Bug 262077

Summary: Crash while trying to select a range of dates in timeline view
Product: [Applications] digikam Reporter: Julien Narboux <Julien>
Component: ColorManagement-BackendAssignee: Digikam Developers <digikam-bugs-null>
Status: RESOLVED FIXED    
Severity: crash CC: andrew.i.coles, caulier.gilles, fisiu82, gimgimno0, Julien, lehis, philippe.quaglia, tcaswell, thcs2000
Priority: NOR    
Version: 2.0.0   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
Latest Commit: Version Fixed In: 2.3.0
Sentry Crash Report:
Attachments: New crash information added by DrKonqi
New crash information added by DrKonqi
New crash information added by DrKonqi

Description Julien Narboux 2011-01-04 14:46:54 UTC 
Application: digikam (2.0.0-beta1)
KDE Platform Version: 4.5.1 (KDE 4.5.1)
Qt Version: 4.7.0
Operating System: Linux 2.6.35-24-generic i686
Distribution: Ubuntu 10.10

-- Information about the crash:
- What I was doing when the application crashed:

I was trying to select a range of dates in the timeline view. 
The crash is not repducible every time, but if I do several selections, I can reproduce the crash.

-- Backtrace:
Application: digiKam (digikam), signal: Segmentation fault
[Current thread is 1 (Thread 0xb5a6fac0 (LWP 31719))]

Thread 12 (Thread 0xb3827b70 (LWP 31720)):
#0  0x00682416 in __kernel_vsyscall ()
#1  0x003184dc in pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/pthread_cond_wait.S:169
#2  0x036569c7 in wait (this=0x959b534, mutex=0x959b530, time=4294967295) at thread/qwaitcondition_unix.cpp:88
#3  QWaitCondition::wait (this=0x959b534, mutex=0x959b530, time=4294967295) at thread/qwaitcondition_unix.cpp:160
#4  0x082a28de in Digikam::ScanController::run (this=0x9554568) at /home/jnarboux/digikam-2.0.0-beta1/core/digikam/scancontroller.cpp:599
#5  0x03655df9 in QThreadPrivate::start (arg=0x9554568) at thread/qthread_unix.cpp:266
#6  0x00313cc9 in start_thread (arg=0xb3827b70) at pthread_create.c:304
#7  0x0158169e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

Thread 11 (Thread 0xb3026b70 (LWP 31728)):
#0  0x00682416 in __kernel_vsyscall ()
#1  0x003184dc in pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/pthread_cond_wait.S:169
#2  0x036569c7 in wait (this=0x99df178, mutex=0x99df174, time=4294967295) at thread/qwaitcondition_unix.cpp:88
#3  QWaitCondition::wait (this=0x99df178, mutex=0x99df174, time=4294967295) at thread/qwaitcondition_unix.cpp:160
#4  0x026740d3 in Digikam::ParkingThread::run (this=0x99df168) at /home/jnarboux/digikam-2.0.0-beta1/core/libs/threads/threadmanager.cpp:119
#5  0x03655df9 in QThreadPrivate::start (arg=0x99df168) at thread/qthread_unix.cpp:266
#6  0x00313cc9 in start_thread (arg=0xb3026b70) at pthread_create.c:304
#7  0x0158169e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

Thread 10 (Thread 0xb13b8b70 (LWP 31729)):
#0  0x00682416 in __kernel_vsyscall ()
#1  0x0158f0f3 in __lll_lock_wait_private () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/lowlevellock.S:95
#2  0x0152365f in _L_lock_9687 () from /lib/libc.so.6
#3  0x01521e56 in __libc_free (mem=0x9b393d8) at malloc.c:3736
#4  0x00d66441 in operator delete(void*) () from /usr/lib/libstdc++.so.6
#5  0x037870b5 in QEventDispatcherGlib::unregisterSocketNotifier (this=0x9b393c8, notifier=0xb13b816c) at kernel/qeventdispatcher_glib.cpp:496
#6  0x037751da in QSocketNotifier::setEnabled (this=0xfffffe00, enable=false) at kernel/qsocketnotifier.cpp:298
#7  0x03786a02 in socketNotifierSourceCheck (source=0x9b3b200) at kernel/qeventdispatcher_glib.cpp:92
#8  0x04db3b39 in g_main_context_check () from /lib/libglib-2.0.so.0
#9  0x04db445e in ?? () from /lib/libglib-2.0.so.0
#10 0x04db4848 in g_main_context_iteration () from /lib/libglib-2.0.so.0
#11 0x03786565 in QEventDispatcherGlib::processEvents (this=0x9b393c8, flags=...) at kernel/qeventdispatcher_glib.cpp:415
#12 0x03756609 in QEventLoop::processEvents (this=0xb13b8110, flags=) at kernel/qeventloop.cpp:149
#13 0x03756a8a in QEventLoop::exec (this=0xb13b8110, flags=...) at kernel/qeventloop.cpp:201
#14 0x03652b7e in QThread::exec (this=0x9b36700) at thread/qthread.cpp:490
#15 0x0373535b in QInotifyFileSystemWatcherEngine::run (this=0x9b36700) at io/qfilesystemwatcher_inotify.cpp:248
#16 0x03655df9 in QThreadPrivate::start (arg=0x9b36700) at thread/qthread_unix.cpp:266
#17 0x00313cc9 in start_thread (arg=0xb13b8b70) at pthread_create.c:304
#18 0x0158169e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

