Bug 304524

Summary: Dolphin crashes when minimizing window before finishing file renaming [ KStandardItemListWidget::closeRoleEditor]
Product: [Applications] dolphin Reporter: Janek Bevendorff <kde>
Component: generalAssignee: Dolphin Bug Assignee <dolphin-bugs-null>
Status: RESOLVED FIXED    
Severity: crash CC: russianneuromancer
Priority: NOR    
Version: 2.1   
Target Milestone: ---   
Platform: unspecified   
OS: Linux   
Latest Commit: http://commits.kde.org/kde-baseapps/a9c2bdc3b53955693e716bbab58c318fe25bdc9b Version Fixed In: 4.9.1
Sentry Crash Report:

Description Janek Bevendorff 2012-08-03 22:36:36 UTC 
Dolphin crashes reliably when I select a file or folder, hit F2 to rename it and then click the minimize button on the window frame without finishing the renaming task first.

Reproducible: Always




Backtrace:

Application: Dolphin (kdeinit4), signal: Segmentation fault
Using host libthread_db library "/lib64/libthread_db.so.1".
[Current thread is 1 (Thread 0x7f91bac78780 (LWP 689))]

Thread 3 (Thread 0x7f919a543700 (LWP 692)):
#0  0x00007f91b8267573 in poll () from /lib64/libc.so.6
#1  0x00007f91b51df796 in g_main_context_iterate.isra.23 () from /usr/lib64/libglib-2.0.so.0
#2  0x00007f91b51df8c4 in g_main_context_iteration () from /usr/lib64/libglib-2.0.so.0
#3  0x00007f91b98bb1ff in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/qt4/libQtCore.so.4
#4  0x00007f91b988adf2 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/qt4/libQtCore.so.4
#5  0x00007f91b988b047 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/qt4/libQtCore.so.4
#6  0x00007f91b978afd7 in QThread::exec() () from /usr/lib64/qt4/libQtCore.so.4
#7  0x00007f91b986ac0f in QInotifyFileSystemWatcherEngine::run() () from /usr/lib64/qt4/libQtCore.so.4
#8  0x00007f91b978dffb in QThreadPrivate::start(void*) () from /usr/lib64/qt4/libQtCore.so.4
#9  0x00007f91b94f7e2c in start_thread () from /lib64/libpthread.so.0
#10 0x00007f91b82701dd in clone () from /lib64/libc.so.6

Thread 2 (Thread 0x7f91996b4700 (LWP 701)):
#0  0x00007f91b8269bb3 in select () from /lib64/libc.so.6
#1  0x00007f91b986a281 in QProcessManager::run() () from /usr/lib64/qt4/libQtCore.so.4
#2  0x00007f91b978dffb in QThreadPrivate::start(void*) () from /usr/lib64/qt4/libQtCore.so.4
#3  0x00007f91b94f7e2c in start_thread () from /lib64/libpthread.so.0
#4  0x00007f91b82701dd in clone () from /lib64/libc.so.6

