Bug 233377

Summary:	Crash after right click in the terminal area [detach, QList<QWidget>::removeAll, QWidget::removeAction, Konsole::SessionController::showDisplayContextMenu]
Product:	[Applications] konsole	Reporter:	auxsvr
Component:	general	Assignee:	Konsole Developer <konsole-devel>
Status:	RESOLVED FIXED
Severity:	crash	CC:	adaptee, andresbajotierra, chaos.proton, francesco.cecconi, grgoffe, jamel.maison, lorek123, maxposedon, moilinki, p.giarrusso, peter, roger.rotge, stephan.menzel
Priority:	NOR
Version:	unspecified
Target Milestone:	---
Platform:	openSUSE
OS:	Linux
Latest Commit:		Version Fixed In:	4.8
Attachments:	New crash information added by DrKonqi New crash information added by DrKonqi patch for kde 4.6 fix for kde 4.7

Description auxsvr 2010-04-05 18:10:59 UTC

Version:            (using KDE 4.4.1)
Compiler:          gcc (SUSE Linux) 4.4.1 [gcc-4_4-branch revision 150839] 
OS:                Linux
Installed from:    openSUSE RPMs

My konsole is opened by session management, and displays 7 shells. After some hours of use, I accidentally right-clicked in the terminal area, probably moved the pointer a bit and rotated the scroll-wheel, and konsole crashed. Unfortunately, I cannot reproduce this. Here's the backtrace:

Application: Konsole (kdeinit4), signal: Segmentation fault
[KCrash Handler]
#6  operator!= (value=1, this=0x150f0f0f) at ../../src/corelib/thread/qbasicatomic.h:75
#7  detachShared (value=1, this=0x150f0f0f) at ../../src/corelib/tools/qlist.h:127
#8  QList<QWidget*>::removeAll (value=1, this=0x150f0f0f) at ../../src/corelib/tools/qlist.h:662
#9  0xb613a02b in QWidget::removeAction (this=0x8fa2608, action=0x8e4e550) at kernel/qwidget.cpp:3014
#10 0xb2acda2c in Konsole::SessionController::showDisplayContextMenu(QPoint const&) () from /usr/lib/libkonsoleprivate.so
#11 0xb2ad1228 in Konsole::SessionController::qt_metacall(QMetaObject::Call, int, void**) () from /usr/lib/libkonsoleprivate.so
#12 0xb6baf9ad in QMetaObject::metacall (object=0x818e258, cl=InvokeMetaMethod, idx=39, argv=0xbff10928) at kernel/qmetaobject.cpp:237
#13 0xb6bbf0d3 in QMetaObject::activate (sender=0x82ffe88, m=0xb2b2a29c, local_signal_index=4, argv=0xbff10928) at kernel/qobject.cpp:3293
#14 0xb2ae5565 in Konsole::TerminalDisplay::configureRequest(QPoint const&) () from /usr/lib/libkonsoleprivate.so
#15 0xb2ae8d0f in Konsole::TerminalDisplay::mousePressEvent(QMouseEvent*) () from /usr/lib/libkonsoleprivate.so
#16 0xb6142464 in QWidget::event (this=0x82ffe88, event=0xbff10fd4) at kernel/qwidget.cpp:7994
#17 0xb2ae56eb in Konsole::TerminalDisplay::event(QEvent*) () from /usr/lib/libkonsoleprivate.so
#18 0xb60e9644 in QApplicationPrivate::notify_helper (this=0x80a6298, receiver=0x82ffe88, e=0xbff10fd4) at kernel/qapplication.cpp:4300
#19 0xb60ee580 in QApplication::notify (this=0xbff10cec, receiver=0x82ffe88, e=0xbff10fd4) at kernel/qapplication.cpp:3865
#20 0xb6df0c51 in KApplication::notify(QObject*, QEvent*) () from /usr/lib/libkdeui.so.5
#21 0xb6ba998e in QCoreApplication::notifyInternal (this=0xbff116b4, receiver=0x82ffe88, event=0xbff10fd4) at kernel/qcoreapplication.cpp:704
#22 0xb60ea64c in sendEvent (event=<value optimized out>, receiver=<value optimized out>) at ../../src/corelib/kernel/qcoreapplication.h:215
#23 QApplicationPrivate::sendMouseEvent (event=<value optimized out>, receiver=<value optimized out>) at kernel/qapplication.cpp:2965
#24 0xb617180c in QETWidget::translateMouseEvent (this=0x8118f98, event=0xbff114ec) at kernel/qapplication_x11.cpp:4368
#25 0xb6170a47 in QApplication::x11ProcessEvent (this=0xbff116b4, event=0xbff114ec) at kernel/qapplication_x11.cpp:3379
#26 0xb6199e6b in QEventDispatcherX11::processEvents (this=0x805f320, flags=...) at kernel/qeventdispatcher_x11.cpp:132
#27 0xb6ba8c2d in QEventLoop::processEvents (this=0xbff11614, flags=...) at kernel/qeventloop.cpp:149
#28 0xb6ba8e79 in QEventLoop::exec (this=0xbff11614, flags=...) at kernel/qeventloop.cpp:201
#29 0xb6bad760 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:981
#30 0xb60e6b84 in QApplication::exec () at kernel/qapplication.cpp:3579
#31 0xb2b944fb in kdemain () from /usr/lib/libkdeinit4_konsole.so
#32 0x0804e101 in _start ()

Comment 1 auxsvr 2010-05-24 19:10:47 UTC

This just occurred in KDE 4.4.3.

