Summary: | Dolphin crashed when creating a new tab | ||
---|---|---|---|
Product: | [Applications] dolphin | Reporter: | jde3 <rtavenar> |
Component: | general | Assignee: | Peter Penz <peter.penz19> |
Status: | RESOLVED UPSTREAM | ||
Severity: | crash | CC: | aaaantoine, anavarrog, andrei.panfilov, andresbajotierra, bastien.jansen, benedikt.haus, carlosmacapuna, eljefedelito, frank78ac, kde, pdezac-linux, pragalathanm, romain.pub, victorvictorvictor, volodya, xia_nai |
Priority: | NOR | ||
Version: | 16.12.2 | ||
Target Milestone: | --- | ||
Platform: | Ubuntu | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: | ||
Attachments: | Qt-only test case |
Description
jde3
2009-08-06 10:24:55 UTC
Thanks for the bug report! I guess you're using Qt 4.5.2 (run dolphin --version from Konsole to check)? The backtrace looks like it's related to the changes in QTabBar's tab moving code in Qt 4.5.2 that led to bug 198075 (related to middle-clicking tabs, now fixed). I can't try to reproduce because I'm not at home right now. I don't have much time during the next few days, but I'll try to look into this for KDE 4.3.1. > I guess you're using Qt 4.5.2
Yes I am. Thanks for trying to fix it !
I can't reproduce using KDE 4.3.0/Qt 4.5.2 and trunk rev. 1007432/Qt 4.5.2 from kde-qt. 1. Can you reproduce this crash every time you double click the empty area to the right of the tabs? If you need a particular number or kind of tabs to reproduce, it would help if you could provide detailed steps (starting with opening Dolphin) which lead to this this crash. 2. It might also help if you could provide a more detailed backtrace (frames #9-14, which could provide some information about what's going wrong, are missing). If you install the kdelibs debugging info using sudo apt-get install kdelibs5-dbg and reproduce the crash, you should get a better backtrace. Thanks for you help! Here is exactly what I did to get the new bug report : 1- I installed kdelibs5-dbg (I thought it was already installed, sorry for that) 2- I started Dolphin 3- I entered Ctrl+T to get a new tab 4- I double-clicked next to the new tab, it created another one without crashing 5- I double-clicked next to the new tab once again, this time it crashed and gave me the following report : Application: Dolphin (dolphin), signal: Segmentation fault [KCrash Handler] #6 0xb6dd5bb7 in QTabBarPrivate::_q_moveTabFinished (this=0x8a3a6e0, index=3) at widgets/qtabbar.cpp:1847 #7 0xb6dd672f in QTabBarPrivate::refresh (this=0x8a3a6e0) at widgets/qtabbar.cpp:667 #8 0xb6dd6eea in QTabBar::setTabText (this=0x8aac9b0, index=3, text=@0xbfb993c0) at widgets/qtabbar.cpp:961 #9 0xb76edd87 in KAcceleratorManagerPrivate::calculateAccelerators (item=0x957fe10, used=@0xbfb99404) at /build/buildd/kde4libs-4.3.0/kdeui/shortcuts/kacceleratormanager.cpp:229 #10 0xb76efe67 in KAcceleratorManagerPrivate::manage (widget=0x88af5b8) at /build/buildd/kde4libs-4.3.0/kdeui/shortcuts/kacceleratormanager.cpp:192 #11 0xb76eff64 in KAcceleratorManager::manage (widget=0x88af5b8, programmers_mode=false) at /build/buildd/kde4libs-4.3.0/kdeui/shortcuts/kacceleratormanager.cpp:505 #12 0xb76f1198 in KCheckAccelerators::checkAccelerators (this=0x88ac218, automatic=true) at /build/buildd/kde4libs-4.3.0/kdeui/shortcuts/kcheckaccelerators.cpp:243 #13 0xb76f152a in KCheckAccelerators::autoCheckSlot (this=0x88ac218) at /build/buildd/kde4libs-4.3.0/kdeui/shortcuts/kcheckaccelerators.cpp:197 #14 0xb76f160b in KCheckAccelerators::qt_metacall (this=0x88ac218, _c=QMetaObject::InvokeMetaMethod, _id=0, _a=0xbfb99588) at /build/buildd/kde4libs-4.3.0/obj-i486-linux-gnu/kdeui/kcheckaccelerators.moc:68 #15 0xb67511b8 in QMetaObject::activate (sender=0x88ac22c, from_signal_index=4, to_signal_index=4, argv=0x0) at