| Summary: | file open dialog crashes on paste/tree expanding | ||
|---|---|---|---|
| Product: | [Unmaintained] kio | Reporter: | Peter Oberndorfer <kumbayo84> |
| Component: | general | Assignee: | David Faure <faure> |
| Status: | RESOLVED FIXED | ||
| Severity: | crash | CC: | adawit, antholinux, arekm, barnendu.goswami, frank78ac, karim.daumal |
| Priority: | NOR | Keywords: | investigated |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Platform: | Compiled Sources | ||
| OS: | Unspecified | ||
| Latest Commit: | Version Fixed In: | 4.6.4 | |
| Sentry Crash Report: | |||
| Attachments: |
Add some debug output to KDirOperator::Private::_k_slotExpandToUrl(...)
Patch (including unit test) |
||
*** Bug 194666 has been marked as a duplicate of this bug. *** I can reproduce the crash in current trunk. Can reproduce on 4.5.4 (also in different form - https://bugs.kde.org/show_bug.cgi?id=260577) *** Bug 262181 has been marked as a duplicate of this bug. *** I cannot reproduce this crash though the steps to reproduce the problem seem to be missing a step. What exactly am I pasting into the "Name" box. It does not say to "Copy" something anywhere in the steps previous to that statement. Anyhow, some clarification would be nice or even better if anyone runs into this problem with the recent versions of KDE (v4.6 and up) ? Can anyone want to confirm this crash in the current trunk or KDE 4.7 beta 1 ? I personally cannot, but then again I did not clearly understand the instructions on how to reproduce... I can still reproduce the crash in today's master. I'll try to make the instructions a bit more detailed: 1. $ mkdir crash_test 2. $ touch crash_test/crash.txt 3. $ kwrite 4. File->Open (File open dialog starts in the current directory) 5. In the 'Name' line edit, enter '/', see the combo box open, and press backspace 6. Switch to the browser window showing this bug report 7. Mark the text 'crash_test/crash.txt' with the mouse 8. Go back to KWrite's file open dialog 9. Middle-click the 'Name' line edit to paste the text -> Crash (In reply to comment #7) > I can still reproduce the crash in today's master. I'll try to make the > instructions a bit more detailed: > > 1. $ mkdir crash_test > 2. $ touch crash_test/crash.txt > 3. $ kwrite > 4. File->Open (File open dialog starts in the current directory) > 5. In the 'Name' line edit, enter '/', see the combo box open, > and press backspace > 6. Switch to the browser window showing this bug report > 7. Mark the text 'crash_test/crash.txt' with the mouse > 8. Go back to KWrite's file open dialog > 9. Middle-click the 'Name' line edit to paste the text -> Crash Tried that multiple times and it does not crash here with today's master. Created attachment 60410 [details]
Add some debug output to KDirOperator::Private::_k_slotExpandToUrl(...)
The output I get just before the crash with this patch applied is:
kwrite(24307) KDirOperator::Private::_k_slotExpandToUrl: item: [KFileItem for KUrl("file:///home/kde-devel/tmp/crash_test/crash.txt") ]
kwrite(24307) KDirOperator::Private::_k_slotExpandToUrl: itemsToBeSetAsCurrent: (KUrl("file:///") , KUrl("file:///home/kde-devel/tmp/crash_test/crash.txt") , KUrl("file:///home/kde-devel/tmp/crash_test") )
kwrite(24307) KDirOperator::Private::_k_slotExpandToUrl: url: KUrl("file:///")
kwrite(24307) KDirOperator::Private::_k_slotExpandToUrl: _item: [null KFileItem]
The URL "file:///" had been appended to itemsToBeSetAsCurrent by KDirOperator::setCurrentItems(const QStringList& urls), but it cannot be found by the dir lister because it is not a subfolder of the folder which is shown in the dialog. This is why _item is a null KFileItem, and checking if it's a directory results in a crash.
Adding a null check for the file item fixes the crash for me (see below).
But I'm not sure if this is the best way - the KFileItem API docs don't mention that calling isDir() for a null KFileItem crashes the app. So one could also move the null check to KFileItem::isDir() (and other similar methods), or the API docs should explicitly mention the crash risk.
@David: Do you have an idea about this issue?
