| Summary: | Crash after closing "DCC status" tab | ||
|---|---|---|---|
| Product: | [Applications] konversation | Reporter: | Lisa <syn.shainer> |
| Component: | dcc | Assignee: | Bernd Buschinski <b.buschinski> |
| Status: | RESOLVED FIXED | ||
| Severity: | crash | CC: | 0inkane, konversation-devel |
| Priority: | NOR | ||
| Version: | 1.6 | ||
| Target Milestone: | --- | ||
| Platform: | Chakra | ||
| OS: | Linux | ||
| Latest Commit: | http://commits.kde.org/konversation/6130f4f0501f4e9db56619317f07e2f637160505 | Version Fixed In: | |
| Sentry Crash Report: | |||
| Attachments: |
Backtrace
Quick patch to circumvent crashes |
||
|
Description
Lisa
2016-03-13 19:19:41 UTC
Created attachment 97952 [details]
Backtrace
The above backtrace was captured when the bug occurred. The issue is that m_popupViewIndex is 2, but m_tabWidget->count() is 1. Therefore,
ChatWindow* view = static_cast<ChatWindow*>(m_tabWidget->widget(index));
will return a nullptr. The nullptr is then dereferenced in
if (view->isTopLevelView() && index > 0)
leading to a segfault.
Created attachment 98777 [details]
Quick patch to circumvent crashes
The discrepancy originates at one of the calls to removeTab (likely the one inside closeDccPanel) and m_popupViewIndex is never updated, so it becomes out of bounds.
I attached a patch that works both as a quick fix for this crash and as a "safe default" in the general case: canMoveView{Left,Right} detect the invalid pointer and return "false", causing the view to shift to the first tab in the list rather than to the adjacent one. A minor annoyance compared to the crash.
It is not the "proper" fix to this issue though, so I'll leave to the owners the decision on what to do with it.
Git commit 6130f4f0501f4e9db56619317f07e2f637160505 by Eike Hein. Committed on 09/05/2016 at 08:42. Pushed by hein into branch '1.6'. Don't crash when closing the DCC Status tab. M +8 -1 src/viewer/viewcontainer.cpp http://commits.kde.org/konversation/6130f4f0501f4e9db56619317f07e2f637160505 |