Bug 202292

Summary: Crash in Qt drag&drop code
Product: [Applications] ark Reporter: Octavian Voicu <octavian.voicu>
Component: generalAssignee: Harald Hvaal <metellius>
Status: RESOLVED DUPLICATE    
Severity: crash CC: andresbajotierra, markotahal, rakuco
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Unlisted Binaries   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Octavian Voicu 2009-08-02 14:37:07 UTC 
Application that crashed: ark
Version of the application: 2.13
KDE Version: 4.2.98 (KDE 4.2.98 (KDE 4.3 RC3))
Qt Version: 4.5.0
Operating System: Linux 2.6.28-14-generic x86_64
Distribution: Ubuntu 9.04

What I was doing when the application crashed:
I was drag&dropping a file from the ark window while alt+tabbing. After alt+tabbing server times (while keeping the mouse button pressed), the crash occured.

 -- Backtrace:
Application: Ark (ark), signal: Segmentation fault
[KCrash Handler]
#5  0x00007f098de76c8f in QWidget::testAttribute_helper (this=0x1cd35a0, attribute=Qt::WA_Hover) at kernel/qwidget.cpp:9905
#6  0x00007f098de3c1c4 in QApplication::notify (this=<value optimized out>, receiver=<value optimized out>, e=0x7fff98455170) at ../../include/QtGui/../../src/gui/kernel/qwidget.h:997
#7  0x00007f098f26b71b in KApplication::notify (this=0x7fff98458040, receiver=0x1cd35a0, event=0x7fff98455170) at /build/buildd/kde4libs-4.2.98a/kdeui/kernel/kapplication.cpp:302
#8  0x00007f098d27975c in QCoreApplication::notifyInternal (this=0x7fff98458040, receiver=0x1cd35a0, event=0x7fff98455170) at kernel/qcoreapplication.cpp:602
#9  0x00007f098de3b328 in QApplicationPrivate::sendMouseEvent (receiver=0x1cd35a0, event=0x7fff98455170, alienWidget=0x0, nativeWidget=0x1cd35a0, buttonDown=<value optimized out>, 
    lastMouseReceiver=@0x7f098e897eb0) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:216
#10 0x00007f098dea4e19 in QETWidget::translateMouseEvent (this=0x1cd35a0, event=<value optimized out>) at kernel/qapplication_x11.cpp:4425
#11 0x00007f098dea3a88 in QApplication::x11ProcessEvent (this=0x7fff98458040, event=0x7fff98455cb0) at kernel/qapplication_x11.cpp:3543
#12 0x00007f098decc464 in x11EventSourceDispatch (s=0x1ca2cc0, callback=0, user_data=0x0) at kernel/qguieventdispatcher_glib.cpp:146
#13 0x00007f098917220a in IA__g_main_context_dispatch (context=0x1ca1920) at /build/buildd/glib2.0-2.20.1/glib/gmain.c:1814
#14 0x00007f09891758e0 in g_main_context_iterate (context=0x1ca1920, block=1, dispatch=1, self=<value optimized out>) at /build/buildd/glib2.0-2.20.1/glib/gmain.c:2448
#15 0x00007f0989175a7c in IA__g_main_context_iteration (context=0x1ca1920, may_block=1) at /build/buildd/glib2.0-2.20.1/glib/gmain.c:2511
#16 0x00007f098d2a2e6f in QEventDispatcherGlib::processEvents (this=0x1c83b50, flags=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:323
#17 0x00007f098decbbef in QGuiEventDispatcherGlib::processEvents (this=0x1cd35a0, flags=<value optimized out>) at kernel/qguieventdispatcher_glib.cpp:202
#18 0x00007f098d278002 in QEventLoop::processEvents (this=<value optimized out>, flags={i = -1740284000}) at kernel/qeventloop.cpp:149
#19 0x00007f098d2783cd in QEventLoop::exec (this=0x287a4f0, flags={i = -1740283856}) at kernel/qeventloop.cpp:200
#20 0x00007f098deb455b in QDragManager::drag (this=0x2cb57e0, o=<value optimized out>) at kernel/qdnd_x11.cpp:1952
#21 0x00007f098de461a8 in QDrag::exec (this=0x20574c0, supportedActions={i = -1740283392}, defaultDropAction=Qt::CopyAction) at kernel/qdrag.cpp:282
#22 0x00007f098e3515ee in QAbstractItemView::startDrag (this=0x1da77b0, supportedActions={i = -1740283232}) at itemviews/qabstractitemview.cpp:3189
#23 0x00007f0985198301 in ?? () from /usr/lib/kde4/libarkpart.so
#24 0x00007f098e34e9f7 in QAbstractItemView::mouseMoveEvent (this=0x1da77b0, event=0x7fff98457120) at itemviews/qabstractitemview.cpp:1547
#25 0x00007f098de84768 in QWidget::event (this=0x1da77b0, event=0x7fff98457120) at kernel/qwidget.cpp:7501
