Bug 232584

Summary: crash on save scrollback output
Product: [Applications] konsole Reporter: Will Stephenson <wstephenson>
Component: generalAssignee: Konsole Developer <konsole-devel>
Status: RESOLVED FIXED    
Severity: crash    
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Unspecified   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Will Stephenson 2010-03-29 15:20:41 UTC 
Version:            (using Devel)
Installed from:    Compiled sources

Symptom: Konsole crashes when using Scrollback->Save Output...
Valgrind output below...

Application: Konsole (kdeinit4), signal: Segmentation fault
[KCrash Handler]
#7  0xb31f69b2 in Konsole::SaveHistoryTask::jobResult (this=0x883d958, job=0x8b171b8) at /space/kde/sources/trunk/KDE/kdebase/apps/konsole/src/SessionController.cpp:1400
#8  0xb31f7aaa in Konsole::SaveHistoryTask::qt_metacall (this=0x883d958, _c=InvokeMetaMethod, _id=1, _a=0xbfc8fab8) at /space/kde/builds/trunk/KDE/kdebase/apps/konsole/src/SessionController.moc:333
#9  0xb6ef2cbd in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) () from /usr/lib/libQtCore.so.4
#10 0xb6f023a3 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib/libQtCore.so.4
#11 0xb71730d4 in KJob::result (this=0x8b171b8, _t1=0x8b171b8) at /space/kde/builds/trunk/KDE/kdelibs/kdecore/kjob.moc:194
#12 0xb71726e3 in KJob::emitResult (this=0x8b171b8) at /space/kde/sources/trunk/KDE/kdelibs/kdecore/jobs/kjob.cpp:312
#13 0xb57749c9 in KIO::SimpleJob::slotFinished (this=0x8b171b8) at /space/kde/sources/trunk/KDE/kdelibs/kio/kio/job.cpp:491
#14 0xb57778ae in KIO::TransferJob::slotFinished (this=0x8b171b8) at /space/kde/sources/trunk/KDE/kdelibs/kio/kio/job.cpp:1064
#15 0xb577ea72 in KIO::TransferJob::qt_metacall (this=0x8b171b8, _c=InvokeMetaMethod, _id=7, _a=0xbfc8fd4c) at /space/kde/builds/trunk/KDE/kdelibs/kio/jobclasses.moc:367
#16 0xb6ef2cbd in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) () from /usr/lib/libQtCore.so.4
#17 0xb6f023a3 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib/libQtCore.so.4
#18 0xb5838b57 in KIO::SlaveInterface::finished (this=0x8b0af40) at /space/kde/builds/trunk/KDE/kdelibs/kio/slaveinterface.moc:171
#19 0xb5836444 in KIO::SlaveInterface::dispatch (this=0x8b0af40, _cmd=104, rawdata=...) at /space/kde/sources/trunk/KDE/kdelibs/kio/kio/slaveinterface.cpp:175
#20 0xb58360e6 in KIO::SlaveInterface::dispatch (this=0x8b0af40) at /space/kde/sources/trunk/KDE/kdelibs/kio/kio/slaveinterface.cpp:91
#21 0xb582c4aa in KIO::Slave::gotInput (this=0x8b0af40) at /space/kde/sources/trunk/KDE/kdelibs/kio/kio/slave.cpp:344
#22 0xb582d576 in KIO::Slave::qt_metacall (this=0x8b0af40, _c=InvokeMetaMethod, _id=2, _a=0xbfc8fffc) at /space/kde/builds/trunk/KDE/kdelibs/kio/slave.moc:82
#23 0xb6ef2cbd in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) () from /usr/lib/libQtCore.so.4