Thread 9 (Thread 0xaab86b70 (LWP 31730)):
#0  0x00682416 in __kernel_vsyscall ()
#1  0x00318884 in pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/pthread_cond_timedwait.S:236
#2  0x05a0fb3f in ?? () from /usr/lib/libxine.so.1
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

Thread 8 (Thread 0xa9f7ab70 (LWP 31731)):
#0  0x00682416 in __kernel_vsyscall ()
#1  0x0157a371 in select () at ../sysdeps/unix/syscall-template.S:82
#2  0x05a3bf1c in xine_usec_sleep () from /usr/lib/libxine.so.1
#3  0x00000000 in ?? ()

Thread 7 (Thread 0xa9779b70 (LWP 31732)):
#0  0x003163f4 in __pthread_mutex_lock (mutex=0xa0c46fc) at pthread_mutex_lock.c:62
#1  0x04db2412 in g_main_context_release () from /lib/libglib-2.0.so.0
#2  0x04db4473 in ?? () from /lib/libglib-2.0.so.0
#3  0x04db4848 in g_main_context_iteration () from /lib/libglib-2.0.so.0
#4  0x0378659f in QEventDispatcherGlib::processEvents (this=0xa0c4678, flags=...) at kernel/qeventdispatcher_glib.cpp:417
#5  0x03756609 in QEventLoop::processEvents (this=0xa9779100, flags=) at kernel/qeventloop.cpp:149
#6  0x03756a8a in QEventLoop::exec (this=0xa9779100, flags=...) at kernel/qeventloop.cpp:201
#7  0x03652b7e in QThread::exec (this=0xa0c4280) at thread/qthread.cpp:490
#8  0x059ac81a in ?? () from /usr/lib/qt4/plugins/phonon_backend/phonon_xine.so
#9  0x03655df9 in QThreadPrivate::start (arg=0xa0c4280) at thread/qthread_unix.cpp:266
#10 0x00313cc9 in start_thread (arg=0xa9779b70) at pthread_create.c:304
#11 0x0158169e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

Thread 6 (Thread 0xa8f78b70 (LWP 31733)):
#0  0x00682416 in __kernel_vsyscall ()
#1  0x01572df6 in __poll (fds=0x1609ff4, nfds=2, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:87
#2  0x00771562 in ?? () from /usr/lib/libpulse.so.0
#3  0x0075dab9 in pa_mainloop_poll () from /usr/lib/libpulse.so.0
#4  0x0075fa73 in pa_mainloop_iterate () from /usr/lib/libpulse.so.0
#5  0x0075fb44 in pa_mainloop_run () from /usr/lib/libpulse.so.0
#6  0x00771303 in ?? () from /usr/lib/libpulse.so.0
#7  0x021c4bd5 in ?? () from /usr/lib/libpulsecommon-0.9.21.so
#8  0x00313cc9 in start_thread (arg=0xa8f78b70) at pthread_create.c:304
#9  0x0158169e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

Thread 5 (Thread 0xa4776b70 (LWP 31734)):
#0  0x00682416 in __kernel_vsyscall ()
#1  0x003184dc in pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/pthread_cond_wait.S:169
#2  0x05a21b54 in ?? () from /usr/lib/libxine.so.1
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

Thread 4 (Thread 0x98d8eb70 (LWP 31800)):
#0  0x00682416 in __kernel_vsyscall ()
#1  0x0158f0f3 in __lll_lock_wait_private () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/lowlevellock.S:95
#2  0x0152365f in _L_lock_9687 () from /lib/libc.so.6
#3  0x01521e56 in __libc_free (mem=0xb7d80a0) at malloc.c:3736
#4  0x00d66441 in operator delete(void*) () from /usr/lib/libstdc++.so.6
#5  0x037870b5 in QEventDispatcherGlib::unregisterSocketNotifier (this=0xb9a2788, notifier=0x98d8e16c) at kernel/qeventdispatcher_glib.cpp:496
#6  0x037751da in QSocketNotifier::setEnabled (this=0xfffffe00, enable=false) at kernel/qsocketnotifier.cpp:298
#7  0x03786a02 in socketNotifierSourceCheck (source=0xc84fc98) at kernel/qeventdispatcher_glib.cpp:92
#8  0x04db3b39 in g_main_context_check () from /lib/libglib-2.0.so.0
#9  0x04db445e in ?? () from /lib/libglib-2.0.so.0
#10 0x04db4848 in g_main_context_iteration () from /lib/libglib-2.0.so.0
#11 0x03786565 in QEventDispatcherGlib::processEvents (this=0xb9a2788, flags=...) at kernel/qeventdispatcher_glib.cpp:415
#12 0x03756609 in QEventLoop::processEvents (this=0x98d8e110, flags=) at kernel/qeventloop.cpp:149
#13 0x03756a8a in QEventLoop::exec (this=0x98d8e110, flags=...) at kernel/qeventloop.cpp:201
#14 0x03652b7e in QThread::exec (this=0xb9c6728) at thread/qthread.cpp:490
#15 0x0373535b in QInotifyFileSystemWatcherEngine::run (this=0xb9c6728) at io/qfilesystemwatcher_inotify.cpp:248
#16 0x03655df9 in QThreadPrivate::start (arg=0xb9c6728) at thread/qthread_unix.cpp:266
#17 0x00313cc9 in start_thread (arg=0x98d8eb70) at pthread_create.c:304
#18 0x0158169e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

