Bug 304764

Summary: Ark crashes when extracting a corrupted archive via "Extract archive here"
Product: [Applications] ark Reporter: Alfeno Rodrigues <alfeno>
Component: generalAssignee: Raphael Kubo da Costa <rakuco>
Status: RESOLVED FIXED    
Severity: crash CC: adaptee, hsantanna
Priority: NOR    
Version: 2.19   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
Latest Commit: Version Fixed In: 4.9.1
Sentry Crash Report:

Description Alfeno Rodrigues 2012-08-08 00:42:30 UTC
When ark exract rar archive, in the middle of the progress, the aplication crashed.

Reproducible: Always

Steps to Reproduce:
1. Downalod the archive in this issue.
2. Using dolphing application, choose -> exract -> extract archive here
3. 
Actual Results:  
the aplication  Crashed

Expected Results:  
the application extract without  crashed 

Application: ark (2.19)
KDE Platform Version: 4.9.00
Qt Version: 4.8.1
Operating System: Linux 3.2.0-27-generic x86_64
Distribution: Ubuntu 12.04 LTS

-- Information about the crash:
<In detail, tell us what you were doing  when the application crashed.>

The crash can be reproduced every time.

-- Backtrace:
Application: Ark (ark), signal: Segmentation fault
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[KCrash Handler]
#6  isSignalConnected (signal_index=2, this=0x0) at kernel/qobject_p.h:229
#7  QMetaObject::activate (sender=0x1ab54c0, m=<optimized out>, local_signal_index=0, argv=0x7fff18884580) at kernel/qobject.cpp:3456
#8  0x00007faae01ddf5f in KJob::finished (this=<optimized out>, _t1=0x1ab54c0) at ./kjob.moc:187
#9  0x00007faae01de1c5 in KJob::emitResult (this=0x1ab54c0) at ../../kdecore/jobs/kjob.cpp:316
#10 0x000000000040b909 in _start ()
Comment 1 Alfeno Rodrigues 2012-08-08 02:30:26 UTC
The archive which causes ark crashed can be download at http://www.cefontedevida.org.br/kde/15_Arquivos_Brindes.rar

The bug is caused by this file
Comment 2 Jekyll Wu 2012-08-08 02:50:21 UTC
I can reproduce the crash using that archive every time.  That rar archive seems to be corrupted and I get this when using unrar :

UNRAR 4.20 freeware      Copyright (c) 1993-2012 Alexander Roshal

Extracting from 15_Arquivos_Brindes.rar

Extracting  9-A ARTE DA GÜERRA - ilustrada.pdf                       OK 
Extracting  1-Aprender a estudar.pdf                                  OK 
Extracting  15-Simulado Português(315 questões).pdf                 OK 
Extracting  OS 100 ERROS MAIS COMUNS QUE CANDIDATOS COMETEM NOS CONCURSOS.docx  OK 
Extracting  100_erros_mais_comuns.mp3                                 OK 
Extracting  Turbine seu cérebro para passar em concursos.mp3         OK 
Extracting  12-Pegadinhas-de-concursos.pdf                            OK 
Extracting  2-Curso De Memorizacao.pdf                                OK 
Extracting  3-Mudanças.No.Alfabeto.pdf                               OK 
Extracting  4-52 Dicas para passar em Provas e Concursos.doc          OK 
Extracting  5-A_Essencia_da_Mente.pdf                                 99%
15 Arquivos Brindes/5-A_Essencia_da_Mente.pdf - CRC failed
Unexpected end of archive
Total errors: 2
Comment 3 Raphael Kubo da Costa 2012-08-08 05:55:59 UTC
A better backtrace for posterity:

#0  0x000000080462fd90 in QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> >::data (this=0x7f38300000000008) at ../../include/QtCore/../../../../qt-4.8/src/corelib/tools/qscopedpointer.h:135
#1  0x00000008047816d7 in qGetPtrHelper<QScopedPointer<QObjectData> > (p=...) at ../../include/QtCore/../../../../qt-4.8/src/corelib/global/qglobal.h:2455
#2  0x00000008047816f6 in QEventLoop::d_func (this=0x7f38300000000000) at ../../include/QtCore/../../../../qt-4.8/src/corelib/kernel/qeventloop.h:58
#3  0x00000008047815bd in QEventLoop::exit (this=0x7f38300000000000, returnCode=0) at /usr/home/rakuco/kde4/src/qt-4.8/src/corelib/kernel/qeventloop.cpp:284
#4  0x00000008047816bd in QEventLoop::quit (this=0x7f38300000000000) at /usr/home/rakuco/kde4/src/qt-4.8/src/corelib/kernel/qeventloop.cpp:327
#5  0x0000000803f0e32f in KJob::emitResult (this=0x80e0740b0) at /home/rakuco/kde4/src/kde/kdelibs/kdecore/jobs/kjob.cpp:312
#6  0x0000000000411359 in BatchExtract::slotResult (this=0x80e0740b0, job=0x80e0c9d30) at /home/rakuco/kde4/src/kdeutils/master/ark/app/batchextract.cpp:173
#7  0x0000000000412f0c in BatchExtract::qt_static_metacall (_o=0x80e0740b0, _c=<optimized out>, _id=2, _a=0x7fffffffaba0) at /home/rakuco/kde4/src/kdeutils/master/ark/build/app/batchextract.moc:59
#8  0x00000008047a1eb2 in QMetaObject::activate (sender=0x80e0c9d30, m=0x8042ffa00, local_signal_index=3, argv=0x7fffffffaba0) at /usr/home/rakuco/kde4/src/qt-4.8/src/corelib/kernel/qobject.cpp:3547
#9  0x0000000803f0e302 in KJob::result (this=<optimized out>, _t1=0x80e0c9d30) at /usr/home/rakuco/kde4/src/build/kde/kdelibs/kdecore/kjob.moc:208
#10 0x0000000803f0e345 in KJob::emitResult (this=0x80e0c9d30) at /home/rakuco/kde4/src/kde/kdelibs/kdecore/jobs/kjob.cpp:318
#11 0x000000080085d495 in Kerfuffle::Job::emitResult (this=<optimized out>) at /home/rakuco/kde4/src/kdeutils/master/ark/kerfuffle/jobs.cpp:112
#12 0x000000080085da69 in Kerfuffle::Job::onFinished (this=0x80e0c9d30, result=true) at /home/rakuco/kde4/src/kdeutils/master/ark/kerfuffle/jobs.cpp:160
#13 0x000000080085e1bf in Kerfuffle::Job::qt_static_metacall (_o=0x80e0c9d30, _c=<optimized out>, _id=10, _a=0x812c60180) at /home/rakuco/kde4/src/kdeutils/master/ark/build/kerfuffle/jobs.moc:81
#14 0x000000080479b82f in QMetaCallEvent::placeMetaCall (this=0x812c8a790, object=0x80e0c9d30) at /usr/home/rakuco/kde4/src/qt-4.8/src/corelib/kernel/qobject.cpp:525
#15 0x000000080479cab5 in QObject::event (this=0x80e0c9d30, e=0x812c8a790) at /usr/home/rakuco/kde4/src/qt-4.8/src/corelib/kernel/qobject.cpp:1195
#16 0x0000000802a6a4a4 in QApplicationPrivate::notify_helper (this=0x80c81d380, receiver=0x80e0c9d30, e=0x812c8a790) at /usr/home/rakuco/kde4/src/qt-4.8/src/gui/kernel/qapplication.cpp:4557
#17 0x0000000802a67ae0 in QApplication::notify (this=0x7fffffffb9b0, receiver=0x80e0c9d30, e=0x812c8a790) at /usr/home/rakuco/kde4/src/qt-4.8/src/gui/kernel/qapplication.cpp:3939
#18 0x00000008022f9dae in KApplication::notify (this=0x7fffffffb9b0, receiver=0x80e0c9d30, event=0x812c8a790) at /home/rakuco/kde4/src/kde/kdelibs/kdeui/kernel/kapplication.cpp:311
#19 0x0000000804783c7a in QCoreApplication::notifyInternal (this=0x7fffffffb9b0, receiver=0x80e0c9d30, event=0x812c8a790) at /usr/home/rakuco/kde4/src/qt-4.8/src/corelib/kernel/qcoreapplication.cpp:915
#20 0x0000000802a5b195 in QCoreApplication::sendEvent (receiver=0x80e0c9d30, event=0x812c8a790) at ../../include/QtCore/../../../../qt-4.8/src/corelib/kernel/qcoreapplication.h:231
#21 0x0000000804784c8e in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x80c865080) at /usr/home/rakuco/kde4/src/qt-4.8/src/corelib/kernel/qcoreapplication.cpp:1539
#22 0x00000008047848af in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at /usr/home/rakuco/kde4/src/qt-4.8/src/corelib/kernel/qcoreapplication.cpp:1432
#23 0x0000000802b35603 in QCoreApplication::sendPostedEvents () at ../../include/QtCore/../../../../qt-4.8/src/corelib/kernel/qcoreapplication.h:236
#24 0x00000008047bf7ac in postEventSourceDispatch (s=0x80c866d60) at /usr/home/rakuco/kde4/src/qt-4.8/src/corelib/kernel/qeventdispatcher_glib.cpp:279
#25 0x0000000808125fbe in g_main_context_dispatch () from /usr/local/lib/libglib-2.0.so.0
#26 0x0000000808126779 in ?? () from /usr/local/lib/libglib-2.0.so.0
#27 0x000000080812685b in g_main_context_iteration () from /usr/local/lib/libglib-2.0.so.0
#28 0x00000008047c0083 in QEventDispatcherGlib::processEvents (this=0x80c819980, flags=...) at /usr/home/rakuco/kde4/src/qt-4.8/src/corelib/kernel/qeventdispatcher_glib.cpp:424
#29 0x0000000802b4184c in QGuiEventDispatcherGlib::processEvents (this=0x80c819980, flags=...) at /usr/home/rakuco/kde4/src/qt-4.8/src/gui/kernel/qguieventdispatcher_glib.cpp:204
#30 0x00000008047811a4 in QEventLoop::processEvents (this=0x7fffffffb920, flags=...) at /usr/home/rakuco/kde4/src/qt-4.8/src/corelib/kernel/qeventloop.cpp:149
#31 0x000000080478132e in QEventLoop::exec (this=0x7fffffffb920, flags=...) at /usr/home/rakuco/kde4/src/qt-4.8/src/corelib/kernel/qeventloop.cpp:204
#32 0x00000008047842fa in QCoreApplication::exec () at /usr/home/rakuco/kde4/src/qt-4.8/src/corelib/kernel/qcoreapplication.cpp:1187
#33 0x0000000802a676ca in QApplication::exec () at /usr/home/rakuco/kde4/src/qt-4.8/src/gui/kernel/qapplication.cpp:3818
#34 0x000000000040dacd in main (argc=3, argv=0x7fffffffc590) at /home/rakuco/kde4/src/kdeutils/master/ark/app/main.cpp:209
Comment 4 Raphael Kubo da Costa 2012-08-08 06:41:28 UTC
If anyone else also wants to work on this: the problem lies in the following sequence of events:
 * CliInterface::handleLine() calls CliInterface::failOperation() when the "CRC error" line is found
 * CliInterface::failOperation() calls doKill()
 * CliInterface::doKill() calls QProcess:kill(), which ends up in CliInterface::processFinished()
 * CliInterface::processFinished() does `emit finished(true)', which ends up in BatchExtract::slotResult()
 * BatchExtract::slotResult() emits the KJob::result() signal, which later deletes the BatchExtract instance created in main.cpp
 * After CliInterface::failOperation() calls doKill(), it emits `finished(false)' itself, which also ends up in BatchExtract::slotResult(), however the class has already been destroyed.
Comment 5 Raphael Kubo da Costa 2012-08-16 07:52:44 UTC
*** Bug 304634 has been marked as a duplicate of this bug. ***
Comment 6 Raphael Kubo da Costa 2012-08-16 07:53:35 UTC
(In reply to comment #5)
> *** Bug 304634 has been marked as a duplicate of this bug. ***

