Bug 273759

Summary:	When using "fetch project", a bad subversion path crashes kdevelop
Product:	[Developer tools] kdevplatform	Reporter:	Glen Kaukola <gkaukola>
Component:	subversion	Assignee:	kdevelop-bugs-null
Status:	RESOLVED FIXED
Severity:	crash	CC:	alsantos123, batyiev, cfeck, marcus_gasser, msnkipa, pancho.s, pharscape, rbyshko
Priority:	VHI
Version:	git master
Target Milestone:	1.2.0
Platform:	Compiled Sources
OS:	Linux
Latest Commit:	http://commits.kde.org/kdevplatform/69f84d44c2c158db89fe56540814688dba079fb8	Version Fixed In:	1.2
Sentry Crash Report:
Bug Depends on:
Bug Blocks:	310978

Description Glen Kaukola 2011-05-20 23:12:45 UTC

Version:           git master (using KDE 4.6.2) 
OS:                Linux

A bad path to a subversion repository crashes kdevelop.  It seems like the offender may be kdevplatform.

Reproducible: Always

Steps to Reproduce:
1.  Open the fetch project dialog
2.  Switch the source to subversion.
3.  Set the source to something that doesn't exist, like svn://anonsvn.kde.org/junk
4.  Profit

Actual Results:  
A crash.

Expected Results:  
An error message.

Gdb 'where' output:
(gdb) where
#0  0x0000003cedf718a7 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib64/libQtCore.so.4
#1  0x0000003d5db372d2 in KJob::result(KJob*) () from /usr/lib64/libkdecore.so.5
#2  0x0000003d5db37310 in KJob::emitResult() () from /usr/lib64/libkdecore.so.5
#3  0x00007fffe8ded6e0 in SvnJobBase::internalJobFailed(ThreadWeaver::Job*) () from /home/edu/kde/lib64/kde4/kdevsubversion.so
#4  0x00007fffe8ded997 in SvnJobBase::qt_metacall(QMetaObject::Call, int, void**) () from /home/edu/kde/lib64/kde4/kdevsubversion.so
#5  0x0000003cedf715ca in QObject::event(QEvent*) () from /usr/lib64/libQtCore.so.4
#6  0x0000003cef7b7cd4 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib64/libQtGui.so.4
#7  0x0000003cef7bc88a in QApplication::notify(QObject*, QEvent*) () from /usr/lib64/libQtGui.so.4
#8  0x00000038c9e3ff96 in KApplication::notify(QObject*, QEvent*) () from /usr/lib64/libkdeui.so.5
#9  0x0000003cedf5d19c in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib64/libQtCore.so.4
#10 0x0000003cedf60985 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/lib64/libQtCore.so.4
#11 0x0000003cedf881b3 in ?? () from /usr/lib64/libQtCore.so.4
#12 0x0000003060e41e33 in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
#13 0x0000003060e42610 in ?? () from /lib64/libglib-2.0.so.0
#14 0x0000003060e428ad in g_main_context_iteration () from /lib64/libglib-2.0.so.0
#15 0x0000003cedf8834f in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/libQtCore.so.4
#16 0x0000003cef85d35e in ?? () from /usr/lib64/libQtGui.so.4
#17 0x0000003cedf5c532 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/libQtCore.so.4
#18 0x0000003cedf5c77c in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/libQtCore.so.4
#19 0x0000003cefc71d4e in QDialog::exec() () from /usr/lib64/libQtGui.so.4
#20 0x00007ffff7b12ab1 in KDevelop::ProjectDialogProvider::askProjectConfigLocation(bool, KUrl const&) () from /home/edu/kde/lib64/libkdevplatformshell.so.4
#21 0x00007ffff7b14c92 in KDevelop::ProjectController::fetchProject() () from /home/edu/kde/lib64/libkdevplatformshell.so.4
#22 0x00007ffff7b16cfd in KDevelop::ProjectController::qt_metacall(QMetaObject::Call, int, void**) () from /home/edu/kde/lib64/libkdevplatformshell.so.4
#23 0x0000003cedf71acf in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib64/libQtCore.so.4
#24 0x0000003cef7b1662 in QAction::triggered(bool) () from /usr/lib64/libQtGui.so.4
#25 0x0000003cef7b185a in QAction::activate(QAction::ActionEvent) () from /usr/lib64/libQtGui.so.4
#26 0x0000003cefbef243 in ?? () from /usr/lib64/libQtGui.so.4
#27 0x0000003cefbf51da in ?? () from /usr/lib64/libQtGui.so.4
#28 0x00000038c9f0923d in KMenu::mouseReleaseEvent(QMouseEvent*) () from /usr/lib64/libkdeui.so.5
#29 0x0000003cef8096ec in QWidget::event(QEvent*) () from /usr/lib64/libQtGui.so.4
#30 0x0000003cefbf63db in QMenu::event(QEvent*) () from /usr/lib64/libQtGui.so.4
#31 0x0000003cef7b7cd4 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib64/libQtGui.so.4
#32 0x0000003cef7bd10a in QApplication::notify(QObject*, QEvent*) () from /usr/lib64/libQtGui.so.4
#33 0x00000038c9e3ff96 in KApplication::notify(QObject*, QEvent*) () from /usr/lib64/libkdeui.so.5
#34 0x0000003cedf5d19c in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib64/libQtCore.so.4
#35 0x0000003cef7b8cd5 in QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool) () from /usr/lib64/libQtGui.so.4
#36 0x0000003cef837794 in ?? () from /usr/lib64/libQtGui.so.4
#37 0x0000003cef835c29 in QApplication::x11ProcessEvent(_XEvent*) () from /usr/lib64/libQtGui.so.4
#38 0x0000003cef85d656 in ?? () from /usr/lib64/libQtGui.so.4
#39 0x0000003060e41e33 in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
#40 0x0000003060e42610 in ?? () from /lib64/libglib-2.0.so.0
#41 0x0000003060e428ad in g_main_context_iteration () from /lib64/libglib-2.0.so.0
#42 0x0000003cedf8834f in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/libQtCore.so.4
#43 0x0000003cef85d35e in ?? () from /usr/lib64/libQtGui.so.4
#44 0x0000003cedf5c532 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/libQtCore.so.4
#45 0x0000003cedf5c77c in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/libQtCore.so.4
#46 0x0000003cedf60c3b in QCoreApplication::exec() () from /usr/lib64/libQtCore.so.4
#47 0x0000000000409bce in main (argc=0, argv=0x7fffffffe578) at /home/edu/kde/src/kdevelop/app/main.cpp:474
(gdb)