Thread 3 (Thread 0x96d8ab70 (LWP 31821)):
#0  0x00682416 in __kernel_vsyscall ()
#1  0x00318884 in pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/pthread_cond_timedwait.S:236
#2  0x0365694f in wait (this=0x99df524, mutex=0x99df520, time=30000) at thread/qwaitcondition_unix.cpp:86
#3  QWaitCondition::wait (this=0x99df524, mutex=0x99df520, time=30000) at thread/qwaitcondition_unix.cpp:160
#4  0x0364a5b3 in QThreadPoolThread::run (this=0xb7db478) at concurrent/qthreadpool.cpp:140
#5  0x03655df9 in QThreadPrivate::start (arg=0xb7db478) at thread/qthread_unix.cpp:266
#6  0x00313cc9 in start_thread (arg=0x96d8ab70) at pthread_create.c:304
#7  0x0158169e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

Thread 2 (Thread 0x9758bb70 (LWP 31858)):
#0  0x00682416 in __kernel_vsyscall ()
#1  0x00318884 in pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/pthread_cond_timedwait.S:236
#2  0x0365694f in wait (this=0x99df524, mutex=0x99df520, time=30000) at thread/qwaitcondition_unix.cpp:86
#3  QWaitCondition::wait (this=0x99df524, mutex=0x99df520, time=30000) at thread/qwaitcondition_unix.cpp:160
#4  0x0364a5b3 in QThreadPoolThread::run (this=0xb7dac68) at concurrent/qthreadpool.cpp:140
#5  0x03655df9 in QThreadPrivate::start (arg=0xb7dac68) at thread/qthread_unix.cpp:266
#6  0x00313cc9 in start_thread (arg=0x9758bb70) at pthread_create.c:304
#7  0x0158169e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

Thread 1 (Thread 0xb5a6fac0 (LWP 31719)):
[KCrash Handler]
#7  _int_malloc (av=<value optimized out>, bytes=<value optimized out>) at malloc.c:4439
#8  0x01521f33 in __libc_malloc (bytes=380) at malloc.c:3660
#9  0x00d68619 in operator new(unsigned int) () from /usr/lib/libstdc++.so.6
#10 0x02ba06b7 in QPainter::begin (this=0xbfaf8ba8, pd=0x95b55dc) at painting/qpainter.cpp:1785
#11 0x02ba08f8 in QPainter::QPainter (this=0xbfaf8ba8, pd=0x95e3298) at painting/qpainter.cpp:1491
#12 0x02a8f3b9 in QWidgetPrivate::drawWidget (this=0x9637258, pdev=0x95b55dc, rgn=..., offset=..., flags=<value optimized out>, sharedPainter=0x0, backingStore=0x95ce0f0) at kernel/qwidget.cpp:5397
#13 0x02c7fc74 in QWidgetBackingStore::sync (this=0x95ce0f0) at painting/qbackingstore.cpp:1328
#14 0x02a812b3 in QWidgetPrivate::syncBackingStore (this=0x9637258) at kernel/qwidget.cpp:1805
#15 0x02a88466 in QWidget::event (this=0x95e3290, event=0xd842498) at kernel/qwidget.cpp:8480
#16 0x02ec8917 in QMainWindow::event (this=0x95e3290, event=0xd842498) at widgets/qmainwindow.cpp:1417
#17 0x062448a4 in KMainWindow::event (this=0x95e3290, ev=0xd842498) at ../../kdeui/widgets/kmainwindow.cpp:1100
#18 0x0628d14f in KXmlGuiWindow::event (this=0x95e3290, ev=0xd842498) at ../../kdeui/xmlgui/kxmlguiwindow.cpp:130
#19 0x02a29fdc in QApplicationPrivate::notify_helper (this=0x9498300, receiver=0x95e3290, e=0xd842498) at kernel/qapplication.cpp:4396
#20 0x02a300e9 in QApplication::notify (this=0xbfaf98d0, receiver=0x95e3290, e=0xd842498) at kernel/qapplication.cpp:4361
#21 0x0614e68a in KApplication::notify (this=0xbfaf98d0, receiver=0x95e3290, event=0xd842498) at ../../kdeui/kernel/kapplication.cpp:310
#22 0x03757b3b in QCoreApplication::notifyInternal (this=0xbfaf98d0, receiver=0x95e3290, event=0xd842498) at kernel/qcoreapplication.cpp:732
#23 0x0375ad8b in sendEvent (receiver=0x0, event_type=0, data=0x94653d0) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215
#24 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x94653d0) at kernel/qcoreapplication.cpp:1373
#25 0x0375af4d in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at kernel/qcoreapplication.cpp:1266
#26 0x03786a74 in sendPostedEvents (s=0x949a710) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:220
#27 postEventSourceDispatch (s=0x949a710) at kernel/qeventdispatcher_glib.cpp:277
#28 0x04db0855 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#29 0x04db4668 in ?? () from /lib/libglib-2.0.so.0
#30 0x04db4848 in g_main_context_iteration () from /lib/libglib-2.0.so.0
#31 0x03786565 in QEventDispatcherGlib::processEvents (this=0x9464e98, flags=...) at kernel/qeventdispatcher_glib.cpp:415
#32 0x02aebbe5 in QGuiEventDispatcherGlib::processEvents (this=0x9464e98, flags=...) at kernel/qguieventdispatcher_glib.cpp:204
#33 0x03756609 in QEventLoop::processEvents (this=0xbfaf97a4, flags=) at kernel/qeventloop.cpp:149
#34 0x03756a8a in QEventLoop::exec (this=0xbfaf97a4, flags=...) at kernel/qeventloop.cpp:201
#35 0x0375b00f in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1009
#36 0x02a28e07 in QApplication::exec () at kernel/qapplication.cpp:3672
#37 0x0830df4b in main (argc=5, argv=0xbfaf9b24) at /home/jnarboux/digikam-2.0.0-beta1/core/digikam/main.cpp:232

Reported using DrKonqi
Comment 1 Julien Narboux 2011-01-04 14:50:50 UTC 
Created attachment 55551 [details]
New crash information added by DrKonqi

digikam (2.0.0-beta1) on KDE Platform 4.5.1 (KDE 4.5.1) using Qt 4.7.0

- What I was doing when the application crashed:

Select dates in time line view, here is another trace if it helps.

