Bug 327492

Summary: crash
Product: [Applications] umbrello Reporter: bediss <bediss.cherif>
Component: generalAssignee: Umbrello Development Group <umbrello-devel>
Status: RESOLVED UNMAINTAINED    
Severity: crash CC: ralf.habacker
Priority: NOR Keywords: drkonqi
Version: 2.11.2   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
Latest Commit: Version Fixed In:

Description bediss 2013-11-12 12:25:45 UTC 
Application: umbrello (2.11.2)
KDE Platform Version: 4.11.2
Qt Version: 4.8.4
Operating System: Linux 3.11.0-13-generic i686
Distribution: Ubuntu 13.10

-- Information about the crash:
- What I was doing when the application crashed:

Nothing special, just working on a project, using the basic graphic functions (moving etc).

-- Backtrace:
Application: Umbrello UML Modeller (umbrello), signal: Segmentation fault
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
[Current thread is 1 (Thread 0xb4ec6740 (LWP 4302))]

Thread 5 (Thread 0xb26f7b40 (LWP 4303)):
#0  __pthread_mutex_unlock_usercnt (mutex=0x899cdc8, decr=1) at pthread_mutex_unlock.c:36
#1  0xb5be3c04 in pthread_mutex_unlock (mutex=0x899cdc8) at forward.c:194
#2  0xb536cbf0 in g_mutex_unlock () from /lib/i386-linux-gnu/libglib-2.0.so.0
#3  0xb5329a4f in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
#4  0xb532a04b in g_main_loop_run () from /lib/i386-linux-gnu/libglib-2.0.so.0
#5  0xb35e632a in ?? () from /usr/lib/i386-linux-gnu/libgio-2.0.so.0
#6  0xb534fc4a in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
#7  0xb53f2d78 in start_thread (arg=0xb26f7b40) at pthread_create.c:311
#8  0xb5bd601e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:131

Thread 4 (Thread 0xb1c74b40 (LWP 4304)):
#0  0xb5be3ba7 in pthread_mutex_lock (mutex=0x89fc5e8) at forward.c:192
#1  0xb536cbb0 in g_mutex_lock () from /lib/i386-linux-gnu/libglib-2.0.so.0
#2  0xb5329a35 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
#3  0xb5329ca8 in g_main_context_iteration () from /lib/i386-linux-gnu/libglib-2.0.so.0
#4  0xb5329d2e in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
#5  0xb534fc4a in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
#6  0xb53f2d78 in start_thread (arg=0xb1c74b40) at pthread_create.c:311
#7  0xb5bd601e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:131

Thread 3 (Thread 0xaf3d6b40 (LWP 4307)):
#0  0xb5bc48df in read () at ../sysdeps/unix/syscall-template.S:81
#1  0xb536bd4e in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
#2  0xb532965b in g_main_context_check () from /lib/i386-linux-gnu/libglib-2.0.so.0
#3  0xb5329afa in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
#4  0xb5329ca8 in g_main_context_iteration () from /lib/i386-linux-gnu/libglib-2.0.so.0
#5  0xb6a398df in QEventDispatcherGlib::processEvents (this=0x8ae6a90, flags=...) at kernel/qeventdispatcher_glib.cpp:426
#6  0xb6a089f3 in QEventLoop::processEvents (this=this@entry=0xaf3d6228, flags=...) at kernel/qeventloop.cpp:149
#7  0xb6a08d19 in QEventLoop::exec (this=this@entry=0xaf3d6228, flags=...) at kernel/qeventloop.cpp:204
#8  0xb68f7e3d in QThread::exec (this=this@entry=0x8ae5e30) at thread/qthread.cpp:542
#9  0xb69e8e14 in QInotifyFileSystemWatcherEngine::run (this=0x8ae5e30) at io/qfilesystemwatcher_inotify.cpp:265
#10 0xb68fa72f in QThreadPrivate::start (arg=0x8ae5e30) at thread/qthread_unix.cpp:338
#11 0xb53f2d78 in start_thread (arg=0xaf3d6b40) at pthread_create.c:311
#12 0xb5bd601e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:131