#24 0xb6f023a3 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib/libQtCore.so.4
#25 0xb5746131 in KIO::Connection::readyRead (this=0x8800198) at /space/kde/builds/trunk/KDE/kdelibs/kio/connection.moc:92
#26 0xb5742a51 in KIO::ConnectionPrivate::dequeue (this=0x8b30bf8) at /space/kde/sources/trunk/KDE/kdelibs/kio/kio/connection.cpp:82
#27 0xb57460be in KIO::Connection::qt_metacall (this=0x8800198, _c=InvokeMetaMethod, _id=1, _a=0x8775fa8) at /space/kde/builds/trunk/KDE/kdelibs/kio/connection.moc:79
#28 0xb6ef2cbd in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) () from /usr/lib/libQtCore.so.4
#29 0xb6efca35 in QMetaCallEvent::placeMetaCall(QObject*) () from /usr/lib/libQtCore.so.4
#30 0xb6effa6f in QObject::event(QEvent*) () from /usr/lib/libQtCore.so.4
#31 0xb63d6634 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4
#32 0xb63daa27 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4
#33 0xb7626f00 in KApplication::notify (this=0xbfc90898, receiver=0x8800198, event=0x8e7e6c8) at /space/kde/sources/trunk/KDE/kdelibs/kdeui/kernel/kapplication.cpp:302
#34 0xb6eeccae in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/libQtCore.so.4
#35 0xb6ef07e8 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/lib/libQtCore.so.4
#36 0xb6ef09ac in QCoreApplication::sendPostedEvents(QObject*, int) () from /usr/lib/libQtCore.so.4
#37 0xb6f188fd in ?? () from /usr/lib/libQtCore.so.4
#38 0xb5c8a739 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#39 0xb5c8af40 in ?? () from /usr/lib/libglib-2.0.so.0
#40 0xb5c8b1ea in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#41 0xb6f18e2b in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#42 0xb64860ba in ?? () from /usr/lib/libQtGui.so.4
#43 0xb6eebf4d in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#44 0xb6eec199 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#45 0xb6ef0a80 in QCoreApplication::exec() () from /usr/lib/libQtCore.so.4
#46 0xb63d3b64 in QApplication::exec() () from /usr/lib/libQtGui.so.4
#47 0xb545e677 in kdemain (argc=3, argv=0x809d880) at /space/kde/sources/trunk/KDE/kdebase/apps/konsole/src/main.cpp:77
#48 0x0804d7b8 in launch (argc=3, _name=0x809e02c "/space/kde/installs/trunk/bin/konsole", args=0x809e093 "", cwd=0x0, envc=0, envs=0x809e097 "", reset_env=false, tty=0x0, avoid_loops=false, 
    startup_id_str=0x805247f "0") at /space/kde/sources/trunk/KDE/kdelibs/kinit/kinit.cpp:722
#49 0x0804e84d in handle_launcher_request (sock=8, who=0x8052718 "launcher") at /space/kde/sources/trunk/KDE/kdelibs/kinit/kinit.cpp:1214
#50 0x0804ef8e in handle_requests (waitForPid=0) at /space/kde/sources/trunk/KDE/kdelibs/kinit/kinit.cpp:1407
#51 0x0805046f in main (argc=4, argv=0xbfc90f74, envp=0xbfc90f88) at /space/kde/sources/trunk/KDE/kdelibs/kinit/kinit.cpp:1855