Comment 1 Milian Wolff 2011-05-27 18:31:26 UTC

confirmed

Comment 2 Milian Wolff 2011-05-27 18:50:33 UTC

valgrind log:

==16229== Thread 1:
==16229== Invalid read of size 8
==16229==    at 0x90D23C7: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.h:125)
==16229==    by 0x4F66D31: KJob::result(KJob*) (kjob.moc:194)
==16229==    by 0x4F66D6F: KJob::emitResult() (kjob.cpp:312)
==16229==    by 0x25C66397: SvnJobBase::internalJobFailed(ThreadWeaver::Job*) (svnjobbase.cpp:159)
==16229==    by 0x25C66AE0: SvnJobBase::qt_metacall(QMetaObject::Call, int, void**) (svnjobbase.moc:99)
==16229==    by 0x25C7FA73: SvnCheckoutJob::qt_metacall(QMetaObject::Call, int, void**) (svncheckoutjob.moc:64)
==16229==    by 0x90D1499: QObject::event(QEvent*) (qobject.cpp:1226)
==16229==    by 0x95AB9E3: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:4462)
==16229==    by 0x95B03A9: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:4341)
==16229==    by 0x88CC195: KApplication::notify(QObject*, QEvent*) (kapplication.cpp:311)
==16229==    by 0x90BD49B: QCoreApplication::notifyInternal(QObject*, QEvent*) (qcoreapplication.cpp:731)
==16229==    by 0x90C0C24: QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (qcoreapplication.h:215)
==16229==    by 0x90E8252: postEventSourceDispatch(_GSource*, int (*)(void*), void*) (qcoreapplication.h:220)
==16229==    by 0xF2D8BCC: g_main_context_dispatch (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.2800.6)
==16229==    by 0xF2D93A7: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.2800.6)
==16229==    by 0xF2D9638: g_main_context_iteration (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.2800.6)
==16229==    by 0x90E83EE: QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventdispatcher_glib.cpp:422)
==16229==    by 0x9652DFD: QGuiEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qguieventdispatcher_glib.cpp:204)
==16229==    by 0x90BC881: QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:149)
==16229==    by 0x90BCABB: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:201)
==16229==    by 0x9A6A8E5: QDialog::exec() (qdialog.cpp:552)
==16229==    by 0x55BB315: KDevelop::ProjectDialogProvider::askProjectConfigLocation(bool, KUrl const&) (projectcontroller.cpp:327)
==16229==    by 0x55BDE89: KDevelop::ProjectController::fetchProject() (projectcontroller.cpp:679)
==16229==    by 0x55BFE66: KDevelop::ProjectController::qt_metacall(QMetaObject::Call, int, void**) (projectcontroller.moc:173)
==16229==    by 0x90D25F7: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3287)
==16229==  Address 0x3ea63ff8 is 8 bytes inside a block of size 152 free'd
==16229==    at 0x4C27FFF: operator delete(void*) (vg_replace_malloc.c:387)
==16229==    by 0x25C7FC9B: SvnCheckoutJob::~SvnCheckoutJob() (svncheckoutjob.h:35)
==16229==    by 0x90D14C7: QObject::event(QEvent*) (qobject.cpp:1209)
==16229==    by 0x95AB9E3: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:4462)
==16229==    by 0x95B03A9: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:4341)
==16229==    by 0x88CC195: KApplication::notify(QObject*, QEvent*) (kapplication.cpp:311)
==16229==    by 0x90BD49B: QCoreApplication::notifyInternal(QObject*, QEvent*) (qcoreapplication.cpp:731)
==16229==    by 0x90C0C24: QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (qcoreapplication.h:215)
==16229==    by 0x90E8252: postEventSourceDispatch(_GSource*, int (*)(void*), void*) (qcoreapplication.h:220)
==16229==    by 0xF2D8BCC: g_main_context_dispatch (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.2800.6)
==16229==    by 0xF2D93A7: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.2800.6)
==16229==    by 0xF2D9638: g_main_context_iteration (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.2800.6)
==16229==    by 0x90E83EE: QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventdispatcher_glib.cpp:422)
==16229==    by 0x9652DFD: QGuiEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qguieventdispatcher_glib.cpp:204)
==16229==    by 0x90BC881: QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:149)
==16229==    by 0x90BCABB: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:201)
==16229==    by 0x9A6A8E5: QDialog::exec() (qdialog.cpp:552)
==16229==    by 0x883A779: KMessageBox::createKMessageBox(KDialog*, QIcon const&, QString const&, QStringList const&, QString const&, bool*, QFlags<KMessageBox::Option>, QString const&, QMessageBox::Icon) (kmessagebox.cpp:337)
==16229==    by 0x883AF8A: KMessageBox::createKMessageBox(KDialog*, QMessageBox::Icon, QString const&, QStringList const&, QString const&, bool*, QFlags<KMessageBox::Option>, QString const&) (kmessagebox.cpp:152)
==16229==    by 0x883BBC1: KMessageBox::errorListWId(unsigned long, QString const&, QStringList const&, QString const&, QFlags<KMessageBox::Option>) (kmessagebox.cpp:847)
==16229==    by 0x883BD9A: KMessageBox::error(QWidget*, QString const&, QString const&, QFlags<KMessageBox::Option>) (kmessagebox.cpp:814)
==16229==    by 0x55E6267: KDevelop::RunController::finished(KJob*) (runcontroller.cpp:625)
==16229==    by 0x55E8449: KDevelop::RunController::qt_metacall(QMetaObject::Call, int, void**) (runcontroller.moc:94)
==16229==    by 0x90D25F7: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3287)
==16229==    by 0x4F66B8E: KJob::finished(KJob*) (kjob.moc:173)
==16229==

