Bug 304178

Summary: Dolphin Segfault when typing wrong decompressing password
Product: [Applications] ark Reporter: Yichao Yu <yyc1992>
Component: generalAssignee: Raphael Kubo da Costa <rakuco>
Status: RESOLVED FIXED    
Severity: crash    
Priority: NOR    
Version First Reported In: 2.19   
Target Milestone: ---   
Platform: Arch Linux   
OS: Linux   
Latest Commit: http://commits.kde.org/ark/c7af2d6372ea2b222e1af223b3fd53cdeb1f3c2b Version Fixed/Implemented In: 4.9.1
Sentry Crash Report:
Attachments: An (almost) empty rar file that can cause the problem

Description Yichao Yu 2012-07-28 14:00:50 UTC 
Application: dolphin (2.1)
KDE Platform Version: 4.8.97
Qt Version: 4.8.2
Operating System: Linux 3.4.4-3-ARCH x86_64
Distribution: "Arch Linux"

-- Information about the crash:
- What I was doing when the application crashed:
Try to decompress a rar file with passwd and typed a wrong password

- Unusual behavior I noticed:
Dolphin crash with segfault after closing a second "wrong password" popup window.

- Custom settings of the application:

The crash can be reproduced every time.

-- Backtrace:
Application: Dolphin (kdeinit4), signal: Segmentation fault
Using host libthread_db library "/lib/libthread_db.so.1".
[Current thread is 1 (Thread 0x7fa178552780 (LWP 8281))]

Thread 4 (Thread 0x7fa15dc59700 (LWP 8283)):
#0  0x00007fa175bbfebd in poll () from /lib/libc.so.6
#1  0x00007fa172ad8744 in ?? () from /lib/libglib-2.0.so.0
#2  0x00007fa1580009a0 in ?? ()
#3  0xffffffff7fffffff in ?? ()
#4  0x00007fa15dc58d00 in ?? ()
#5  0x00007fa1580009a0 in ?? ()
#6  0x0000000000000001 in ?? ()
#7  0x00007fa15dc58d00 in ?? ()
#8  0x00007fa1580008c0 in ?? ()
#9  0x0000000000000000 in ?? ()

Thread 3 (Thread 0x7fa1567ca700 (LWP 8291)):
#0  0x00007fffcdfff8bf in clock_gettime ()
#1  0x00007fa172d88f8d in clock_gettime () from /lib/librt.so.1
#2  0x00007fa17711a544 in ?? () from /lib/libQtCore.so.4
#3  0x00007fa1771ee44d in ?? () from /lib/libQtCore.so.4
#4  0x00007fa1771ee793 in ?? () from /lib/libQtCore.so.4
#5  0x00007fa1771ed30c in ?? () from /lib/libQtCore.so.4
#6  0x00007fa1771ed3b5 in ?? () from /lib/libQtCore.so.4
#7  0x00007fa172ad7f7f in g_main_loop_ref () from /lib/libglib-2.0.so.0
#8  0x00007fa1480009a0 in ?? ()
#9  0x0000000000000001 in ?? ()
#10 0x00007fa148002bb0 in ?? ()
#11 0x0000000000000002 in ?? ()
#12 0x0000000000000001 in ?? ()
#13 0x0000000000000001 in ?? ()
#14 0x00007fa172ad866b in g_main_context_set_poll_func () from /lib/libglib-2.0.so.0
#15 0x00007fa1480009a0 in ?? ()
#16 0x0000000000000001 in ?? ()
#17 0x00007fa1567c9d00 in ?? ()
#18 0x00007fa1480008c0 in ?? ()
#19 0x0000000000000000 in ?? ()

Thread 2 (Thread 0x7fa154ff6700 (LWP 8305)):
#0  0x00007fa176e38954 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#1  0x00007fa1558befbf in ?? () from /lib/libvlccore.so.5
#2  0x00007fa176e34e0f in start_thread () from /lib/libpthread.so.0
#3  0x00007fa175bc804d in clone () from /lib/libc.so.6