kernel/qobject.cpp:3113 #16 0xb6751e42 in QMetaObject::activate (sender=0x88ac22c, m=0xb682e904, local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3187 #17 0xb678d687 in QTimer::timeout (this=0x88ac22c) at .moc/release-shared/moc_qtimer.cpp:128 #18 0xb67575ce in QTimer::timerEvent (this=0x88ac22c, e=0xbfb99a0c) at kernel/qtimer.cpp:261 #19 0xb674c16f in QObject::event (this=0x88ac22c, e=0xbfb99a0c) at kernel/qobject.cpp:1075 #20 0xb6952d3c in QApplicationPrivate::notify_helper (this=0x8845610, receiver=0x88ac22c, e=0xbfb99a0c) at kernel/qapplication.cpp:4056 #21 0xb695b03e in QApplication::notify (this=0xbfb99ca4, receiver=0x88ac22c, e=0xbfb99a0c) at kernel/qapplication.cpp:3603 #22 0xb76975cd in KApplication::notify (this=0xbfb99ca4, receiver=0x88ac22c, event=0xbfb99a0c) at /build/buildd/kde4libs-4.3.0/kdeui/kernel/kapplication.cpp:302 #23 0xb673bbcb in QCoreApplication::notifyInternal (this=0xbfb99ca4, receiver=0x88ac22c, event=0xbfb99a0c) at kernel/qcoreapplication.cpp:610 #24 0xb676ad51 in QTimerInfoList::activateTimers (this=0x883df34) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:213 #25 0xb67673a0 in timerSourceDispatch (source=0x883df00) at kernel/qeventdispatcher_glib.cpp:165 #26 0xb5eb8b88 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #27 0xb5ebc0eb in ?? () from /usr/lib/libglib-2.0.so.0 #28 0xb5ebc268 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0 #29 0xb67672f8 in QEventDispatcherGlib::processEvents (this=0x881cd10, flags={i = -1078355064}) at kernel/qeventdispatcher_glib.cpp:327 #30 0xb69f4a75 in QGuiEventDispatcherGlib::processEvents (this=0x881cd10, flags={i = -1078355016}) at kernel/qguieventdispatcher_glib.cpp:202 #31 0xb673a1fa in QEventLoop::processEvents (this=0xbfb99c30, flags={i = -1078354952}) at kernel/qeventloop.cpp:149 #32 0xb673a642 in QEventLoop::exec (this=0xbfb99c30, flags={i = -1078354888}) at kernel/qeventloop.cpp:201 #33 0xb673cae9 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:888 #34 0xb6952bb7 in QApplication::exec () at kernel/qapplication.cpp:3525 #35 0x0807aa4f in _start () Hope this helps... Thanks for the update! It seems that the crash happens while new keyboard shortcuts for the tabs are generated - a new shortcut requires a new tab title. The problem is that QTabBar incorrectly thinks that an unfinished tab move operation is in progress. It tries to finish it before changing the title, and QTabBarPrivate dereferences its movingTab member which is a null pointer because the move operation never really started. The next question would be why QTabBar thinks that a tab is moving. The cause must be different from the one of bug 198075, but I'm clueless at the moment what it could be :-( You could do two more little things, maybe they could help: 1. After either step 3 or step 4 from your comment 4, change the order of the tabs by clicking a tab and dragging it to a new position. If proceeding to step 5 does not crash Dolphin in that case, it would confirm my analysis. 2. Maybe it's got something to do with the tab names because the keyboard shortcuts depend on them. Could you tell us what name the tabs have (probably your user name)? Thanks! *** Bug 203401 has been marked as a duplicate of this bug. *** For your first point : the problem is that it does not allways crash on creating the 4th tab, so this is not easy to reproduce the bug exactly using drag-and-drop in the middle. I tryied drag-and-drop and saw no crash, but maybe it would not have crashed even without drag-and-drop, I don't know. About the second point, all my tabs are called "rtavenar". Hope this helps. Thanks for the update! I've reproduced the crash now in trunk. It seems that the window width