Thread 1 (Thread 0x7f91bac78780 (LWP 689)):
[KCrash Handler]
#6  0x00007f91b8a5a999 in QWidget::hasFocus() const () from /usr/lib64/qt4/libQtGui.so.4
#7  0x00007f919fb4f1a4 in KStandardItemListWidget::closeRoleEditor (this=0x1cfc750) at /var/tmp/portage/kde-base/dolphin-4.9.0/work/dolphin-4.9.0/dolphin/src/kitemviews/kstandarditemlistwidget.cpp:1243
#8  0x00007f919fb4f248 in KStandardItemListWidget::slotRoleEditingFinished (this=0x1cfc750, index=0, role=..., value=...) at /var/tmp/portage/kde-base/dolphin-4.9.0/work/dolphin-4.9.0/dolphin/src/kitemviews/kstandarditemlistwidget.cpp:699
#9  0x00007f91b98a00b1 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib64/qt4/libQtCore.so.4
#10 0x00007f919fb55b48 in KItemListRoleEditor::roleEditingFinished (this=<optimized out>, _t1=0, _t2=..., _t3=...) at /var/tmp/portage/kde-base/dolphin-4.9.0/work/dolphin-4.9.0_build/dolphin/src/kitemlistroleeditor.moc:107
#11 0x00007f919fb55b99 in emitRoleEditingFinished (this=0x1df6b10) at /var/tmp/portage/kde-base/dolphin-4.9.0/work/dolphin-4.9.0/dolphin/src/kitemviews/private/kitemlistroleeditor.cpp:140
#12 KItemListRoleEditor::emitRoleEditingFinished (this=0x1df6b10) at /var/tmp/portage/kde-base/dolphin-4.9.0/work/dolphin-4.9.0/dolphin/src/kitemviews/private/kitemlistroleeditor.cpp:137
#13 0x00007f919fb55c55 in KItemListRoleEditor::eventFilter (this=0x1df6b10, watched=<optimized out>, event=<optimized out>) at /var/tmp/portage/kde-base/dolphin-4.9.0/work/dolphin-4.9.0/dolphin/src/kitemviews/private/kitemlistroleeditor.cpp:70
#14 0x00007f91b988c448 in QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) () from /usr/lib64/qt4/libQtCore.so.4
#15 0x00007f91b8a1aa4f in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib64/qt4/libQtGui.so.4
#16 0x00007f91b8a1f853 in QApplication::notify(QObject*, QEvent*) () from /usr/lib64/qt4/libQtGui.so.4
#17 0x00007f91ba6742d6 in KApplication::notify (this=0x7fff7a194730, receiver=0x19af640, event=0x7fff7a191f90) at /var/tmp/portage/kde-base/kdelibs-4.9.0/work/kdelibs-4.9.0/kdeui/kernel/kapplication.cpp:311
#18 0x00007f91b988c2bc in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib64/qt4/libQtCore.so.4
#19 0x00007f91b8ab05e7 in QWidgetPrivate::setGeometry_sys(int, int, int, int, bool) () from /usr/lib64/qt4/libQtGui.so.4
#20 0x00007f91b8a65e35 in QWidget::setGeometry(QRect const&) () from /usr/lib64/qt4/libQtGui.so.4
#21 0x00007f91b8e87b18 in QAbstractScrollAreaPrivate::layoutChildren() () from /usr/lib64/qt4/libQtGui.so.4
#22 0x00007f91b8e88bed in QAbstractScrollArea::event(QEvent*) () from /usr/lib64/qt4/libQtGui.so.4
#23 0x00007f91b8a1aa84 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib64/qt4/libQtGui.so.4
#24 0x00007f91b8a1f853 in QApplication::notify(QObject*, QEvent*) () from /usr/lib64/qt4/libQtGui.so.4
#25 0x00007f91ba6742d6 in KApplication::notify (this=0x7fff7a194730, receiver=0x1964890, event=0x7fff7a1928f0) at /var/tmp/portage/kde-base/kdelibs-4.9.0/work/kdelibs-4.9.0/kdeui/kernel/kapplication.cpp:311
#26 0x00007f91b988c2bc in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib64/qt4/libQtCore.so.4
#27 0x00007f91b8ab05e7 in QWidgetPrivate::setGeometry_sys(int, int, int, int, bool) () from /usr/lib64/qt4/libQtGui.so.4
#28 0x00007f91b8a65e35 in QWidget::setGeometry(QRect const&) () from /usr/lib64/qt4/libQtGui.so.4
#29 0x00007f91b8a479e4 in QWidgetItem::setGeometry(QRect const&) () from /usr/lib64/qt4/libQtGui.so.4
#30 0x00007f91b8a297d6 in QBoxLayout::setGeometry(QRect const&) () from /usr/lib64/qt4/libQtGui.so.4
#31 0x00007f91b8a44013 in QLayoutPrivate::doResize(QSize const&) () from /usr/lib64/qt4/libQtGui.so.4
#32 0x00007f91b8a1aa41 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib64/qt4/libQtGui.so.4
#33 0x00007f91b8a1f853 in QApplication::notify(QObject*, QEvent*) () from /usr/lib64/qt4/libQtGui.so.4
#34 0x00007f91ba6742d6 in KApplication::notify (this=0x7fff7a194730, receiver=0x19c5e60, event=0x7fff7a193220) at /var/tmp/portage/kde-base/kdelibs-4.9.0/work/kdelibs-4.9.0/kdeui/kernel/kapplication.cpp:311
#35 0x00007f91b988c2bc in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib64/qt4/libQtCore.so.4
#36 0x00007f91b8ab05e7 in QWidgetPrivate::setGeometry_sys(int, int, int, int, bool) () from /usr/lib64/qt4/libQtGui.so.4
#37 0x00007f91b8a65e35 in QWidget::setGeometry(QRect const&) () from /usr/lib64/qt4/libQtGui.so.4
#38 0x00007f91b8a479e4 in QWidgetItem::setGeometry(QRect const&) () from /usr/lib64/qt4/libQtGui.so.4
#39 0x00007f91b8a297d6 in QBoxLayout::setGeometry(QRect const&) () from /usr/lib64/qt4/libQtGui.so.4