Even though that bug is older, this one contains a better description of what's going on.
Comment 7 Raphael Kubo da Costa 2012-08-16 15:53:27 UTC
Git commit c7af2d6372ea2b222e1af223b3fd53cdeb1f3c2b by Raphael Kubo da Costa.
Committed on 16/08/2012 at 17:37.
Pushed by rkcosta into branch 'KDE/4.9'.

Stop emitting finished() from CliInterface::failOperation().

We were always emitting finished() twice if failOperation() was
called:
 - If it did kill the process in its doKill() call, the fact that the
   process was killed would call processFinished(), which would emit
   finished(true). failOperation() would later emit finished(false).
 - For the cases in which the process was not being killed, the
   callers in cliinterface.cpp were acting according to the following
   pattern:

       if (something failed) {
           emit error("Oops, something bad happened");
           failOperation();
           return false;
       }

   If the process wasn't killed it means it had already finished, so
   processFinished() had already been called (and consequently
   finished(true) had already been emitted), yet failOperation()
   would emit finished(false) again.

This was particularly troublesome for AddToArchive and BatchExtract,
since they rely on the KJob::result() signal to kill the
AddToArchive/BatchExtract instance and quit the application. Since
our Jobs connect to the finished() signal to call KJob::emitResult(),
the application was being deleted by the time the second finished()
signal was emitted, leading to crashes (this normally happens if you
enter a wrong password or extract a corrupted file).

Unfortunately, we still don't unit test CliInterface, so no there are
no new tests :(
Related: bug 304178
FIXED-IN: 4.9.1

M  +1    -3    kerfuffle/cliinterface.cpp

http://commits.kde.org/ark/c7af2d6372ea2b222e1af223b3fd53cdeb1f3c2b