Comment 2 Christoph Feck 2010-11-09 17:36:35 UTC

*** Bug 254450 has been marked as a duplicate of this bug. ***

Comment 3 Christoph Feck 2010-11-09 17:38:21 UTC

*** Bug 238244 has been marked as a duplicate of this bug. ***

Comment 4 Christoph Feck 2010-11-09 17:39:05 UTC

*** Bug 235697 has been marked as a duplicate of this bug. ***

Comment 5 Peter Wu 2011-01-25 15:59:51 UTC

Created attachment 56420 [details]
New crash information added by DrKonqi

konsole (2.5) on KDE Platform 4.5.1 (KDE 4.5.1) using Qt 4.7.0

- What I was doing when the application crashed:

While I've several tabs open, I accidentally scrolled over the tabs with a contextmenu from the terminal area open which caused an unexpected crash.

Steps to reproduce:
1. Open at least two terminal tabs.
2. Open a contextmenu by rightclicking in the terminal area.
3. Scroll on the tabs with the contextmenu open.
4. Konsole crashes

-- Backtrace (Reduced):
#6  operator!= (this=0x1d27d90, action=0x1bd7ef0) at ../../include/QtCore/../../src/corelib/thread/qbasicatomic.h:75
#7  detachShared (this=0x1d27d90, action=0x1bd7ef0) at ../../include/QtCore/../../src/corelib/tools/qlist.h:131
#8  removeAll (this=0x1d27d90, action=0x1bd7ef0) at ../../include/QtCore/../../src/corelib/tools/qlist.h:757
#9  QWidget::removeAction (this=0x1d27d90, action=0x1bd7ef0) at kernel/qwidget.cpp:3167
#10 0x00007f87e10b437a in Konsole::SessionController::showDisplayContextMenu (this=0x1735c30, position=<value optimized out>) at ../../../../apps/konsole/src/SessionController.cpp:1086

Comment 6 Stephan Menzel 2011-03-21 11:52:34 UTC

Created attachment 58208 [details]
New crash information added by DrKonqi

konsole (2.6.1) on KDE Platform 4.6.1 (4.6.1) using Qt 4.7.2

- What I was doing when the application crashed:

Same thing as the original poster. I guess it could have even been 7 shells. Load was about 5.
Very. 
Very.
Very inconvenient indeed.

-- Backtrace (Reduced):
#7  0x00007f4fc7d28be2 in Konsole::SessionController::showDisplayContextMenu (this=0x1b6aad0, position=<value optimized out>) at /var/tmp/portage/kde-base/konsole-4.6.1/work/konsole-4.6.1/konsole/src/SessionController.cpp:1088
#8  0x00007f4fc7d2d851 in Konsole::SessionController::qt_metacall (this=0x1b6aad0, _c=QMetaObject::InvokeMetaMethod, _id=28, _a=0x7fff0f2b64c0) at /var/tmp/portage/kde-base/konsole-4.6.1/work/konsole-4.6.1_build/konsole/src/SessionController.moc:175
[...]
#10 0x00007f4fc7d41d73 in Konsole::TerminalDisplay::configureRequest (this=<value optimized out>, _t1=<value optimized out>) at /var/tmp/portage/kde-base/konsole-4.6.1/work/konsole-4.6.1_build/konsole/src/TerminalDisplay.moc:191
#11 0x00007f4fc7d43c7f in Konsole::TerminalDisplay::mousePressEvent (this=0x1bb1600, ev=0x7fff0f2b6fc0) at /var/tmp/portage/kde-base/konsole-4.6.1/work/konsole-4.6.1/konsole/src/TerminalDisplay.cpp:1756
#12 0x00007f4fd80fdab5 in QWidget::event (this=0x1bb1600, event=0x7fff0f2b6fc0) at kernel/qwidget.cpp:8255

Comment 7 Dario Andres 2011-04-22 22:58:15 UTC

[Comment from a bug triager]
From bug 271180 (KDE SC 4.6.2):
-- Information about the crash:
I was trying to run the KDE wiget Easy SSH Connection and it closes before I
can see the error. I right clicked on the window before it closed in the hopes
of keeping it open when Konsole crashed.

Comment 8 Christoph Feck 2011-04-23 17:49:15 UTC

*** Bug 271180 has been marked as a duplicate of this bug. ***

Comment 9 Kurt Hindenburg 2011-04-24 17:26:05 UTC

I can't reproduce on my KDE 4.6.2/3/trunk.  When the context menu open, when I scroll middle button, the menu just closes.

