src/mainwindow.cpp:382 #13 0x08052a71 in MainWindow::lClicked (this=0x80b6078, index=22) at /tmp/buildd/kdegames-3.5.5/build-tree/kdegames-3.5.5/knetwalk/src/mainwindow.cpp:334 #14 0x08053b47 in MainWindow::qt_invoke (this=0x80b6078, _id=75, _o=0xbfeaba48) at ./mainwindow.moc:110 #15 0xb7497cb3 in QObject::activate_signal (this=0x81055e8, clist=0x80f7180, o=0xbfeaba48) at kernel/qobject.cpp:2356 #16 0xb74985ba in QObject::activate_signal (this=0x81055e8, signal=2, param=22) at kernel/qobject.cpp:2449 #17 0x08050384 in Cell::lClicked (this=0x81055e8, t0=22) at ./cell.moc:95 #18 0xb74ccb87 in QWidget::mouseDoubleClickEvent (this=0x81055e8, e=0xbfeabea4) at kernel/qwidget.cpp:5064 #19 0xb74ce693 in QWidget::event (this=0x81055e8, e=0xbfeabea4) at kernel/qwidget.cpp:4708 #20 0xb742fbd6 in QApplication::internalNotify (this=0xbfeac470, receiver=0x81055e8, e=0xbfeabea4) at kernel/qapplication.cpp:2635 #21 0xb7431d79 in QApplication::notify (this=0xbfeac470, receiver=0x81055e8, e=0xbfeabea4) at kernel/qapplication.cpp:2421 #22 0xb7dfce6e in KApplication::notify (this=0xbfeac470, receiver=0x81055e8, event=0xbfeabea4) at /home/sid-user/kdelibs/kdelibs-3.5.5/./kdecore/kapplication.cpp:550 #23 0xb73c3445 in QApplication::sendSpontaneousEvent (receiver=0x81055e8, event=0xbfeabea4) at kernel/qapplication.h:523 #24 0xb73c20df in QETWidget::translateMouseEvent (this=0x81055e8, event=0xbfeac2d8) at kernel/qapplication_x11.cpp:4301 #25 0xb73c0660 in QApplication::x11ProcessEvent (this=0xbfeac470, event=0xbfeac2d8) at kernel/qapplication_x11.cpp:3478 #26 0xb73d6cb2 in QEventLoop::processEvents (this=0x808fd58, flags=4) at kernel/qeventloop_x11.cpp:192 #27 0xb744a129 in QEventLoop::enterLoop (this=0x808fd58) at kernel/qeventloop.cpp:198 #28 0xb7449f4a in QEventLoop::exec (this=0x808fd58) at kernel/qeventloop.cpp:145 #29 0xb743176f in QApplication::exec (this=0xbfeac470) at kernel/qapplication.cpp:2758 #30 0x08054bac in main (argc=) at /tmp/buildd/kdegames-3.5.5/build-tree/kdegames-3.5.5/knetwalk/src/main.cpp:70 #31 0xb6dfdea8 in __libc_start_main () from /lib/tls/i686/cmov/libc.so.6 #32 0x0804fc51 in _start () at ../sysdeps/i386/elf/start.S:119