is important - I only get the crash if the window is so narrow that the empty area at the right of the tab bar is about as wide (or maybe a bit smaller) than the already openened tabs. I did some more investigation yesterday: When double-clicking the empty area in the tab bar, 5 events are generated: mouse press, mouse release, mouse double click (which opens the new tab), mouse press, and mouse release. The double-click event also starts a timer in KCheckAccelerators which happens to expire just between the last press and release events and which calls KCheckAccelerators::autoCheckSlot which in turn assigns keyboard shortcuts to the tabs and changes the tab titles accordingly. The problem is that the last press event occurs when the new tab is already there, such that it appears that a tab has been clicked, and QTabBarPrivate's pressedIndex contains the new tab's index, such that QTabBar thinks that a tab move operation is just beginning. If a mouse release would be the next event, everything would be fine, but a tab title change which tries to finish the not-fully-started tab move operation leads to a crash. IMHO, this is a Qt bug: changing a tab title between a mouse press event and a mouse release event in the tab bar should not lead to a crash. I'm away for a couple of days at the moment, but I'll look a bit more into this next week. I think it should be possible to come up with a simple Qt-only test case, and the fix inside QTabBar should be straightforward (just check that QTabBarPrivate's movingTab member is not 0 before dereferencing it). *** Bug 205225 has been marked as a duplicate of this bug. *** Created attachment 36473 [details]
Qt-only test case
It turns out that tab title changes between a mouse press and a mouse release event do not always lead to a crash - it only crashes if a double-click event is involved.
I've filed a merge request for Qt: http://qt.gitorious.org/qt/qt/merge_requests/1337 I'm not sure if my proposed patch is the preferred way to fix this (there are other possibilities as well), but I hope that at least the reduced test case and the unit test will help a bit :-) My patch was accepted for Qt 4.6.0: http://qt.gitorious.org/qt/qt/commit/8ac7e812604d24fcbf28132a611d3b3e06120349 I'll close this report :-) The fix is now also backported to the Qt 4.5 branch, which means that upgrading Qt to any version after Qt 4.5.2 should fix this crash: http://qt.gitorious.org/qt/qt/commit/b42b00a36b5b48bffcbccc9b1c7ecafa89b4e18e Great, thanks Frank! *** Bug 205980 has been marked as a duplicate of this bug. *** *** Bug 207469 has been marked as a duplicate of this bug. *** *** Bug 207564 has been marked as a duplicate of this bug. *** *** Bug 207938 has been marked as a duplicate of this bug. *** *** Bug 206335 has been marked as a duplicate of this bug. *** *** Bug 208803 has been marked as a duplicate of this bug. *** *** Bug 215263 has been marked as a duplicate of this bug. *** *** Bug 215277 has been marked as a duplicate of this bug. *** *** Bug 214812 has been marked as a duplicate of this bug. *** @Frank: can you check if bug 214243 and bug 203889 could be the same as this ? Thanks *** Bug 214243 has been marked as a duplicate of this bug. *** *** Bug 203889 has been marked as a duplicate of this bug. *** (In reply to comment #25) > @Frank: can you check if bug 214243 and bug 203889 could be the same as this ? > Thanks Yes, they are. The way the crash was triggered seems different in these reports, but the root cause is the same. Thanks for the hint! *** Bug 218181 has been marked as a duplicate of this bug. *** *** Bug 221046 has been marked as a duplicate of this bug. *** *** Bug 223640 has been marked as a duplicate of this bug. *** |