Thread 2 (Thread 0xb12ffb40 (LWP 4324)):
#0  0xb77bd424 in __kernel_vsyscall ()
#1  0xb5be94d2 in clock_gettime (clock_id=1, tp=0xb12fefc8) at ../sysdeps/unix/clock_gettime.c:115
#2  0xb69553ec in do_gettime (frac=0xb12fefc0, sec=0xb12fefb8) at tools/qelapsedtimer_unix.cpp:123
#3  qt_gettime () at tools/qelapsedtimer_unix.cpp:140
#4  0xb6a3afd2 in updateCurrentTime (this=0xb090268c) at kernel/qeventdispatcher_unix.cpp:354
#5  QTimerInfoList::timerWait (this=0xb090268c, tm=...) at kernel/qeventdispatcher_unix.cpp:461
#6  0xb6a3967b in timerSourcePrepareHelper (src=<optimized out>, timeout=0xb12ff0bc) at kernel/qeventdispatcher_glib.cpp:136
#7  0xb6a3970d in timerSourcePrepare (source=0xb0902658, timeout=0xb12ff0bc) at kernel/qeventdispatcher_glib.cpp:169
#8  0xb5329143 in g_main_context_prepare () from /lib/i386-linux-gnu/libglib-2.0.so.0
#9  0xb5329a5f in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
#10 0xb5329ca8 in g_main_context_iteration () from /lib/i386-linux-gnu/libglib-2.0.so.0
#11 0xb6a398df in QEventDispatcherGlib::processEvents (this=0xb0900cd8, flags=...) at kernel/qeventdispatcher_glib.cpp:426
#12 0xb6a089f3 in QEventLoop::processEvents (this=this@entry=0xb12ff228, flags=...) at kernel/qeventloop.cpp:149
#13 0xb6a08d19 in QEventLoop::exec (this=this@entry=0xb12ff228, flags=...) at kernel/qeventloop.cpp:204
#14 0xb68f7e3d in QThread::exec (this=this@entry=0x91996d8) at thread/qthread.cpp:542
#15 0xb69e8e14 in QInotifyFileSystemWatcherEngine::run (this=0x91996d8) at io/qfilesystemwatcher_inotify.cpp:265
#16 0xb68fa72f in QThreadPrivate::start (arg=0x91996d8) at thread/qthread_unix.cpp:338
#17 0xb53f2d78 in start_thread (arg=0xb12ffb40) at pthread_create.c:311
#18 0xb5bd601e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:131