Comment 10 Jekyll Wu 2011-08-15 09:05:53 UTC

*** Bug 273334 has been marked as a duplicate of this bug. ***

Comment 11 Jekyll Wu 2011-08-15 09:19:30 UTC

I can reproduce this each time with konsole-2.7.999, by following the steps in comment #5.

The step 3 in comment #5 is not described very clearly. In that step, 'Scroll' means (while context menu is still open) moving mouse above tab bar and using mouse wheel to switch active tab, not scrolling above the terminal display or context menu.

Comment 12 Francesco Cecconi 2011-09-03 12:27:12 UTC

Created attachment 63353 [details]
patch for kde 4.6

Comment 13 Francesco Cecconi 2011-09-03 12:27:37 UTC

Created attachment 63354 [details]
fix for kde 4.7

Comment 14 Francesco Cecconi 2011-09-03 12:29:11 UTC

Hi,

these patches [1] [2] fix the bug in kde 4.6 and 4.7

[1]: https://bugs.kde.org/attachment.cgi?id=63353
[2]: https://bugs.kde.org/attachment.cgi?id=63354

Best Regards,
Francesco

Comment 15 Francesco Cecconi 2011-09-03 12:49:13 UTC

sorry the patch [2] is for the master branch, but for 4.7 is the same problem.

Comment 16 Jekyll Wu 2011-09-04 10:10:40 UTC

(In reply to comment #15)
> 

Francesco, your patch does fix this crash, but it also causes regression. 

For example, move mouse above an URL and invoke context menu, the context menu contains action for opening this URL. Then move the mouse above some normal text and invoke context menu again, the context menu still contains the action for opening URL.

Those commented 3 lines are supposed to do something useful. Simply commenting them is not the right fix.

Thanks for your help, anyway.

Comment 17 Francesco Cecconi 2011-09-04 13:29:21 UTC

(In reply to comment #16)
> (In reply to comment #15)
> > 
> 
> Francesco, your patch does fix this crash, but it also causes regression. 
> 
> For example, move mouse above an URL and invoke context menu, the context menu
> contains action for opening this URL. Then move the mouse above some normal
> text and invoke context menu again, the context menu still contains the action
> for opening URL.

> 
> Those commented 3 lines are supposed to do something useful. Simply commenting
> them is not the right fix.

The problem is that, the "popoup" isn't usable after switch tab with mouse wheel and the call popup->removeAction(action), crash the application.

But my path is not a right fix :)

> 
> Thanks for your help, anyway.

Best Regards.

Comment 18 Jekyll Wu 2011-09-05 21:49:57 UTC

Git commit 0f89f1bba96163ab5dd37ab974927b5566439d36 by Jekyll Wu.
Committed on 05/09/2011 at 22:12.
Pushed by jekyllwu into branch 'master'.

Check the validity of context menu after it gets closed.

The patch is from Francesco Cecconi <francesco.cecconi@gmail.com>,
with slight modification by committer.

BUG: 233377
FIXED-in : 4.8

M  +14   -6    src/SessionController.cpp

http://commits.kde.org/konsole/0f89f1bba96163ab5dd37ab974927b5566439d36

Comment 19 Grissiom 2011-09-06 12:42:08 UTC

Actually, that commit will not delete contentSeparator if popup menu got destroyed early. Thus cause a memory leak. I think the right thing is connect QMenu's destroy signal to that cleanup codes. But to achieve that, I think we need to pass contentActions to that function. That will lead to ugly code I think.

Is there a way to use lambda function in this situation? ;P

Comment 20 Francesco Cecconi 2011-09-06 15:20:37 UTC

Hi Grissom,

when popup menu is distroyed "early" all action are cleared correctly included contentAction and contentSeparator.

I have monitored contentSeparator with QSharedPointer.

Comment 21 Kurt Hindenburg 2011-09-15 15:36:58 UTC

Git commit 000f84299c00e782dda75244d5daf35e1c88794c by Kurt Hindenburg, on behalf of Jekyll Wu.
Committed on 05/09/2011 at 22:12.
Pushed by hindenburg into branch 'KDE/4.7'.

Check the validity of context menu after it gets closed.

The patch is from Francesco Cecconi <francesco.cecconi@gmail.com>,
with slight modification by committer.

BUG: 233377
FIXED-in : 4.8
(cherry picked from commit 0f89f1bba96163ab5dd37ab974927b5566439d36)

M  +14   -6    src/SessionController.cpp

http://commits.kde.org/konsole/000f84299c00e782dda75244d5daf35e1c88794c

Comment 22 Jekyll Wu 2011-10-14 06:26:08 UTC

*** Bug 283962 has been marked as a duplicate of this bug. ***

Comment 23 Jekyll Wu 2011-12-25 03:15:34 UTC

*** Bug 289652 has been marked as a duplicate of this bug. ***