Bug 160728

Summary: Krdc crashes when remote VNC server is killed
Product: [Applications] krdc Reporter: Orion Poplawski <orion>
Component: generalAssignee: Urs Wolfer <uwolfer>
Status: RESOLVED FIXED    
Severity: crash CC: bga.lambert, gpothier, kde, mehulrajput, rdieter
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Fedora RPMs   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: Threading fixes

Description Orion Poplawski 2008-04-11 23:41:24 UTC
Version:            (using KDE 4.0.3)
Installed from:    Fedora RPMs
Compiler:          GCC 4.3,0 
OS:                Linux

Using Krdc to connect to a VNC server.  If I kill the remote VNC server, Krdc crashes with the following stack trace:

#0  0x03da0761 in QPixmap::fromImage (img=<value optimized out>,
    flags=<value optimized out>) at image/qpixmap_x11.cpp:1438
#1  0x03dc6993 in QPaintEngine::drawImage (this=Could not find the frame base for "QPaintEngine::drawImage(QRectF const&, QImage const&, QRectF const&, QFlags<Qt::ImageConversionFlag>)".
)
    at painting/qpaintengine.cpp:536
#2  0x03e4b299 in QX11PaintEngine::drawImage (this=<value optimized out>,
    r=<value optimized out>, image=<value optimized out>,
    sr=<value optimized out>, flags=Could not find the frame base for "QX11PaintEngine::drawImage(QRectF const&, QImage const&, QRectF const&, QFlags<Qt::ImageConversionFlag>)".
) at painting/qpaintengine_x11.cpp:1595
#3  0x03dd1fcb in QPainter::drawImage (this=<value optimized out>,
    targetRect=<value optimized out>, image=<value optimized out>,
    sourceRect=<value optimized out>, flags=Could not find the frame base for "QPainter::drawImage(QRectF const&, QImage const&, QRectF const&, QFlags<Qt::ImageConversionFlag>)".
) at painting/qpainter.cpp:4448
#4  0x08063f0d in _start ()
Comment 1 Urs Wolfer 2008-04-12 14:54:09 UTC
SVN commit 796055 by uwolfer:

Prevent painting an invalid image. Should hopefully fix a crash with drawImage().
BUG:160728

 M  +5 -0      vncview.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=796055
Comment 2 Kevin Kofler 2008-04-12 18:08:18 UTC
SVN commit 796115 by kkofler:

Prevent painting an invalid image. Should hopefully fix a crash with drawImage().
CCBUG:160728
(backport rev 796055 by uwolfer from trunk)

 M  +5 -0      vncview.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=796115
Comment 3 Orion Poplawski 2008-04-14 18:45:29 UTC
Still crashes for me.
Comment 4 Urs Wolfer 2008-04-16 23:19:54 UTC
From the backtrace I cannot see any point where KRDC is crashing... I assume it crashes when the remote screen gets painted, but not absolutely sure. Is that the full backtrace? Could you please test again? Probably it is also a bug in Qt, not sure yet.
Comment 5 Bram Schoenmakers 2008-06-22 00:53:45 UTC
Orion, could you try again as suggested in comment 4? Thanks in advance.
Comment 6 Urs Wolfer 2008-06-22 10:20:40 UTC
Okay, I have been able to reproduce this crash.