Comment 3 Milian Wolff 2011-05-27 19:41:08 UTC

The reason is that internalJobDone gets called via connection to ThreadWeaver::Job::done which gets emitted also when the job fails.

The nested event loop when showing the error dialog (connected to the emitResult in internalJobFailed) triggers the deleteLater in the internalJobDone and hence leads to a crash.

I'll commit something that fixes it for me but imo this code needs a rework...

Comment 4 Milian Wolff 2011-05-27 19:43:41 UTC

Git commit 69f84d44c2c158db89fe56540814688dba079fb8 by Milian Wolff.
Committed on 27/05/2011 at 19:42.
Pushed by mwolff into branch '1.2'.

try to protect against crash triggered by nested event loops and failing svn jobs

this needs some more work probably as explained in the comment

BUG: 273759

M  +13   -0    plugins/subversion/svnjobbase.cpp     

http://commits.kde.org/kdevplatform/69f84d44c2c158db89fe56540814688dba079fb8

Comment 5 Milian Wolff 2011-05-29 00:13:36 UTC

*** Bug 273449 has been marked as a duplicate of this bug. ***

Comment 6 Milian Wolff 2011-05-29 00:14:50 UTC

*** Bug 227823 has been marked as a duplicate of this bug. ***

Comment 7 Milian Wolff 2011-05-29 00:15:09 UTC

*** Bug 269011 has been marked as a duplicate of this bug. ***

Comment 8 Christoph Feck 2011-05-31 01:24:43 UTC

Could bug 229957 be related/fixed also?

Comment 9 Milian Wolff 2011-05-31 11:01:17 UTC

*** Bug 229957 has been marked as a duplicate of this bug. ***

Comment 10 Milian Wolff 2011-06-19 21:08:27 UTC

*** Bug 275140 has been marked as a duplicate of this bug. ***

Comment 11 Milian Wolff 2011-06-19 21:08:40 UTC

*** Bug 276013 has been marked as a duplicate of this bug. ***

Comment 12 Olivier.jg 2011-07-26 07:21:35 UTC

*** Bug 275152 has been marked as a duplicate of this bug. ***