Thread 1 (Thread 0xb4ec6740 (LWP 4302)):
[KCrash Handler]
#7  0xb65aeb87 in QGraphicsSceneMouseEvent::button (this=this@entry=0x9024170) at graphicsview/qgraphicssceneevent.cpp:595
#8  0x082bda3d in AssociationWidget::mousePressEvent (this=0x93a92b8, me=0x9024170) at ../../umbrello/widgets/associationwidget.cpp:2827
#9  0x08374305 in ToolBarStateArrow::mousePressAssociation (this=0x8d3bbf0) at ../../umbrello/toolbarstatearrow.cpp:55
#10 0x08373ab2 in ToolBarState::mousePress (this=0x8d3bbf0, ome=0xbfc71e10) at ../../umbrello/toolbarstate.cpp:95
#11 0x083d8765 in UMLScene::mousePressEvent (this=0x8d3b548, event=0xbfc71e10) at ../../umbrello/umlscene.cpp:828
#12 0xb65a4f4f in QGraphicsScene::event (this=0x8d3b548, event=0xbfc71e10) at graphicsview/qgraphicsscene.cpp:3455
#13 0xb5f1b744 in QApplicationPrivate::notify_helper (this=0x88deef0, receiver=0x8d3b548, e=0xbfc71e10) at kernel/qapplication.cpp:4567
#14 0xb5f22223 in QApplication::notify (this=0xbfc728f4, receiver=receiver@entry=0x8d3b548, e=e@entry=0xbfc71e10) at kernel/qapplication.cpp:4353
#15 0xb7054ff4 in KApplication::notify (this=0xbfc728f4, receiver=0x8d3b548, event=0xbfc71e10) at ../../kdeui/kernel/kapplication.cpp:311
#16 0xb6a09eda in QCoreApplication::notifyInternal (this=0xbfc728f4, receiver=receiver@entry=0x8d3b548, event=event@entry=0xbfc71e10) at kernel/qcoreapplication.cpp:946
#17 0xb5f19bcd in sendSpontaneousEvent (event=0xbfc71e10, receiver=0x8d3b548) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:234
#18 qt_sendSpontaneousEvent (receiver=0x8d3b548, event=event@entry=0xbfc71e10) at kernel/qapplication.cpp:5565
#19 0xb65be6e5 in QGraphicsView::mousePressEvent (this=0x8d39f38, event=0xbfc72304) at graphicsview/qgraphicsview.cpp:3164
#20 0xb5f74f93 in QWidget::event (this=this@entry=0x8d39f38, event=event@entry=0xbfc72304) at kernel/qwidget.cpp:8371
#21 0xb6379fcc in QFrame::event (this=this@entry=0x8d39f38, e=e@entry=0xbfc72304) at widgets/qframe.cpp:557
#22 0xb6408318 in QAbstractScrollArea::viewportEvent (this=this@entry=0x8d39f38, e=e@entry=0xbfc72304) at widgets/qabstractscrollarea.cpp:1043
#23 0xb65bf627 in QGraphicsView::viewportEvent (this=<optimized out>, event=<optimized out>) at graphicsview/qgraphicsview.cpp:2866
#24 0xb6408596 in viewportEvent (event=0xbfc72304, this=<optimized out>) at widgets/qabstractscrollarea_p.h:100
#25 QAbstractScrollAreaFilter::eventFilter (this=0x8b1dd50, o=0x8d3b320, e=0xbfc72304) at widgets/qabstractscrollarea_p.h:116
#26 0xb6a0a04e in QCoreApplicationPrivate::sendThroughObjectEventFilters (this=this@entry=0x88deef0, receiver=receiver@entry=0x8d3b320, event=event@entry=0xbfc72304) at kernel/qcoreapplication.cpp:1056
#27 0xb5f1b721 in QApplicationPrivate::notify_helper (this=0x88deef0, receiver=receiver@entry=0x8d3b320, e=0xbfc72304) at kernel/qapplication.cpp:4563
#28 0xb5f23df8 in QApplication::notify (this=0xbfc728f4, receiver=receiver@entry=0x8d3b320, e=e@entry=0xbfc72304) at kernel/qapplication.cpp:4110
#29 0xb7054ff4 in KApplication::notify (this=0xbfc728f4, receiver=0x8d3b320, event=0xbfc72304) at ../../kdeui/kernel/kapplication.cpp:311
#30 0xb6a09eda in QCoreApplication::notifyInternal (this=0xbfc728f4, receiver=receiver@entry=0x8d3b320, event=event@entry=0xbfc72304) at kernel/qcoreapplication.cpp:946
#31 0xb5f21aa3 in sendEvent (event=<optimized out>, receiver=<optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:231
#32 QApplicationPrivate::sendMouseEvent (receiver=receiver@entry=0x8d3b320, event=0xbfc72304, alienWidget=0x0, nativeWidget=0x8d3b320, buttonDown=buttonDown@entry=0xb6890cc4 <qt_button_down>, lastMouseReceiver=..., spontaneous=spontaneous@entry=true) at kernel/qapplication.cpp:3178
#33 0xb5fa54e8 in QETWidget::translateMouseEvent (this=0x8d3b320, event=event@entry=0xbfc7252c) at kernel/qapplication_x11.cpp:4631
#34 0xb5fa4c05 in QApplication::x11ProcessEvent (this=0xbfc728f4, event=event@entry=0xbfc7252c) at kernel/qapplication_x11.cpp:3624
#35 0xb5fd0274 in x11EventSourceDispatch (s=0x88deff0, callback=0x0, user_data=0x0) at kernel/qguieventdispatcher_glib.cpp:146
#36 0xb532983e in g_main_context_dispatch () from /lib/i386-linux-gnu/libglib-2.0.so.0
#37 0xb5329be8 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
#38 0xb5329ca8 in g_main_context_iteration () from /lib/i386-linux-gnu/libglib-2.0.so.0
#39 0xb6a398bf in QEventDispatcherGlib::processEvents (this=this@entry=0x88b8ed0, flags=...) at kernel/qeventdispatcher_glib.cpp:424
#40 0xb5fd032e in QGuiEventDispatcherGlib::processEvents (this=0x88b8ed0, flags=...) at kernel/qguieventdispatcher_glib.cpp:204
#41 0xb6a089f3 in QEventLoop::processEvents (this=this@entry=0xbfc727e8, flags=...) at kernel/qeventloop.cpp:149
#42 0xb6a08d19 in QEventLoop::exec (this=this@entry=0xbfc727e8, flags=...) at kernel/qeventloop.cpp:204
#43 0xb6a0e89e in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1218
#44 0xb5f19974 in QApplication::exec () at kernel/qapplication.cpp:3828
#45 0x08076cb5 in main (argc=1, argv=0xbfc729d4) at ../../umbrello/main.cpp:111