-- Backtrace (Reduced):
#7  _int_malloc (av=<value optimized out>, bytes=<value optimized out>) at malloc.c:4439
#8  0x024cbf33 in __libc_malloc (bytes=192) at malloc.c:3660
[...]
#10 0x021b8b09 in QFile::QFile (this=0xbfa92e00, name=...) at io/qfile.cpp:384
#11 0x079c7d6f in Digikam::IccProfile::data (this=0xbfa92e8c) at /home/jnarboux/digikam-2.0.0-beta1/core/libs/dimg/filters/icc/iccprofile.cpp:289
#12 0x079c7f8c in Digikam::IccProfile::open (this=0xbfa92e8c) at /home/jnarboux/digikam-2.0.0-beta1/core/libs/dimg/filters/icc/iccprofile.cpp:324
Comment 2 caulier.gilles 2011-01-04 15:47:12 UTC 
#7  _int_malloc (av=<value optimized out>, bytes=<value optimized out>) at malloc.c:4439
#8  0x024cbf33 in __libc_malloc (bytes=192) at malloc.c:3660
#9  0x06251619 in operator new(unsigned int) () from /usr/lib/libstdc++.so.6
#10 0x021b8b09 in QFile::QFile (this=0xbfa92e00, name=...) at io/qfile.cpp:384
#11 0x079c7d6f in Digikam::IccProfile::data (this=0xbfa92e8c) at /home/jnarboux/digikam-2.0.0-beta1/core/libs/dimg/filters/icc/iccprofile.cpp:289
#12 0x079c7f8c in Digikam::IccProfile::open (this=0xbfa92e8c) at /home/jnarboux/digikam-2.0.0-beta1/core/libs/dimg/filters/icc/iccprofile.cpp:324
#13 0x079c5925 in Digikam::IccManager::displayProfile (displayingWidget=0xa2c1a18) at /home/jnarboux/digikam-2.0.0-beta1/core/libs/dimg/filters/icc/iccmanager.cpp:384

It's a crash from Color management, not Timeline tool.

Sound like a problem with an ICC profile extracted from an image.

Gilles Caulier
Comment 3 Marcel Wiesweg 2011-01-06 13:55:46 UTC 
Crash is from the "new" in this line:
QFile::QFile(const QString &name) : QIODevice(*new QFilePrivate, 0)
trying to open the display profile's file, which is probably sRGB.

So no real reason why it should crash.
Julien, if you find time, does valgrind give any information if you crash digikam running under valgrind?
Comment 4 Julien Narboux 2011-01-06 14:19:44 UTC 
Created attachment 55646 [details]
New crash information added by DrKonqi

digikam (2.0.0-beta1 (rev.: 1212218)) on KDE Platform 4.5.1 (KDE 4.5.1) using Qt 4.7.0

- What I was doing when the application crashed:

I was selecting a range of dates in timeline view.

Here is another backtrace if it helps.

I can not reproduce the bug under valgring...

-- Backtrace (Reduced):
#7  _int_malloc (av=<value optimized out>, bytes=<value optimized out>) at malloc.c:4439
#8  0x01abaf33 in __libc_malloc (bytes=1776) at malloc.c:3660
#9  0x08e1611d in qMalloc (size=1776) at global/qmalloc.cpp:55
#10 0x08e77025 in QVectorData::allocate (size=28984256, alignment=141576) at tools/qvector.cpp:67
#11 0x023d7413 in QVector<Digikam::ImageInfo>::malloc(int) () from /usr/lib/libdigikamdatabase.so.2
Comment 5 caulier.gilles 2011-01-06 14:35:21 UTC 
Strange. Now the trace is different... and not relevant of CM.

Can you reproduce this crash with 1.8.0 (trunk code) ? (using the same collection of course)

Gilles Caulier
Comment 6 Marcel Wiesweg 2011-01-06 14:47:20 UTC 
Two completely unrelated backtraces, with no good reason to crash, happening after a third, completely unrelated action: Indicative that the latter action (or any action triggered by it) is causing memory corruption.
Very difficult to debug if valgrind tells nothing...
Comment 7 Julien Narboux 2011-01-06 15:06:37 UTC 
Marcel,

Valgrind gives the following errors:


==29225== Thread 11:
==29225== Conditional jump or move depends on uninitialised value(s)
==29225==    at 0x10460F92: picReadHeader(QIODevice*, PICHeader*, bool) (pic_read.cpp:54)
==29225==    by 0x104625D4: SoftimagePICHandler::canRead(QIODevice*) (pic_io_handler.cpp:44)
==29225==    by 0x1046210A: SoftimagePICPlugin::capabilities(QIODevice*, QByteArray const&) const (pic_io_plugin.cpp:33)
==29225==    by 0x634A426: createReadHandlerHelper(QIODevice*, QByteArray const&, bool, bool) (qimagereader.cpp:393)
==29225==    by 0x634BD50: QImageReaderPrivate::initHandler() (qimagereader.cpp:618)
==29225==    by 0x634D5EF: QImageReader::read(QImage*) (qimagereader.cpp:1185)
==29225==    by 0x634D876: QImageReader::read() (qimagereader.cpp:1155)
==29225==    by 0x6337D97: QImage::fromData(unsigned char const*, int, char const*) (qimage.cpp:5032)
==29225==    by 0x633BEA9: QImage::loadFromData(unsigned char const*, int, char const*) (qimage.cpp:4990)
==29225==    by 0x490D1B0: QImage::loadFromData(QByteArray const&, char const*) (qimage.h:243)
==29225==    by 0x490C938: KExiv2Iface::KExiv2::getImagePreview(QImage&) const (kexiv2image.cpp:843)
==29225==    by 0x5320D85: Digikam::ThumbnailCreator::loadImagePreview(Digikam::DMetadata const&) const (thumbnailcreator.cpp:605)



==29225== Thread 1:
==29225== Conditional jump or move depends on uninitialised value(s)
==29225==    at 0x64267E4: PtsToRegion(int, int, _POINTBLOCK*, QRegionPrivate*) (qregion.cpp:3512)
==29225==    by 0x64272F7: PolygonRegion(QPoint const*, int, int) (qregion.cpp:3735)
==29225==    by 0x64279BD: QRegion::QRegion(QPolygon const&, Qt::FillRule) (qregion.cpp:3856)
==29225==    by 0x64A79B8: QX11PaintEngine::updateState(QPaintEngineState const&) (qpaintengine_x11.cpp:1092)
==29225==    by 0x63D2153: QPainterPrivate::updateStateImpl(QPainterState*) (qpainter.cpp:906)
==29225==    by 0x63D221B: QPainterPrivate::updateState(QPainterState*) (qpainter.cpp:934)
==29225==    by 0x63D97CF: QPainter::setClipRegion(QRegion const&, Qt::ClipOperation) (qpainter.cpp:2853)
==29225==    by 0x62C6436: QWidgetPrivate::paintBackground(QPainter*, QRegion const&, int) const (qwidget.cpp:2338)
==29225==    by 0x62C73EC: QWidgetPrivate::drawWidget(QPaintDevice*, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (qwidget.cpp:5398)
==29225==    by 0x64B7C73: QWidgetBackingStore::sync() (qbackingstore.cpp:1328)
==29225==    by 0x62B92B2: QWidgetPrivate::syncBackingStore() (qwidget.cpp:1805)
==29225==    by 0x62C0465: QWidget::event(QEvent*) (qwidget.cpp:8480)
==29225== 
==29225== Conditional jump or move depends on uninitialised value(s)
==29225==    at 0x64267E4: PtsToRegion(int, int, _POINTBLOCK*, QRegionPrivate*) (qregion.cpp:3512)
==29225==    by 0x64272F7: PolygonRegion(QPoint const*, int, int) (qregion.cpp:3735)
==29225==    by 0x64279BD: QRegion::QRegion(QPolygon const&, Qt::FillRule) (qregion.cpp:3856)
==29225==    by 0x64A7CCC: QX11PaintEngine::updateState(QPaintEngineState const&) (qpaintengine_x11.cpp:1110)
==29225==    by 0x63D2153: QPainterPrivate::updateStateImpl(QPainterState*) (qpainter.cpp:906)
==29225==    by 0x63D221B: QPainterPrivate::updateState(QPainterState*) (qpainter.cpp:934)
==29225==    by 0x63D97CF: QPainter::setClipRegion(QRegion const&, Qt::ClipOperation) (qpainter.cpp:2853)
==29225==    by 0x62C6436: QWidgetPrivate::paintBackground(QPainter*, QRegion const&, int) const (qwidget.cpp:2338)
==29225==    by 0x62C73EC: QWidgetPrivate::drawWidget(QPaintDevice*, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (qwidget.cpp:5398)
==29225==    by 0x64B7C73: QWidgetBackingStore::sync() (qbackingstore.cpp:1328)
==29225==    by 0x62B92B2: QWidgetPrivate::syncBackingStore() (qwidget.cpp:1805)
==29225==    by 0x62C0465: QWidget::event(QEvent*) (qwidget.cpp:8480)
Comment 8 Julien Narboux 2011-01-13 08:07:55 UTC 
*** Bug 263002 has been marked as a duplicate of this bug. ***
Comment 9 Andrew Coles 2011-01-31 22:29:01 UTC 
Okay I can reproduce this one with digikam 2.0 from SVN.  The trick is to switch between months before the view has finished updating.  Valgrind gives:

==22113== Thread 1:
==22113== Invalid read of size 4
==22113==    at 0x565494D: Digikam::ImageInfoCache::dropInfo(Digikam::ImageInfoData*) (qbasicatomic.h:85)
==22113==    by 0x5652288: Digikam::ImageInfo::~ImageInfo() (imageinfo.cpp:212)
==22113==    by 0x56D8407: Digikam::ImageModel::removeRowPairs(QList<QPair<int, int> > const&) (qlist.h:376)
==22113==    by 0x56DA33E: Digikam::ImageModel::finishIncrementalRefresh() (imagemodel.cpp:670)
==22113==    by 0x81C2B16: Digikam::ImageAlbumModel::slotResult(KJob*) (imagealbummodel.cpp:308)
==22113==    by 0x81C3650: Digikam::ImageAlbumModel::qt_metacall(QMetaObject::Call, int, void**) (imagealbummodel.moc:117)
==22113==    by 0x71E18C9: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) (qmetaobject.cpp:237)
==22113==    by 0x71F46AC: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3280)
==22113==    by 0x6EEDDA2: KJob::result(KJob*) (kjob.moc:194)
==22113==    by 0x6EEE107: KJob::emitResult() (kjob.cpp:312)
==22113==    by 0x5A9A0EF: KIO::SimpleJob::slotFinished() (job.cpp:525)
==22113==    by 0x5A9AA4B: KIO::TransferJob::slotFinished() (job.cpp:1118)
==22113==  Address 0xdca7d60 is 0 bytes inside a block of size 96 free'd
==22113==    at 0x4025504: operator delete(void*) (vg_replace_malloc.c:387)
==22113==    by 0x56549DF: Digikam::ImageInfoCache::dropInfo(Digikam::ImageInfoData*) (imageinfocache.cpp:91)
==22113==    by 0x5652288: Digikam::ImageInfo::~ImageInfo() (imageinfo.cpp:212)
==22113==    by 0x564555A: Digikam::DatabaseThumbnailInfoProvider::thumbnailInfo(QString const&) (databasethumbnailinfoprovider.cpp:76)
==22113==    by 0x534C52D: Digikam::ThumbnailCreator::makeThumbnailInfo(QString const&, QRect const&) const (thumbnailcreator.cpp:345)
==22113==    by 0x534DBC0: Digikam::ThumbnailCreator::load(QString const&, QRect const&, bool) const (thumbnailcreator.cpp:225)
==22113==    by 0x534E5BA: Digikam::ThumbnailCreator::pregenerate(QString const&) const (thumbnailcreator.cpp:180)
==22113==    by 0x53592EC: Digikam::ThumbnailLoadingTask::execute() (thumbnailtask.cpp:79)
==22113==    by 0x532CE02: Digikam::LoadSaveThread::run() (loadsavethread.cpp:117)
==22113==    by 0x537ADEF: Digikam::DynamicThread::DynamicThreadPriv::run() (dynamicthread.cpp:323)
==22113==    by 0x70CE522: QThreadPoolThread::run() (qthreadpool.cpp:106)
==22113==    by 0x70D9DF8: QThreadPrivate::start(void*) (qthread_unix.cpp:266)
==22113== 
==22113== Invalid read of size 1
==22113==    at 0x5654960: Digikam::ImageInfoCache::dropInfo(Digikam::ImageInfoData*) (imageinfocache.cpp:89)
==22113==    by 0x5652288: Digikam::ImageInfo::~ImageInfo() (imageinfo.cpp:212)
==22113==    by 0x56D8407: Digikam::ImageModel::removeRowPairs(QList<QPair<int, int> > const&) (qlist.h:376)
==22113==    by 0x56DA33E: Digikam::ImageModel::finishIncrementalRefresh() (imagemodel.cpp:670)
==22113==    by 0x81C2B16: Digikam::ImageAlbumModel::slotResult(KJob*) (imagealbummodel.cpp:308)
==22113==    by 0x81C3650: Digikam::ImageAlbumModel::qt_metacall(QMetaObject::Call, int, void**) (imagealbummodel.moc:117)
==22113==    by 0x71E18C9: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) (qmetaobject.cpp:237)
==22113==    by 0x71F46AC: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3280)
==22113==    by 0x6EEDDA2: KJob::result(KJob*) (kjob.moc:194)
==22113==    by 0x6EEE107: KJob::emitResult() (kjob.cpp:312)
==22113==    by 0x5A9A0EF: KIO::SimpleJob::slotFinished() (job.cpp:525)
==22113==    by 0x5A9AA4B: KIO::TransferJob::slotFinished() (job.cpp:1118)
==22113==  Address 0xdca7dbd is 93 bytes inside a block of size 96 free'd
==22113==    at 0x4025504: operator delete(void*) (vg_replace_malloc.c:387)
==22113==    by 0x56549DF: Digikam::ImageInfoCache::dropInfo(Digikam::ImageInfoData*) (imageinfocache.cpp:91)
==22113==    by 0x5652288: Digikam::ImageInfo::~ImageInfo() (imageinfo.cpp:212)
==22113==    by 0x564555A: Digikam::DatabaseThumbnailInfoProvider::thumbnailInfo(QString const&) (databasethumbnailinfoprovider.cpp:76)
==22113==    by 0x534C52D: Digikam::ThumbnailCreator::makeThumbnailInfo(QString const&, QRect const&) const (thumbnailcreator.cpp:345)
==22113==    by 0x534DBC0: Digikam::ThumbnailCreator::load(QString const&, QRect const&, bool) const (thumbnailcreator.cpp:225)
==22113==    by 0x534E5BA: Digikam::ThumbnailCreator::pregenerate(QString const&) const (thumbnailcreator.cpp:180)
==22113==    by 0x53592EC: Digikam::ThumbnailLoadingTask::execute() (thumbnailtask.cpp:79)
==22113==    by 0x532CE02: Digikam::LoadSaveThread::run() (loadsavethread.cpp:117)
==22113==    by 0x537ADEF: Digikam::DynamicThread::DynamicThreadPriv::run() (dynamicthread.cpp:323)
==22113==    by 0x70CE522: QThreadPoolThread::run() (qthreadpool.cpp:106)
==22113==    by 0x70D9DF8: QThreadPrivate::start(void*) (qthread_unix.cpp:266)
==22113== 
==22113== Invalid read of size 4