#40 0x00007f91b8a44013 in QLayoutPrivate::doResize(QSize const&) () from /usr/lib64/qt4/libQtGui.so.4
#41 0x00007f91b8a456d1 in QLayout::activate() () from /usr/lib64/qt4/libQtGui.so.4
#42 0x00007f91b8a6daf7 in QWidget::setVisible(bool) () from /usr/lib64/qt4/libQtGui.so.4
#43 0x00007f91a02d7297 in DolphinMainWindow::slotPlacesPanelVisibilityChanged (this=0x186b260, visible=<optimized out>) at /var/tmp/portage/kde-base/dolphin-4.9.0/work/dolphin-4.9.0/dolphin/src/dolphinmainwindow.cpp:916
#44 0x00007f91a02e42c1 in qt_static_metacall (_a=<optimized out>, _id=<optimized out>, _o=<optimized out>, _c=<optimized out>) at /var/tmp/portage/kde-base/dolphin-4.9.0/work/dolphin-4.9.0_build/dolphin/src/dolphinmainwindow.moc:215
#45 DolphinMainWindow::qt_static_metacall (_o=<optimized out>, _c=<optimized out>, _id=<optimized out>, _a=<optimized out>) at /var/tmp/portage/kde-base/dolphin-4.9.0/work/dolphin-4.9.0_build/dolphin/src/dolphinmainwindow.moc:175
#46 0x00007f91b98a00b1 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib64/qt4/libQtCore.so.4
#47 0x00007f91b8df3a62 in QDockWidget::visibilityChanged(bool) () from /usr/lib64/qt4/libQtGui.so.4
#48 0x00007f91b8df49b1 in QDockWidget::event(QEvent*) () from /usr/lib64/qt4/libQtGui.so.4
#49 0x00007f91b8a1aa84 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib64/qt4/libQtGui.so.4
#50 0x00007f91b8a1f853 in QApplication::notify(QObject*, QEvent*) () from /usr/lib64/qt4/libQtGui.so.4
#51 0x00007f91ba6742d6 in KApplication::notify (this=0x7fff7a194730, receiver=0x1ae2220, event=0x7fff7a193d90) at /var/tmp/portage/kde-base/kdelibs-4.9.0/work/kdelibs-4.9.0/kdeui/kernel/kapplication.cpp:311
#52 0x00007f91b988c2bc in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib64/qt4/libQtCore.so.4
#53 0x00007f91b8a6bd55 in QWidgetPrivate::hideChildren(bool) () from /usr/lib64/qt4/libQtGui.so.4
#54 0x00007f91b8a96bfb in QApplication::x11ProcessEvent(_XEvent*) () from /usr/lib64/qt4/libQtGui.so.4
#55 0x00007f91b8abd962 in x11EventSourceDispatch(_GSource*, int (*)(void*), void*) () from /usr/lib64/qt4/libQtGui.so.4
#56 0x00007f91b51df43a in g_main_context_dispatch () from /usr/lib64/libglib-2.0.so.0
#57 0x00007f91b51df800 in g_main_context_iterate.isra.23 () from /usr/lib64/libglib-2.0.so.0
#58 0x00007f91b51df8c4 in g_main_context_iteration () from /usr/lib64/libglib-2.0.so.0
#59 0x00007f91b98bb1ff in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/qt4/libQtCore.so.4
#60 0x00007f91b8abd5fe in QGuiEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/qt4/libQtGui.so.4
#61 0x00007f91b988adf2 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/qt4/libQtCore.so.4
#62 0x00007f91b988b047 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/qt4/libQtCore.so.4
#63 0x00007f91b988fe65 in QCoreApplication::exec() () from /usr/lib64/qt4/libQtCore.so.4
#64 0x00007f91a02ec6d7 in kdemain (argc=5, argv=0x16b96a0) at /var/tmp/portage/kde-base/dolphin-4.9.0/work/dolphin-4.9.0/dolphin/src/main.cpp:89
#65 0x0000000000408a24 in launch (argc=5, _name=0x16842b8 "/usr/bin/dolphin", args=<optimized out>, cwd=0x0, envc=<optimized out>, envs=<optimized out>, reset_env=false, tty=0x0, avoid_loops=false, startup_id_str=0x1684310 "janek-pc-sabayon;1344033318;944693;12959_TIME628835197") at /var/tmp/portage/kde-base/kdelibs-4.9.0/work/kdelibs-4.9.0/kinit/kinit.cpp:734
#66 0x0000000000409b06 in handle_launcher_request (sock=7, who=<optimized out>) at /var/tmp/portage/kde-base/kdelibs-4.9.0/work/kdelibs-4.9.0/kinit/kinit.cpp:1226
#67 0x000000000040a02f in handle_requests (waitForPid=0) at /var/tmp/portage/kde-base/kdelibs-4.9.0/work/kdelibs-4.9.0/kinit/kinit.cpp:1419
#68 0x0000000000405a2e in main (argc=2, argv=0x7fff7a1958c0, envp=0x7fff7a195b90) at /var/tmp/portage/kde-base/kdelibs-4.9.0/work/kdelibs-4.9.0/kinit/kinit.cpp:1907
Comment 1 Janek Bevendorff 2012-08-03 22:40:57 UTC 
Actually, Dolphin crashes when hitting ANY button before finishing the renaming action properly. This also applies to toolbar buttons, not only buttons on the window frame.
Comment 2 Frank Reininghaus 2012-08-04 07:20:09 UTC 
Thanks for the bug report! Looks like we are trying to dereference the dangling pointer m_roleEditor in KStandardItemListWidget::closeRoleEditor().
Comment 3 Jeroen van Meeuwen (Kolab Systems) 2012-08-24 16:21:29 UTC 
Resetting assignee to default as per bug #305719
Comment 4 Frank Reininghaus 2012-08-24 21:28:28 UTC 
Git commit a9c2bdc3b53955693e716bbab58c318fe25bdc9b by Frank Reininghaus.
Committed on 24/08/2012 at 23:21.
Pushed by freininghaus into branch 'KDE/4.9'.