Application: KRDC (krdc), signal SIGSEGV
[Thread debugging using libthread_db enabled]
[New Thread 0xb60fe6d0 (LWP 5831)]
[KCrash handler]
#6  0xb64c9276 in memcpy () from /lib/libc.so.6
#7  0xb300a008 in ?? ()
#8  0xb69536d8 in QImage::copy () from /usr/lib/libQtGui.so.4
#9  0xb695885b in QImage::scaled () from /usr/lib/libQtGui.so.4
#10 0x0806bd09 in VncView::paintEvent (this=0x83dc098, event=0xbf81cefc)
    at /usr/include/QtGui/qimage.h:215
#11 0xb69021db in QWidget::event () from /usr/lib/libQtGui.so.4
#12 0xb68aad7c in QApplicationPrivate::notify_helper ()
   from /usr/lib/libQtGui.so.4
#13 0xb68b2b7a in QApplication::notify () from /usr/lib/libQtGui.so.4
#14 0xb7aac70d in KApplication::notify (this=0xbf81e3c0, receiver=0x83dc098, 
    event=0xbf81cefc)
    at /home/kde4/svn/KDE/kdelibs/kdeui/kernel/kapplication.cpp:311
#15 0xb7478b31 in QCoreApplication::notifyInternal ()
   from /usr/lib/libQtCore.so.4
#16 0xb690a8ce in ?? () from /usr/lib/libQtGui.so.4
#17 0xb6900bfe in QWidgetPrivate::drawWidget () from /usr/lib/libQtGui.so.4
#18 0xb6901328 in QWidgetPrivate::paintSiblingsRecursive ()
   from /usr/lib/libQtGui.so.4
#19 0xb6900878 in QWidgetPrivate::drawWidget () from /usr/lib/libQtGui.so.4
#20 0xb6901328 in QWidgetPrivate::paintSiblingsRecursive ()
   from /usr/lib/libQtGui.so.4
#21 0xb6900878 in QWidgetPrivate::drawWidget () from /usr/lib/libQtGui.so.4
#22 0xb6901328 in QWidgetPrivate::paintSiblingsRecursive ()
   from /usr/lib/libQtGui.so.4
#23 0xb6900878 in QWidgetPrivate::drawWidget () from /usr/lib/libQtGui.so.4
#24 0xb6901328 in QWidgetPrivate::paintSiblingsRecursive ()
   from /usr/lib/libQtGui.so.4
#25 0xb6900878 in QWidgetPrivate::drawWidget () from /usr/lib/libQtGui.so.4
#26 0xb6901328 in QWidgetPrivate::paintSiblingsRecursive ()
   from /usr/lib/libQtGui.so.4
#27 0xb690123a in QWidgetPrivate::paintSiblingsRecursive ()
   from /usr/lib/libQtGui.so.4
#28 0xb6900878 in QWidgetPrivate::drawWidget () from /usr/lib/libQtGui.so.4
#29 0xb6a5f8d7 in ?? () from /usr/lib/libQtGui.so.4
#30 0xb6a606e7 in ?? () from /usr/lib/libQtGui.so.4
#31 0xb6902006 in QWidget::event () from /usr/lib/libQtGui.so.4
#32 0xb6c41b07 in QMainWindow::event () from /usr/lib/libQtGui.so.4
#33 0xb7b7acb8 in KMainWindow::event (this=0x82e7fa0, ev=0x8535780)
    at /home/kde4/svn/KDE/kdelibs/kdeui/widgets/kmainwindow.cpp:1002
#34 0xb7bbdc3c in KXmlGuiWindow::event (this=0x82e7fa0, ev=0x8535780)
    at /home/kde4/svn/KDE/kdelibs/kdeui/xmlgui/kxmlguiwindow.cpp:122
#35 0xb68aad7c in QApplicationPrivate::notify_helper ()
   from /usr/lib/libQtGui.so.4
#36 0xb68b2b7a in QApplication::notify () from /usr/lib/libQtGui.so.4
#37 0xb7aac70d in KApplication::notify (this=0xbf81e3c0, receiver=0x82e7fa0, 
    event=0x8535780)
    at /home/kde4/svn/KDE/kdelibs/kdeui/kernel/kapplication.cpp:311
#38 0xb7478b31 in QCoreApplication::notifyInternal ()
   from /usr/lib/libQtCore.so.4
#39 0xb7479785 in QCoreApplicationPrivate::sendPostedEvents ()
   from /usr/lib/libQtCore.so.4
#40 0xb747999d in QCoreApplication::sendPostedEvents ()
   from /usr/lib/libQtCore.so.4
#41 0xb74a31cf in ?? () from /usr/lib/libQtCore.so.4
#42 0xb62daf88 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#43 0xb62de4eb in g_main_context_iterate () from /usr/lib/libglib-2.0.so.0
#44 0xb62de668 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#45 0xb74a2e18 in QEventDispatcherGlib::processEvents ()
   from /usr/lib/libQtCore.so.4
#46 0xb6941945 in ?? () from /usr/lib/libQtGui.so.4
#47 0xb747721a in QEventLoop::processEvents () from /usr/lib/libQtCore.so.4
#48 0xb74773da in QEventLoop::exec () from /usr/lib/libQtCore.so.4
#49 0xb7479a65 in QCoreApplication::exec () from /usr/lib/libQtCore.so.4
#50 0xb68aabf7 in QApplication::exec () from /usr/lib/libQtGui.so.4
#51 0x080818f5 in main (argc=1, argv=0xbf81e574)
    at /home/kde4/svn/KDE/kdenetwork/krdc/main.cpp:95
#0  0xb8004424 in __kernel_vsyscall ()
Comment 7 Urs Wolfer 2008-08-06 16:11:15 UTC
*** Bug 167520 has been marked as a duplicate of this bug. ***
Comment 8 Urs Wolfer 2008-08-06 16:11:25 UTC
*** Bug 167816 has been marked as a duplicate of this bug. ***
Comment 9 Urs Wolfer 2008-08-20 20:58:30 UTC
*** Bug 169313 has been marked as a duplicate of this bug. ***
Comment 10 Guillaume Pothier 2008-08-28 23:11:37 UTC
I just committed a fix to trunk that should fix this issue.
-----------
r854023 | gpothier | 2008-08-28 13:34:01 -0400 (Thu, 28 Aug 2008) | 20 lines                                                                         
                                                                                                                                                     