==22113==    at 0x56559AE: QHash<long long, Digikam::ImageInfoData*>::findNode(long long const&, unsigned int*) const (qhash.h:879)
==22113==    by 0x5654A30: Digikam::ImageInfoCache::dropInfo(Digikam::ImageInfoData*) (qhash.h:788)
==22113==    by 0x5652288: Digikam::ImageInfo::~ImageInfo() (imageinfo.cpp:212)
==22113==    by 0x56D8407: Digikam::ImageModel::removeRowPairs(QList<QPair<int, int> > const&) (qlist.h:376)
==22113==    by 0x56DA33E: Digikam::ImageModel::finishIncrementalRefresh() (imagemodel.cpp:670)
==22113==    by 0x81C2B16: Digikam::ImageAlbumModel::slotResult(KJob*) (imagealbummodel.cpp:308)
==22113==    by 0x81C3650: Digikam::ImageAlbumModel::qt_metacall(QMetaObject::Call, int, void**) (imagealbummodel.moc:117)
==22113==    by 0x71E18C9: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) (qmetaobject.cpp:237)
==22113==    by 0x71F46AC: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3280)
==22113==    by 0x6EEDDA2: KJob::result(KJob*) (kjob.moc:194)
==22113==    by 0x6EEE107: KJob::emitResult() (kjob.cpp:312)
==22113==    by 0x5A9A0EF: KIO::SimpleJob::slotFinished() (job.cpp:525)
==22113==  Address 0xdca7d68 is 8 bytes inside a block of size 96 free'd
==22113==    at 0x4025504: operator delete(void*) (vg_replace_malloc.c:387)
==22113==    by 0x56549DF: Digikam::ImageInfoCache::dropInfo(Digikam::ImageInfoData*) (imageinfocache.cpp:91)
==22113==    by 0x5652288: Digikam::ImageInfo::~ImageInfo() (imageinfo.cpp:212)
==22113==    by 0x564555A: Digikam::DatabaseThumbnailInfoProvider::thumbnailInfo(QString const&) (databasethumbnailinfoprovider.cpp:76)
==22113==    by 0x534C52D: Digikam::ThumbnailCreator::makeThumbnailInfo(QString const&, QRect const&) const (thumbnailcreator.cpp:345)
==22113==    by 0x534DBC0: Digikam::ThumbnailCreator::load(QString const&, QRect const&, bool) const (thumbnailcreator.cpp:225)
==22113==    by 0x534E5BA: Digikam::ThumbnailCreator::pregenerate(QString const&) const (thumbnailcreator.cpp:180)
==22113==    by 0x53592EC: Digikam::ThumbnailLoadingTask::execute() (thumbnailtask.cpp:79)
==22113==    by 0x532CE02: Digikam::LoadSaveThread::run() (loadsavethread.cpp:117)
==22113==    by 0x537ADEF: Digikam::DynamicThread::DynamicThreadPriv::run() (dynamicthread.cpp:323)
==22113==    by 0x70CE522: QThreadPoolThread::run() (qthreadpool.cpp:106)
==22113==    by 0x70D9DF8: QThreadPrivate::start(void*) (qthread_unix.cpp:266)
==22113== 
==22113== Invalid read of size 4
==22113==    at 0x56559B0: QHash<long long, Digikam::ImageInfoData*>::findNode(long long const&, unsigned int*) const (qhash.h:879)
==22113==    by 0x5654A30: Digikam::ImageInfoCache::dropInfo(Digikam::ImageInfoData*) (qhash.h:788)
==22113==    by 0x5652288: Digikam::ImageInfo::~ImageInfo() (imageinfo.cpp:212)
==22113==    by 0x56D8407: Digikam::ImageModel::removeRowPairs(QList<QPair<int, int> > const&) (qlist.h:376)
==22113==    by 0x56DA33E: Digikam::ImageModel::finishIncrementalRefresh() (imagemodel.cpp:670)
==22113==    by 0x81C2B16: Digikam::ImageAlbumModel::slotResult(KJob*) (imagealbummodel.cpp:308)
==22113==    by 0x81C3650: Digikam::ImageAlbumModel::qt_metacall(QMetaObject::Call, int, void**) (imagealbummodel.moc:117)
==22113==    by 0x71E18C9: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) (qmetaobject.cpp:237)
==22113==    by 0x71F46AC: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3280)
==22113==    by 0x6EEDDA2: KJob::result(KJob*) (kjob.moc:194)
==22113==    by 0x6EEE107: KJob::emitResult() (kjob.cpp:312)
==22113==    by 0x5A9A0EF: KIO::SimpleJob::slotFinished() (job.cpp:525)
==22113==  Address 0xdca7d6c is 12 bytes inside a block of size 96 free'd
==22113==    at 0x4025504: operator delete(void*) (vg_replace_malloc.c:387)
==22113==    by 0x56549DF: Digikam::ImageInfoCache::dropInfo(Digikam::ImageInfoData*) (imageinfocache.cpp:91)
==22113==    by 0x5652288: Digikam::ImageInfo::~ImageInfo() (imageinfo.cpp:212)
==22113==    by 0x564555A: Digikam::DatabaseThumbnailInfoProvider::thumbnailInfo(QString const&) (databasethumbnailinfoprovider.cpp:76)
==22113==    by 0x534C52D: Digikam::ThumbnailCreator::makeThumbnailInfo(QString const&, QRect const&) const (thumbnailcreator.cpp:345)
==22113==    by 0x534DBC0: Digikam::ThumbnailCreator::load(QString const&, QRect const&, bool) const (thumbnailcreator.cpp:225)
==22113==    by 0x534E5BA: Digikam::ThumbnailCreator::pregenerate(QString const&) const (thumbnailcreator.cpp:180)
==22113==    by 0x53592EC: Digikam::ThumbnailLoadingTask::execute() (thumbnailtask.cpp:79)
==22113==    by 0x532CE02: Digikam::LoadSaveThread::run() (loadsavethread.cpp:117)
==22113==    by 0x537ADEF: Digikam::DynamicThread::DynamicThreadPriv::run() (dynamicthread.cpp:323)
==22113==    by 0x70CE522: QThreadPoolThread::run() (qthreadpool.cpp:106)
==22113==    by 0x70D9DF8: QThreadPrivate::start(void*) (qthread_unix.cpp:266)
==22113==
Comment 10 Julien Narboux 2011-04-19 11:23:08 UTC 
I can not reproduce this bug with current git trunk.