Thread 1 (Thread 0x7fa178552780 (LWP 8281)):
[KCrash Handler]
#5  0x00007fa1771d4cb9 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /lib/libQtCore.so.4
#6  0x00007fa177647a7f in KJob::finished(KJob*) () from /lib/libkdecore.so.5
#7  0x00007fa177647cc5 in KJob::emitResult() () from /lib/libkdecore.so.5
#8  0x00007fa154cefd69 in ?? () from /usr/lib/kde4/libextracthere.so
#9  0x00007fa1771d4f0f in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /lib/libQtCore.so.4
#10 0x00007fa177647c92 in KJob::result(KJob*) () from /lib/libkdecore.so.5
#11 0x00007fa177647cd0 in KJob::emitResult() () from /lib/libkdecore.so.5
#12 0x00007fa154ad3692 in Kerfuffle::Job::onFinished(bool) () from /lib/libkerfuffle.so.4
#13 0x00007fa1771d43ee in QObject::event(QEvent*) () from /lib/libQtCore.so.4
#14 0x00007fa176354f8c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /lib/libQtGui.so.4
#15 0x00007fa17635940a in QApplication::notify(QObject*, QEvent*) () from /lib/libQtGui.so.4
#16 0x00007fa177f61876 in KApplication::notify(QObject*, QEvent*) () from /lib/libkdeui.so.5
#17 0x00007fa1771bfa2e in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /lib/libQtCore.so.4
#18 0x00007fa1771c3391 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /lib/libQtCore.so.4
#19 0x00007fa1771eda93 in ?? () from /lib/libQtCore.so.4
#20 0x00007fa172ad8475 in g_source_get_time () from /lib/libglib-2.0.so.0
#21 0x0000000000000001 in ?? ()
#22 0x00007fffcdf75f30 in ?? ()
#23 0x00007fa1771eda80 in ?? () from /lib/libQtCore.so.4
#24 0x00000000015cc400 in ?? ()
#25 0x0000000000000000 in ?? ()

Possible duplicates by query: bug 301647, bug 297597.

Reported using DrKonqi
Comment 1 Raphael Kubo da Costa 2012-07-29 00:50:05 UTC 
Can you attach a file that causes this crash with steps to reproduce?
Comment 2 Yichao Yu 2012-07-29 11:54:52 UTC 
Created attachment 72811 [details]
An (almost) empty rar file that can cause the problem

The way that I used to extract this file is to drag it to a empty place in dolphin and select "extract" in the popup menu. Open it in ark directly is fine (and this is why I reported it as a dolphin bug at first).
The crash happens after the second (somehow it popup twice) "password mistake" window is closed.
Comment 3 Raphael Kubo da Costa 2012-08-16 15:53:27 UTC 
Git commit c7af2d6372ea2b222e1af223b3fd53cdeb1f3c2b by Raphael Kubo da Costa.
Committed on 16/08/2012 at 17:37.
Pushed by rkcosta into branch 'KDE/4.9'.

Stop emitting finished() from CliInterface::failOperation().

We were always emitting finished() twice if failOperation() was
called:
 - If it did kill the process in its doKill() call, the fact that the
   process was killed would call processFinished(), which would emit
   finished(true). failOperation() would later emit finished(false).
 - For the cases in which the process was not being killed, the
   callers in cliinterface.cpp were acting according to the following
   pattern:

       if (something failed) {
           emit error("Oops, something bad happened");
           failOperation();
           return false;
       }

   If the process wasn't killed it means it had already finished, so
   processFinished() had already been called (and consequently
   finished(true) had already been emitted), yet failOperation()
   would emit finished(false) again.

This was particularly troublesome for AddToArchive and BatchExtract,
since they rely on the KJob::result() signal to kill the
AddToArchive/BatchExtract instance and quit the application. Since
our Jobs connect to the finished() signal to call KJob::emitResult(),
the application was being deleted by the time the second finished()
signal was emitted, leading to crashes (this normally happens if you
enter a wrong password or extract a corrupted file).

Unfortunately, we still don't unit test CliInterface, so no there are
no new tests :(
Related: bug 304764
FIXED-IN: 4.9.1

M  +1    -3    kerfuffle/cliinterface.cpp

http://commits.kde.org/ark/c7af2d6372ea2b222e1af223b3fd53cdeb1f3c2b