Fix concurrency issues. In particular this should fix crashes when a 
connection is closed either from krdc or from the server side.                                                                                       
Bug reporters, please check if you can still reproduce the crashes with this patch (this is for trunk, backporting to 4.1 in a few minutes).

Details:                                                                                                                                             
1- Disconnect signals from the client thread to the vncview when the latter is deleted. This Fixes a 100% repeatable crash that occurs when I close a vnc tab that is connected to an ubuntu machine running the vino vnc server (aka gnome desktop sharing)
2- Remove the buf global variable. I wasn't able to get a reproducible crash due only to this variable because of the above item, but getting rid of that variable is the sanest thing to do I think. 
Comment 11 enthalpie 2008-08-29 07:47:45 UTC
where can i find patch ?
Comment 12 Guillaume Pothier 2008-08-29 14:36:51 UTC
Created attachment 27124 [details]
Threading fixes

As described in the comments. This patch has been applied in trunk and 4.1 branch.
Comment 13 enthalpie 2008-08-29 16:19:40 UTC
OK 

so i which version thos patch will be available ?

actually version is 4.1.0.35.4 and i made 2 test (logout from session and stop serveur ) and this is fine no more problems, i come back in the krdc screen

fine

I still have a message when i type vnc url " dress is not whith the required form" but i can connect to serveur ?
url is vnc://192.168.1.99:0 
Comment 14 Guillaume Pothier 2008-08-29 17:03:07 UTC
The patch will be in 4.2 and in the next 4.1.x release (4.1.1 I think). What distribution do you use? As you don't exeprience the bug anymore, it might mean that they already included the fix in their packages? Although it seems a very short time frame to do that, as the patch was committed 1 or 2 days ago only.
Comment 15 enthalpie 2008-08-29 20:16:07 UTC
Hi

as i said but my English is not good I have tested with krdc 4.10.35.4 (from suse factory deposit) and the problem is solved for me

i ahve make 4 more tests since my last post

thank's
Comment 16 Urs Wolfer 2008-08-29 22:45:20 UTC
Applied a 2nd fix; after these two fixes this issue should be fixed.

SVN commit 854581 by uwolfer:

* Fix crash which happened when painting while thread deleted framebuffer (for example when VNC server closed connection).
* Replace some returns with asserts.
* Set correct debug areas where possible.