#26 0x00007f098e21e40b in QFrame::event (this=0x1da77b0, e=0x7fff98457120) at widgets/qframe.cpp:559
#27 0x00007f098e3532bd in QAbstractItemView::viewportEvent (this=0x1da77b0, event=0x7fff98457120) at itemviews/qabstractitemview.cpp:1466
#28 0x00007f098e389ef0 in QTreeView::viewportEvent (this=0x1da77b0, event=0x7fff98457120) at itemviews/qtreeview.cpp:1257
#29 0x00007f098d278a68 in QCoreApplicationPrivate::sendThroughObjectEventFilters (this=<value optimized out>, receiver=0x1dac4a0, event=0x7fff98457120) at kernel/qcoreapplication.cpp:718
#30 0x00007f098de3375c in QApplicationPrivate::notify_helper (this=0x1c9f040, receiver=0x1dac4a0, e=0x7fff98457120) at kernel/qapplication.cpp:4080
#31 0x00007f098de3c0da in QApplication::notify (this=<value optimized out>, receiver=0x1dac4a0, e=0x7fff98457120) at kernel/qapplication.cpp:3786
#32 0x00007f098f26b71b in KApplication::notify (this=0x7fff98458040, receiver=0x1dac4a0, event=0x7fff98457120) at /build/buildd/kde4libs-4.2.98a/kdeui/kernel/kapplication.cpp:302
#33 0x00007f098d27975c in QCoreApplication::notifyInternal (this=0x7fff98458040, receiver=0x1dac4a0, event=0x7fff98457120) at kernel/qcoreapplication.cpp:602
#34 0x00007f098de3b328 in QApplicationPrivate::sendMouseEvent (receiver=0x1dac4a0, event=0x7fff98457120, alienWidget=0x1dac4a0, nativeWidget=0x1d68bd0, buttonDown=<value optimized out>, 
    lastMouseReceiver=@0x7f098e897eb0) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:216
#35 0x00007f098dea4e19 in QETWidget::translateMouseEvent (this=0x1d68bd0, event=<value optimized out>) at kernel/qapplication_x11.cpp:4425
#36 0x00007f098dea3a88 in QApplication::x11ProcessEvent (this=0x7fff98458040, event=0x7fff98457c60) at kernel/qapplication_x11.cpp:3543
#37 0x00007f098decc464 in x11EventSourceDispatch (s=0x1ca2cc0, callback=0, user_data=0x0) at kernel/qguieventdispatcher_glib.cpp:146
#38 0x00007f098917220a in IA__g_main_context_dispatch (context=0x1ca1920) at /build/buildd/glib2.0-2.20.1/glib/gmain.c:1814
#39 0x00007f09891758e0 in g_main_context_iterate (context=0x1ca1920, block=1, dispatch=1, self=<value optimized out>) at /build/buildd/glib2.0-2.20.1/glib/gmain.c:2448
#40 0x00007f0989175a7c in IA__g_main_context_iteration (context=0x1ca1920, may_block=1) at /build/buildd/glib2.0-2.20.1/glib/gmain.c:2511
#41 0x00007f098d2a2e6f in QEventDispatcherGlib::processEvents (this=0x1c83b50, flags=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:323
#42 0x00007f098decbbef in QGuiEventDispatcherGlib::processEvents (this=0x1cd35a0, flags=<value optimized out>) at kernel/qguieventdispatcher_glib.cpp:202
#43 0x00007f098d278002 in QEventLoop::processEvents (this=<value optimized out>, flags={i = -1740275888}) at kernel/qeventloop.cpp:149
#44 0x00007f098d2783cd in QEventLoop::exec (this=0x7fff98457f90, flags={i = -1740275808}) at kernel/qeventloop.cpp:200
#45 0x00007f098d27a694 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:880
#46 0x0000000000409bc0 in _start ()

This bug may be a duplicate of or related to bug 195478

Reported using DrKonqi
Comment 1 Dario Andres 2009-08-02 18:05:14 UTC 
Are you using Desktop Compositing/ Effects ?
This is probably related to bug 200583 / bug 192270.
Thanks
Comment 2 Mark 2009-08-02 18:28:35 UTC 
i can reproduce this bug too.
kde 4.3, archlinux, kernel 2.6.30.4, Qt 4.5.2

steps to reproduce: 
open an archive in Ark, select file and drag it, then you must alt+tab(!?) somewhere, then drop it and ark crashes.
Comment 3 Raphael Kubo da Costa 2009-08-02 18:30:18 UTC 
Please confirm if you have desktop effects enabled.
Comment 4 Mark 2009-08-02 18:32:45 UTC 
yes, i have compositing + desk effects (flip switch) on
Comment 5 Mark 2009-08-02 18:49:33 UTC 
ok, i give up :) 
i was trying to proof its connected with desktop effects/compositing..
did some tests: 
1: my default- effects+composit. on --crashes
2: no effects -- no crash
3: compos. off -- no crashes
//
finally
4: both on: -- no crashes! ( :( )

Please someone else test. 