Reported using DrKonqi
Comment 1 Ralf Habacker 2013-11-12 22:22:16 UTC 
The crash happens probably on access to the QGraphicsSceneMouseEvent instance d-pointer.
Comment 2 Ralf Habacker 2014-04-29 15:11:57 UTC 
(In reply to comment #1)
> The crash happens probably on access to the QGraphicsSceneMouseEvent
> instance d-pointer.
Looks like that the d-pointer has been overwritten by a memory corruption problem somewhere else because:

The memory area to which the d-Pointer points, seems partially be invalid or corrupted,  because the event modifiers has been accessed without any problem in line 2824 

2824    if( me->modifiers() != Qt::ShiftModifier )

Qt::KeyboardModifiers QGraphicsSceneMouseEvent::modifiers() const
{
    Q_D(const QGraphicsSceneMouseEvent);
    return d->modifiers;
}

and then the crash happens at line 2827 

2827    if(me->button() == Qt::LeftButton && me->modifiers() && Qt::ControlModifier) {

Qt::MouseButton QGraphicsSceneMouseEvent::button() const
{
    Q_D(const QGraphicsSceneMouseEvent);
    return d->button;
}

According to 

class QGraphicsSceneMouseEventPrivate : public QGraphicsSceneEventPrivate
{
...   
    QPointF pos;
    QPointF scenePos;
    QPoint screenPos;
    QPointF lastPos;
    QPointF lastScenePos;
    QPoint lastScreenPos;
    QMap<Qt::MouseButton, QPointF> buttonDownPos;
    QMap<Qt::MouseButton, QPointF> buttonDownScenePos;
    QMap<Qt::MouseButton, QPoint> buttonDownScreenPos;
    Qt::MouseButton button;
    Qt::MouseButtons buttons;
    Qt::KeyboardModifiers modifiers;
};

is the modifiers class member located at the end of the private event data and the button member before. Crashing on access of the button member indicates that the d-pointer points to a location not owned by the current process. 



From the backtrace it can also be determined, that the crash happened on a left mouse click on an association.
Comment 3 Ralf Habacker 2014-12-02 01:34:28 UTC 
(In reply to Ralf Habacker from comment #2)
> From the backtrace it can also be determined, that the crash happened on a
> left mouse click on an association.
The version for which this bug is reported is unmaintained. If this bug persists on newer versions feel free to reopen this bug. It would be nice to have a testcase appended