Pertinent valgrind logs:

==30351== Invalid read of size 4
==30351==    at 0x40DF9A5: Konsole::SaveHistoryTask::jobResult(KJob*) (SessionController.cpp:1400)
==30351==    by 0x40E0AA9: Konsole::SaveHistoryTask::qt_metacall(QMetaObject::Call, int, void**) (SessionController.moc:333)
==30351==    by 0x4DE1CBC: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) (in /usr/lib/libQtCore.so.4.6.2)
==30351==    by 0x4DF13A2: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/libQtCore.so.4.6.2)
==30351==    by 0x4AFB0D3: KJob::result(KJob*) (kjob.moc:194)
==30351==    by 0x4AFA6E2: KJob::emitResult() (kjob.cpp:312)
==30351==    by 0x424E9C8: KIO::SimpleJob::slotFinished() (job.cpp:491)
==30351==    by 0x42518AD: KIO::TransferJob::slotFinished() (job.cpp:1064)
==30351==    by 0x4258A71: KIO::TransferJob::qt_metacall(QMetaObject::Call, int, void**) (jobclasses.moc:367)
==30351==    by 0x4DE1CBC: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) (in /usr/lib/libQtCore.so.4.6.2)
==30351==    by 0x4DF13A2: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/libQtCore.so.4.6.2)
==30351==    by 0x4312B56: KIO::SlaveInterface::finished() (slaveinterface.moc:171)
==30351==  Address 0x68fefb4 is 20 bytes inside a block of size 24 free'd
==30351==    at 0x4026996: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==30351==    by 0x4CDB95A: qFree(void*) (in /usr/lib/libQtCore.so.4.6.2)
==30351==    by 0x40E1A02: QHash<KJob*, Konsole::SaveHistoryTask::SaveJob>::remove(KJob* const&) (qhash.h:790)
==30351==    by 0x40DF9A1: Konsole::SaveHistoryTask::jobResult(KJob*) (SessionController.cpp:1398)
==30351==    by 0x40E0AA9: Konsole::SaveHistoryTask::qt_metacall(QMetaObject::Call, int, void**) (SessionController.moc:333)
==30351==    by 0x4DE1CBC: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) (in /usr/lib/libQtCore.so.4.6.2)
==30351==    by 0x4DF13A2: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/libQtCore.so.4.6.2)
==30351==    by 0x4AFB0D3: KJob::result(KJob*) (kjob.moc:194)
==30351==    by 0x4AFA6E2: KJob::emitResult() (kjob.cpp:312)
==30351==    by 0x424E9C8: KIO::SimpleJob::slotFinished() (job.cpp:491)
==30351==    by 0x42518AD: KIO::TransferJob::slotFinished() (job.cpp:1064)
==30351==    by 0x4258A71: KIO::TransferJob::qt_metacall(QMetaObject::Call, int, void**) (jobclasses.moc:367)
==30351== Invalid read of size 4
==30351==    at 0x40DF9AF: Konsole::SaveHistoryTask::jobResult(KJob*) (SessionController.cpp:1400)
==30351==    by 0x40E0AA9: Konsole::SaveHistoryTask::qt_metacall(QMetaObject::Call, int, void**) (SessionController.moc:333)
==30351==    by 0x4DE1CBC: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) (in /usr/lib/libQtCore.so.4.6.2)
==30351==    by 0x4DF13A2: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/libQtCore.so.4.6.2)
==30351==    by 0x4AFB0D3: KJob::result(KJob*) (kjob.moc:194)
==30351==    by 0x4AFA6E2: KJob::emitResult() (kjob.cpp:312)
==30351==    by 0x424E9C8: KIO::SimpleJob::slotFinished() (job.cpp:491)
==30351==    by 0x42518AD: KIO::TransferJob::slotFinished() (job.cpp:1064)
==30351==    by 0x4258A71: KIO::TransferJob::qt_metacall(QMetaObject::Call, int, void**) (jobclasses.moc:367)
==30351==    by 0x4DE1CBC: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) (in /usr/lib/libQtCore.so.4.6.2)
==30351==    by 0x4DF13A2: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/libQtCore.so.4.6.2)
==30351==    by 0x4312B56: KIO::SlaveInterface::finished() (slaveinterface.moc:171)
==30351==  Address 0x68fefb4 is 20 bytes inside a block of size 24 free'd
==30351==    at 0x4026996: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==30351==    by 0x4CDB95A: qFree(void*) (in /usr/lib/libQtCore.so.4.6.2)