I suspect if it might be sth w/ memory/buffers??
Comment 6 Dario Andres 2009-08-02 18:56:40 UTC 
Merging with bug 200583.
@Marek: thanks for your findings.
Comment 7 Raphael Kubo da Costa 2009-08-02 18:57:37 UTC 
Thanks for your replies.

This looks like a duplicate of bug 200583, so I'm marking it as such. Since it has happened at least to Ark and Dolphin, the issue seems to be a bit lower in the stack.

*** This bug has been marked as a duplicate of bug 200583 ***
Comment 8 Octavian Voicu 2009-08-03 02:16:38 UTC 
I also have compositing+desktop effects enabled and use cover switch. Bug doesn't occur with no effects, so it's somehow caused by the switching effect.
Comment 9 Octavian Voicu 2009-08-04 09:15:24 UTC 
Steps to reliably reproduce the bug:

1. Activate composting + Cover Switch effect
2. Open an archive with Ark
3. Start dragging a file from the Ark window and keep the button pressed
4. Press Alt and keep it pressed
5. Tap the Alt key until the Ark window is just to the left of the central window in the Cover Switch effect (you should have at least 3-4 open windows on current desktop)
6. Move mouse in the center of the Ark window, while still keeping the mouse button and Alt key pressed
7. Release the Alt key and *immediately* drag the mouse upwards; Ark should crash

Something similar can be used to cause a crash for the Flip Switch effect. Other effects seem unaffected (probably because they don't really move windows).
Comment 10 Raphael Kubo da Costa 2009-08-04 14:19:15 UTC 
Octavian, can you please post these steps on the page for bug 192270? This bug and some others have been marked as duplicates of it, so all comments and patches related to this issue should be reported there in order to be likely to be read. 

Thanks for your work on this.
Comment 11 Octavian Voicu 2009-08-06 21:44:49 UTC 
I still have doubts that this bug is identical to bug 192270, although they are caused by the same actions. The stack trace is quite different. The following analysis only applies to the stack trace in this bug.

Recompiled libQtGui with debug enabled, executed ark through gdb and reproduced the bug. Some commands in gdb:

#0  0x00007f1f6d5cb4af in QWidget::testAttribute_helper (this=0xa8a240, attribute=Qt::WA_Hover) at kernel/qwidget.cpp:9976
9976        const int int_off = x / (8*sizeof(uint));
9977        return (d->high_attributes[int_off] & (1<<(x-(int_off*8*sizeof(uint)))));
(gdb) print *this
$4 = {<QObject> = {_vptr.QObject = 0x13a2f60, static staticMetaObject = {d = {superdata = 0x0, stringdata = 0x7f1f6ca9f8c0 "QObject", data = 0x7f1f6ca9f960,
        extradata = 0x7f1f6ccf4040}}, d_ptr = 0x10, static staticQtMetaObject = {d = {superdata = 0x0, stringdata = 0x7f1f6caa9140 "Qt", data = 0x7f1f6caac020,
        extradata = 0x0}}}, <QPaintDevice> = {_vptr.QPaintDevice = 0xa8a25a, painters = 9856}, static staticMetaObject = {d = {superdata = 0x7f1f6ccf4020,
      stringdata = 0x7f1f6dbb6ea0 "QWidget", data = 0x7f1f6dbb7340, extradata = 0x0}}, data = 0x6e006100480064}

As you can see above, the widget (this) has an invalid d_ptr (0x10) so that accessing d->high_attributes (d is an alias for d_ptr, I think) yields a SEGV.

I'm still researching how d_ptr got to be invalid. The widget comes from here:

#5  0x00007f1f6d5f9b19 in QETWidget::translateMouseEvent (this=0xa8a240, event=<value optimized out>) at kernel/qapplication_x11.cpp:4409

QWidget *widget = QApplicationPrivate::pickMouseReceiver(this, globalPos, pos, type, buttons, qt_button_down, alienWidget);

// ...

QApplicationPrivate::sendMouseEvent(widget, &e, alienWidget, this, &qt_button_down, qt_last_mouse_receiver);


This is the point that is common to both stack traces (for this bug and for the duplicate one), so the cause must be here or somewhere higher up the stack.