Julien
Comment 11 caulier.gilles 2011-04-19 12:21:01 UTC 
And you Andrew, can you check with last code from Git master and confirm that it's not reproducible ?

Gilles Caulier
Comment 12 caulier.gilles 2011-07-02 10:02:02 UTC 
digiKam 2.0.0 RC is out. Please check if crash is reproducible with this version.

Thanks in advance

Gilles Caulier
Comment 13 Julien Narboux 2011-07-18 12:06:40 UTC 
Created attachment 61957 [details]
New crash information added by DrKonqi

digikam (2.0.0-rc) on KDE Platform 4.6.2 (4.6.2) using Qt 4.7.2

- What I was doing when the application crashed:

I can reproduce this crash using digikam 2.0 rc

-- Backtrace (Reduced):
#7  _int_malloc (av=0x25413c0, bytes=512) at malloc.c:4439
#8  0x02452f53 in __libc_malloc (bytes=512) at malloc.c:3660
#9  0x01a5db8d in qMalloc (size=512) at global/qmalloc.cpp:55
#10 0x01ab9b35 in QVectorData::allocate (size=512, alignment=4) at tools/qvector.cpp:67
#11 0x0417cf2c in malloc (this=0xbdfea14, asize=16, aalloc=31) at ../../include/QtCore/../../src/corelib/tools/qvector.h:393
Comment 14 Thomas Caswell 2011-09-24 01:35:18 UTC 
I can reproduce this bug from git master, but it requires clicking on the timeline rather manically and takes a while to generate.  

When it does crash there are 20+ threads running and reports corrupted double linked lists.

The backtrace is different every time.
Comment 15 Marcel Wiesweg 2011-09-24 12:26:01 UTC 
*** Bug 265245 has been marked as a duplicate of this bug. ***
Comment 16 Marcel Wiesweg 2011-09-26 20:07:07 UTC 
I could reproduce this problem at least once.

I suspect a problem in the model (double deletion of ImageInfo). Alternatively, there could be an issue with the ImageInfoCache, but on another thorough review, I could not find a problem.
Comment 17 Marcel Wiesweg 2011-09-29 20:06:52 UTC 
*** Bug 283045 has been marked as a duplicate of this bug. ***
Comment 18 Marcel Wiesweg 2011-09-29 20:09:26 UTC 
*** Bug 281895 has been marked as a duplicate of this bug. ***
Comment 19 Marcel Wiesweg 2011-10-03 11:53:57 UTC 
We have a nice race condition here:
ImageInfo::~ImageInfo()
{
    ImageInfoData* olddata = m_data.unassign();
    // <- here
    if (olddata)
    {
        ImageInfoStatic::cache()->dropInfo(olddata);
    }
}

At the indicated place, another thread can grab the ImageInfoData from the cache, use it, and destroy the ImageInfo. It will then see the ref count dropped to 0 again, and delete it. Returned to the first thread, already deleted data will be deleted.
Solution: Do not reuse data with ref count 0.
Comment 20 Marcel Wiesweg 2011-10-03 17:06:05 UTC 
Git commit 35e1ae964ca1cf5a71d81478ad863ba681e15ee3 by Marcel Wiesweg.
Committed on 03/10/2011 at 13:58.
Pushed by mwiesweg into branch 'master'.

Rewrite of the ImageInfoCache infrastructure with fixed crashes and better granularity

- apply save atomic operations and drop ImageInfoDatas from the cache if ref count is 0
- remove dependency on the big database lock, use a finer grained readwritelock for ImageInfo
- cache image infos by name as well, used for thumbnail info retrieval
- rewrite the getter methods in ImageInfo for the ReadWriteLock

BUG: 262077

M  +2    -1    NEWS
M  +8    -15   libs/database/databaseaccess.cpp
M  +0    -6    libs/database/databaseaccess.h
M  +228  -263  libs/database/imageinfo.cpp
M  +1    -0    libs/database/imageinfo.h
M  +125  -29   libs/database/imageinfocache.cpp
M  +35   -14   libs/database/imageinfocache.h
M  +37   -4    libs/database/imageinfodata.h

http://commits.kde.org/digikam/35e1ae964ca1cf5a71d81478ad863ba681e15ee3
Comment 21 Marcel Wiesweg 2011-10-03 17:10:31 UTC 
*** Bug 279495 has been marked as a duplicate of this bug. ***