==30351==    by 0x40E1A02: QHash<KJob*, Konsole::SaveHistoryTask::SaveJob>::remove(KJob* const&) (qhash.h:790)
==30351==    by 0x40DF9A1: Konsole::SaveHistoryTask::jobResult(KJob*) (SessionController.cpp:1398)
==30351==    by 0x40E0AA9: Konsole::SaveHistoryTask::qt_metacall(QMetaObject::Call, int, void**) (SessionController.moc:333)
==30351==    by 0x4DE1CBC: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) (in /usr/lib/libQtCore.so.4.6.2)
==30351==    by 0x4DF13A2: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/libQtCore.so.4.6.2)
==30351==    by 0x4AFB0D3: KJob::result(KJob*) (kjob.moc:194)
==30351==    by 0x4AFA6E2: KJob::emitResult() (kjob.cpp:312)
==30351==    by 0x424E9C8: KIO::SimpleJob::slotFinished() (job.cpp:491)
==30351==    by 0x42518AD: KIO::TransferJob::slotFinished() (job.cpp:1064)
==30351==    by 0x4258A71: KIO::TransferJob::qt_metacall(QMetaObject::Call, int, void**) (jobclasses.moc:367)
==30351== 
==30351== Invalid read of size 4
==30351==    at 0x40DF9BC: Konsole::SaveHistoryTask::jobResult(KJob*) (SessionController.cpp:1400)
==30351==    by 0x40E0AA9: Konsole::SaveHistoryTask::qt_metacall(QMetaObject::Call, int, void**) (SessionController.moc:333)
==30351==    by 0x4DE1CBC: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) (in /usr/lib/libQtCore.so.4.6.2)
==30351==    by 0x4DF13A2: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/libQtCore.so.4.6.2)
==30351==    by 0x4AFB0D3: KJob::result(KJob*) (kjob.moc:194)
==30351==    by 0x4AFA6E2: KJob::emitResult() (kjob.cpp:312)
==30351==    by 0x424E9C8: KIO::SimpleJob::slotFinished() (job.cpp:491)
==30351==    by 0x42518AD: KIO::TransferJob::slotFinished() (job.cpp:1064)
==30351==    by 0x4258A71: KIO::TransferJob::qt_metacall(QMetaObject::Call, int, void**) (jobclasses.moc:367)
==30351==    by 0x4DE1CBC: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) (in /usr/lib/libQtCore.so.4.6.2)
==30351==    by 0x4DF13A2: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/libQtCore.so.4.6.2)
==30351==    by 0x4312B56: KIO::SlaveInterface::finished() (slaveinterface.moc:171)
==30351==  Address 0x68fefb4 is 20 bytes inside a block of size 24 free'd
==30351==    at 0x4026996: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==30351==    by 0x4CDB95A: qFree(void*) (in /usr/lib/libQtCore.so.4.6.2)
==30351==    by 0x40E1A02: QHash<KJob*, Konsole::SaveHistoryTask::SaveJob>::remove(KJob* const&) (qhash.h:790)
==30351==    by 0x40DF9A1: Konsole::SaveHistoryTask::jobResult(KJob*) (SessionController.cpp:1398)
==30351==    by 0x40E0AA9: Konsole::SaveHistoryTask::qt_metacall(QMetaObject::Call, int, void**) (SessionController.moc:333)
==30351==    by 0x4DE1CBC: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) (in /usr/lib/libQtCore.so.4.6.2)
==30351==    by 0x4DF13A2: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/libQtCore.so.4.6.2)
==30351==    by 0x4AFB0D3: KJob::result(KJob*) (kjob.moc:194)
==30351==    by 0x4AFA6E2: KJob::emitResult() (kjob.cpp:312)
==30351==    by 0x424E9C8: KIO::SimpleJob::slotFinished() (job.cpp:491)
==30351==    by 0x42518AD: KIO::TransferJob::slotFinished() (job.cpp:1064)
==30351==    by 0x4258A71: KIO::TransferJob::qt_metacall(QMetaObject::Call, int, void**) (jobclasses.moc:367)
==30351==
Comment 1 Will Stephenson 2010-03-29 15:24:59 UTC 
SVN commit 1108633 by wstephens:

Don't crash when saving session data; don't use a reference to a freed
object.
BUG: 232584


 M  +2 -2      SessionController.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1108633
Comment 2 Kurt Hindenburg 2010-04-15 05:30:52 UTC 
SVN commit 1114971 by hindenburg:

Don't crash when saving session data; don't use a reference to a freed object.

CCBUG: 232584


 M  +2 -2      SessionController.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1114971