Do not crash when finishing inline renaming in unusual ways

The crash was caused by a null pointer dereference when, e.g.,
minimizing Dolphin. The root cause was that
KStandardItemListWidget::closeRoleEditor() was called twice: once when
the role editor loses focus, and once again when the window is resized.
After m_roleEditor was set to 0, the second call dereferenced this null
pointer. I think the best solution is to disconnect from the role
editor's signals when the editor is not needed any more by the
KStandardItemListWidget.
FIXED-IN: 4.9.1

M  +10   -0    dolphin/src/kitemviews/kstandarditemlistwidget.cpp

http://commits.kde.org/kde-baseapps/a9c2bdc3b53955693e716bbab58c318fe25bdc9b
Comment 5 Frank Reininghaus 2012-08-24 21:33:51 UTC 
Git commit a3c1c748656e0fe3c34a8bfc0c7a2cc7b17d3a1c by Frank Reininghaus.
Committed on 24/08/2012 at 23:21.
Pushed by freininghaus into branch 'master'.

Do not crash when finishing inline renaming in unusual ways

The crash was caused by a null pointer dereference when, e.g.,
minimizing Dolphin. The root cause was that
KStandardItemListWidget::closeRoleEditor() was called twice: once when
the role editor loses focus, and once again when the window is resized.
After m_roleEditor was set to 0, the second call dereferenced this null
pointer. I think the best solution is to disconnect from the role
editor's signals when the editor is not needed any more by the
KStandardItemListWidget.
(cherry picked from commit a9c2bdc3b53955693e716bbab58c318fe25bdc9b)

M  +10   -0    dolphin/src/kitemviews/kstandarditemlistwidget.cpp

http://commits.kde.org/kde-baseapps/a3c1c748656e0fe3c34a8bfc0c7a2cc7b17d3a1c