--- a/kfile/kdiroperator.cpp
+++ b/kfile/kdiroperator.cpp
@@ -2526,7 +2526,7 @@ void KDirOperator::Private::_k_slotExpandToUrl(const QModelIndex &index)
const KUrl url = *it;
if (url.isParentOf(item.url())) {
const KFileItem _item = dirLister->findByUrl(url);
- if (_item.isDir()) {
+ if (!_item.isNull() && _item.isDir()) {
const QModelIndex _index = dirModel->indexForItem(_item);
const QModelIndex _proxyIndex = proxyModel->mapFromSource(_index);
treeView->expand(_proxyIndex);
Created attachment 60412 [details]
Patch (including unit test)
I've added a unit test which might be useful no matter how the bug is fixed. I've verified that the test crashes with an unpatched KDirOperator and passes with the patch from my previous comment applied.
(In reply to comment #10) > So one could also move the null check to KFileItem::isDir() (and other similar methods), or the > API docs should explicitly mention the crash risk. Hm, when I investigated another bug 196695, I found out that null KFileItems are used for special purposes in various places, and just make isDir() return false for them could cause other problems in the long run. So the best idea I have so far is my patch from comment 10. Git commit 8b5c38c8d9fae85e002fae9f325277b5b200d44d by Frank Reininghaus. Committed on 28/05/2011 at 17:00. Pushed by freininghaus into branch 'master'. Fix crash in KDirOperator::Private::_k_slotExpandToUrl(...) When entering '/' in the 'Name' line of the file open dialog, pressing backspace and then pasting 'a/b', where a is a subfolder of the current folder and b a file in that folder, KDirOperator may crash because it accesses a null KFileItem. This commit fixes the crash. Unit test included. CCBUG: 187066 M +1 -1 kfile/kdiroperator.cpp M +22 -0 kfile/tests/kdiroperatortest.cpp http://commits.kde.org/kdelibs/8b5c38c8d9fae85e002fae9f325277b5b200d44d Git commit dd4ff99421fc0aa96d74bc616e64137c11862f20 by Frank Reininghaus. Committed on 28/05/2011 at 17:00. Pushed by freininghaus into branch 'KDE/4.6'. Fix crash in KDirOperator::Private::_k_slotExpandToUrl(...) When entering '/' in the 'Name' line of the file open dialog, pressing backspace and then pasting 'a/b', where a is a subfolder of the current folder and b a file in that folder, KDirOperator may crash because it accesses a null KFileItem. This commit fixes the crash. Unit test included. BUG: 187066 FIXED-IN: 4.6.4 (cherry picked from commit 8b5c38c8d9fae85e002fae9f325277b5b200d44d) M +1 -1 kfile/kdiroperator.cpp M +22 -0 kfile/tests/kdiroperatortest.cpp http://commits.kde.org/kdelibs/dd4ff99421fc0aa96d74bc616e64137c11862f20 *** Bug 260577 has been marked as a duplicate of this bug. *** *** Bug 275818 has been marked as a duplicate of this bug. *** |
Version: (using Devel) Installed from: Compiled sources How to reproduce: kde-devel@foo ~ $ mkdir crash_test kde-devel@foo ~ $ touch crash_test/crash.txt kde-devel@foo ~ $ kwrite File->Open -> File open dialog starts in the current directory enter '/' -> a popup with folders opens press backspace -> popup closes now use Ctrl-V or middle mouse button to paste 'crash_test/crash.txt' into the Name combobox -> crash Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xb60fd6d0 (LWP 18134)] 0xb7d3751f in KFileItem::isDir (this=0xbfe25c84) at /home/kde-devel/kde/src/kdelibs/kio/kio/kfileitem.cpp:958 958 if (d->m_fileMode == KFileItem::Unknown) { (gdb) bt #0 0xb7d3751f in KFileItem::isDir (this=0xbfe25c84) at /home/kde-devel/kde/src/kdelibs/kio/kio/kfileitem.cpp:958 #1 0xb47fb75b in KDirOperator::Private::_k_slotExpandToUrl (this=0x8318af8, index=@0x84a5b10) at /home/kde-devel/kde/src/kdelibs/kfile/kdiroperator.cpp:2509 #2 0xb4806148 in KDirOperator::qt_metacall (this=0x83228c0, _c=QMetaObject::InvokeMetaMethod, _id=69, _a=0xbfe25ddc) at /home/kde-devel/kde/build/kdelibs/kfile/kdiroperator.moc:253 #3 0xb6b9d0e6 in QMetaObject::activate (sender=0x8322898, from_signal_index=<value optimized out>, to_signal_index=20, argv=<value optimized out>) at kernel/qobject.cpp:3057 #4 0xb6b9d720 in QMetaObject::activate (sender=0x8322898, m=0xb7e8de04, local_signal_index=0, argv=0xbfe25ddc) at kernel/qobject.cpp:3134 #5 0xb7d22566 in KDirModel::expand (this=0x8322898, _t1=@0x84a5b10) at /home/kde-devel/kde/build/kdelibs/kio/kdirmodel.moc:94 #6 0xb7d26927 in KDirModelPrivate::_k_slotNewItems (this=0x8322920, directoryUrl=@0x84a5fc0, items=@0x84a5fc8) at /home/kde-devel/kde/src/kdelibs/kio/kio/kdirmodel.cpp:433 #7 0xb7d26a9f in KDirModel::qt_metacall (this=0x8322898, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0xbfe25fd8) at /home/kde-devel/kde/build/kdelibs/kio/kdirmodel.moc:78 #8 0xb6b9d0e6 in QMetaObject::activate (sender=0x8318d30, from_signal_index=<value optimized out>, to_signal_index=14, argv=<value optimized out>) at kernel/qobject.cpp:3057 #9 0xb6b9d720 in QMetaObject::activate (sender=0x8318d30, m=0xb7e8dc7c, local_signal_index=10, argv=0xbfe25fd8) at kernel/qobject.cpp:3134 #10 0xb7d098fb in KDirLister::itemsAdded (this=0x8318d30, _t1=@0x84a5fc0, _t2=@0x84a5fc8) at /home/kde-devel/kde/build/kdelibs/kio/kdirlister.moc:268 #11 0xb7d0afff in KDirLister::Private::emitItems (this=0x8322830) at /home/kde-devel/kde/src/kdelibs/kio/kio/kdirlister.cpp:2274 #12 0xb7d0fe09 in KDirListerCache::slotEntries (this=0x82f2b30, job=0x8387f68, entries=@0xbfe26434) at /home/kde-devel/kde/src/kdelibs/kio/kio/kdirlister.cpp:1089 #13 0xb7d1877a in KDirListerCache::qt_metacall (this=0x82f2b30, _c=QMetaObject::InvokeMetaMethod, _id=7, _a=0xbfe26218) at /home/kde-devel/kde/build/kdelibs/kio/kdirlister_p.moc:98 #14 0xb6b9d0e6 in QMetaObject::activate (sender=0x8387f68, from_signal_index=<value optimized out>, to_signal_index=40, argv=<value optimized out>) at kernel/qobject.cpp:3057 #15 0xb6b9d720 in QMetaObject::activate (sender=0x8387f68, m=0xb7e8cfe0, local_signal_index=0, argv=0xbfe26218) at kernel/qobject.cpp:3134 #16 0xb7ce60d3 in KIO::ListJob::entries (this=0x8387f68, _t1=0x8387f68, _t2=@0xbfe26434) at /home/kde-devel/kde/build/kdelibs/kio/jobclasses.moc:781 #17 0xb7cefd18 in KIO::ListJobPrivate::slotListEntries (this=0x84a5538, list=@0xbfe26434) at /home/kde-devel/kde/src/kdelibs/kio/kio/job.cpp:2347 #18 0xb7cf0074 in KIO::ListJob::qt_metacall (this=0x8387f68, _c=QMetaObject::InvokeMetaMethod, _id=6, _a=0xbfe2639c) at /home/kde-devel/kde/build/kdelibs/kio/jobclasses.moc:767 #19 0xb6b9d0e6 in QMetaObject::activate (sender=0x835c5e0, from_signal_index=<value optimized out>, to_signal_index=10, argv=<value optimized out>) at kernel/qobject.cpp:3057 #20 0xb6b9d720 in QMetaObject::activate (sender=0x835c5e0, m=0xb7e8fba4, local_signal_index=6, argv=0xbfe2639c) at kernel/qobject.cpp:3134 #21 0xb7da3496 in KIO::SlaveInterface::listEntries (this=0x835c5e0, _t1=@0xbfe26434) at /home/kde-devel/kde/build/kdelibs/kio/slaveinterface.moc:179 #22 0xb7da5383 in KIO::SlaveInterface::dispatch (this=0x835c5e0, _cmd=106, rawdata=@0xbfe26504) at /home/kde-devel/kde/src/kdelibs/kio/kio/slaveinterface.cpp:193 #23 0xb7da5e8d in KIO::SlaveInterface::dispatch (this=0x835c5e0) at /home/kde-devel/kde/src/kdelibs/kio/kio/slaveinterface.cpp:91 #24 0xb7d97618 in KIO::Slave::gotInput (this=0x835c5e0) at /home/kde-devel/kde/src/kdelibs/kio/kio/slave.cpp:322 #25 0xb7d98aa8 in KIO::Slave::qt_metacall (this=0x835c5e0, _c=QMetaObject::InvokeMetaMethod, _id=2, _a=0xbfe265f8) at /home/kde-devel/kde/build/kdelibs/kio/slave.moc:76 #26 0xb6b9d0e6 in QMetaObject::activate (sender=0x82eae88, from_signal_index=<value optimized out>, to_signal_index=4, argv=<value optimized out>) at kernel/qobject.cpp:3057 #27 0xb6b9d720 in QMetaObject::activate (sender=0x82eae88, m=0xb7e8c540, local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3134 #28 0xb7cb7bdf in KIO::Connection::readyRead (this=0x82eae88) at /home/kde-devel/kde/build/kdelibs/kio/connection.moc:86 #29 0xb7cb8c2b in KIO::ConnectionPrivate::dequeue (this=0x8339e90) at /home/kde-devel/kde/src/kdelibs/kio/kio/connection.cpp:82 #30 0xb7cb9b4d in KIO::Connection::qt_metacall (this=0x82eae88, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x843ab78) at /home/kde-devel/kde/build/kdelibs/kio/connection.moc:73 #31 0xb6b97185 in QMetaCallEvent::placeMetaCall (this=0x84a41b8, object=0x82eae88) at kernel/qobject.cpp:489 #32 0xb6b9952a in QObject::event (this=0x82eae88, e=0x84a41b8) at kernel/qobject.cpp:1106 #33 0xb6d65fb4 in QApplicationPrivate::notify_helper (this=0x8053438, receiver=0x82eae88, e=0x84a41b8) at kernel/qapplication.cpp:4084 #34 0xb6d6c9be in QApplication::notify (this=0xbfe27da8, receiver=0x82eae88, e=0x84a41b8) at kernel/qapplication.cpp:3631 #35 0xb793d56e in KApplication::notify (this=0xbfe27da8, receiver=0x82eae88, event=0x84a41b8) at /home/kde-devel/kde/src/kdelibs/kdeui/kernel/kapplication.cpp:309 #36 0xb6b887f6 in QCoreApplication::notifyInternal (this=0xbfe27da8, receiver=0x82eae88, event=0x84a41b8) at kernel/qcoreapplication.cpp:598 #37 0xb6b89a2b in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x804c320) at kernel/qcoreapplication.h:213 #38 0xb6b89ce7 in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at kernel/qcoreapplication.cpp:1132 #39 0xb6bb1cc5 in postEventSourceDispatch (s=0x8054f28) at kernel/qcoreapplication.h:218 #40 0xb63eddf5 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #41 0xb63f1089 in g_main_context_iterate () from /usr/lib/libglib-2.0.so.0 #42 0xb63f1586 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0 #43 0xb6bb2518 in QEventDispatcherGlib::processEvents (this=0x80533f8, flags=@0xbfe26cb8) at kernel/qeventdispatcher_glib.cpp:323 #44 0xb6df435d in QGuiEventDispatcherGlib::processEvents (this=0x80533f8, flags=@0xbfe26ce8) at kernel/qguieventdispatcher_glib.cpp:202 #45 0xb6b87b25 in QEventLoop::processEvents (this=0xbfe26d5c, flags=@0xbfe26d28) at kernel/qeventloop.cpp:149 #46 0xb6b87ca2 in QEventLoop::exec (this=0xbfe26d5c, flags=@0xbfe26d68) at kernel/qeventloop.cpp:196 #47 0xb7241c83 in QDialog::exec (this=0xbfe26da8) at dialogs/qdialog.cpp:498 #48 0xb7dde086 in KEncodingFileDialog::getOpenUrlsAndEncoding (encoding=@0x819e988, startDir=@0xbfe26e30, filter=@0xbfe26e2c, parent=0x80d5088, caption=@0xbfe26e28) at /home/kde-devel/kde/src/kdelibs/kio/kfile/kencodingfiledialog.cpp:162 #49 0xb7f19142 in KWrite::slotOpen (this=0x80d5088) at /home/kde-devel/kde/src/kdebase/apps/kwrite/kwritemain.cpp:267 #50 0xb7f192d2 in KWrite::qt_metacall (this=0x80d5088, _c=QMetaObject::InvokeMetaMethod, _id=2, _a=0xbfe26f3c) at /home/kde-devel/kde/build/kdebase/apps/kwrite/kwritemain.moc:104 #51 0xb6b9d0e6 in QMetaObject::activate (sender=0x8298078, from_signal_index=<value optimized out>, to_signal_index=6, argv=<value optimized out>) at kernel/qobject.cpp:3057 #52 0xb6b9d500 in QMetaObject::activate (sender=0x8298078, m=0xb7493bc8, from_local_signal_index=1, to_local_signal_index=2, argv=0xbfe26f3c) at kernel/qobject.cpp:3154 #53 0xb6d5f717 in QAction::triggered (this=0x8298078, _t1=false) at .moc/debug-shared/moc_qaction.cpp:236 #54 0xb6d6035c in QAction::activate (this=0x8298078, event=QAction::Trigger) at kernel/qaction.cpp:1160 #55 0xb71f8f88 in QToolButton::nextCheckState (this=0xbfe25c84) at ../../include/QtGui/../../src/gui/kernel/qaction.h:203 #56 0xb7126745 in QAbstractButtonPrivate::click (this=0x82bc8f0) at widgets/qabstractbutton.cpp:525 #57 0xb7126975 in QAbstractButton::mouseReleaseEvent (this=0x82ca588, e=0xbfe27620) at widgets/qabstractbutton.cpp:1115 #58 0xb71f9052 in QToolButton::mouseReleaseEvent (this=0x82ca588, e=0xbfe27620) at widgets/qtoolbutton.cpp:709 #59 0xb6db5073 in QWidget::event (this=0x82ca588, event=0xbfe27620) at kernel/qwidget.cpp:7516 #60 0xb71259e5 in QAbstractButton::event (this=0x82ca588, e=0xbfe25bd8) at widgets/qabstractbutton.cpp:1077 #61 0xb71fbd0a in QToolButton::event (this=0x82ca588, event=0xbfe27620) at widgets/qtoolbutton.cpp:1151 #62 0xb6d65fb4 in QApplicationPrivate::notify_helper (this=0x8053438, receiver=0x82ca588, e=0xbfe27620) at kernel/qapplication.cpp:4084 #63 0xb6d6cad9 in QApplication::notify (this=0xbfe27da8, receiver=0x82ca588, e=0xbfe27620) at kernel/qapplication.cpp:3786 #64 0xb793d56e in KApplication::notify (this=0xbfe27da8, receiver=0x82ca588, event=0xbfe27620) at /home/kde-devel/kde/src/kdelibs/kdeui/kernel/kapplication.cpp:309 #65 0xb6b887f6 in QCoreApplication::notifyInternal (this=0xbfe27da8, receiver=0x82ca588, event=0xbfe27620) at kernel/qcoreapplication.cpp:598 #66 0xb6d6c441 in QApplicationPrivate::sendMouseEvent (receiver=0x82ca588, event=0xbfe27620, alienWidget=0x82ca588, nativeWidget=0x80d5088, buttonDown=0xb74acae0, lastMouseReceiver=@0xb74acae4) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:216 #67 0xb6dcfb4e in QETWidget::translateMouseEvent (this=0x80d5088, event=0xbfe27a6c) at kernel/qapplication_x11.cpp:4425 #68 0xb6dcf026 in QApplication::x11ProcessEvent (this=0xbfe27da8, event=0xbfe27a6c) at kernel/qapplication_x11.cpp:3421 #69 0xb6df45ae in x11EventSourceDispatch (s=0x8056320, callback=0, user_data=0x0) at kernel/qguieventdispatcher_glib.cpp:146 #70 0xb63eddf5 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #71 0xb63f1089 in g_main_context_iterate () from /usr/lib/libglib-2.0.so.0 (gdb) print d $1 = {d = 0x0} (gdb) up #1 0xb47fb75b in KDirOperator::Private::_k_slotExpandToUrl (this=0x8318af8, index=@0x84a5b10) at /home/kde-devel/kde/src/kdelibs/kfile/kdiroperator.cpp:2509 2509 if (_item.isDir()) { (gdb) print _item $2 = {d = {d = 0x0}} (gdb) print url $3 = {<QUrl> = {d = 0x8387140}, d = 0x0} adding a kDebug() << "url:" << url; tells me url: KUrl("file:///")