Bug 369935

Summary: Crash when trying to install plasmoid file by dropping it onto a panel
Product: [Frameworks and Libraries] frameworks-kpackage Reporter: Kai Uwe Broulik <kde>
Component: defaultAssignee: Marco Martin <notmart>
Status: RESOLVED FIXED    
Severity: crash    
Priority: NOR    
Version: 5.24.0   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: http://commits.kde.org/kpackage/cfb69e21fb0aad92f403487b4c8a75b2b0bc8041 Version Fixed In:
Sentry Crash Report:

Description Kai Uwe Broulik 2016-10-04 19:26:02 UTC 
When I drop a .plasmoid file onto a plasma panel to install it (tried various files, also the one in ~/plasma-framework/autotests/signed.plasmoid plasmashell crashes:

Prior to that it prints on console
KIO::MimetypeJob(0x31faac0) This is overkill.

Thread 11 (Thread 0x7fff20a47700 (LWP 16491)):                                          
#0  pthread_cond_timedwait@@GLIBC_2.3.2 ()                                              
    at ../sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:225                   
#1  0x00007ffff2daa986 in QWaitCondition::wait(QMutex*, unsigned long) ()               
   from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5                                       
#2  0x00007ffff2da623a in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5          
#3  0x00007ffff2da9b98 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5          
#4  0x00007ffff1e8d6fa in start_thread (arg=0x7fff20a47700) at pthread_create.c:333     
#5  0x00007ffff26b6b5d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109     
                                                                                        
Thread 10 (Thread 0x7fff21c10700 (LWP 16489)):                                          
#0  pthread_cond_wait@@GLIBC_2.3.2 ()                                                   
    at ../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185                        
#1  0x00007ffff2daaa4b in QWaitCondition::wait(QMutex*, unsigned long) ()               
   from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5                                       
#2  0x00007ffff6040eed in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5         
#3  0x00007ffff60417c5 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5         
#4  0x00007ffff2da9b98 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5          
#5  0x00007ffff1e8d6fa in start_thread (arg=0x7fff21c10700) at pthread_create.c:333     
#6  0x00007ffff26b6b5d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109     
                                                                                        
Thread 9 (Thread 0x7fff30233700 (LWP 16488)):                                           
#0  0x00007ffff26aae8d in poll () at ../sysdeps/unix/syscall-template.S:84              
#1  0x00007fffee2ab39c in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0             
#2  0x00007fffee2ab4ac in g_main_context_iteration ()                                   
   from /lib/x86_64-linux-gnu/libglib-2.0.so.0                                          
#3  0x00007ffff2fd521f in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5                          
#4  0x00007ffff2f7fcea in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) ()
   from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#5  0x00007ffff2da4fb4 in QThread::exec() ()
   from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#6  0x00007fff32711587 in KCupsConnection::run() ()
   from /usr/lib/x86_64-linux-gnu/libkcupslib.so
#7  0x00007ffff2da9b98 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#8  0x00007ffff1e8d6fa in start_thread (arg=0x7fff30233700) at pthread_create.c:333
#9  0x00007ffff26b6b5d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 8 (Thread 0x7fff429e6700 (LWP 16487)):
#0  pthread_cond_wait@@GLIBC_2.3.2 ()
    at ../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
#1  0x00007ffff2daaa4b in QWaitCondition::wait(QMutex*, unsigned long) ()
   from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#2  0x00007ffff6040eed in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5
#3  0x00007ffff60417c5 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5
---Type <return> to continue, or q <return> to quit---
#4  0x00007ffff2da9b98 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#5  0x00007ffff1e8d6fa in start_thread (arg=0x7fff429e6700) at pthread_create.c:333
#6  0x00007ffff26b6b5d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 7 (Thread 0x7fff431e7700 (LWP 16486)):
#0  0x00007ffff26aae8d in poll () at ../sysdeps/unix/syscall-template.S:84
#1  0x00007fffee2ab39c in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007fffee2ab4ac in g_main_context_iteration ()
   from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007ffff2fd523b in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#4  0x00007ffff2f7fcea in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) ()
   from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#5  0x00007ffff2da4fb4 in QThread::exec() ()
   from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#6  0x00007ffff5fd1aa6 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5
#7  0x00007ffff2da9b98 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#8  0x00007ffff1e8d6fa in start_thread (arg=0x7fff431e7700) at pthread_create.c:333
#9  0x00007ffff26b6b5d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 6 (Thread 0x7fffcffff700 (LWP 16485)):
#0  pthread_cond_wait@@GLIBC_2.3.2 ()
    at ../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
#1  0x00007ffff78565c4 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Script.so.5
#2  0x00007ffff7856609 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Script.so.5
#3  0x00007ffff1e8d6fa in start_thread (arg=0x7fffcffff700) at pthread_create.c:333
#4  0x00007ffff26b6b5d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 5 (Thread 0x7fffda1ca700 (LWP 16484)):
#0  0x00007ffff26aae8d in poll () at ../sysdeps/unix/syscall-template.S:84
#1  0x00007fffee2ab39c in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007fffee2ab4ac in g_main_context_iteration ()
   from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007ffff2fd521f in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#4  0x00007ffff2f7fcea in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) ()
   from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#5  0x00007ffff2da4fb4 in QThread::exec() ()
   from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#6  0x00007ffff5641675 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5
#7  0x00007ffff2da9b98 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#8  0x00007ffff1e8d6fa in start_thread (arg=0x7fffda1ca700) at pthread_create.c:333
#9  0x00007ffff26b6b5d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 4 (Thread 0x7fffdbfff700 (LWP 16483)):
#0  0x00007ffff26aae8d in poll () at ../sysdeps/unix/syscall-template.S:84
---Type <return> to continue, or q <return> to quit---
#1  0x00007fffee2ab39c in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007fffee2ab4ac in g_main_context_iteration ()
   from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007ffff2fd521f in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#4  0x00007ffff2f7fcea in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) ()
   from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#5  0x00007ffff2da4fb4 in QThread::exec() ()
   from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#6  0x00007ffff5641675 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5
#7  0x00007ffff2da9b98 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#8  0x00007ffff1e8d6fa in start_thread (arg=0x7fffdbfff700) at pthread_create.c:333
#9  0x00007ffff26b6b5d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 3 (Thread 0x7fffe1a93700 (LWP 16482)):
#0  0x00007ffff26aae8d in poll () at ../sysdeps/unix/syscall-template.S:84
#1  0x00007fffee2ab39c in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007fffee2ab4ac in g_main_context_iteration ()
   from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007ffff2fd523b in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#4  0x00007ffff2f7fcea in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) ()
   from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#5  0x00007ffff2da4fb4 in QThread::exec() ()
   from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#6  0x00007ffff7f3f7a5 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5DBus.so.5
#7  0x00007ffff2da9b98 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#8  0x00007ffff1e8d6fa in start_thread (arg=0x7fffe1a93700) at pthread_create.c:333
#9  0x00007ffff26b6b5d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 2 (Thread 0x7fffe32f8700 (LWP 16481)):
#0  0x00007ffff26aae8d in poll () at ../sysdeps/unix/syscall-template.S:84
#1  0x00007ffff67cec62 in poll (__timeout=-1, __nfds=1, __fds=0x7fffe32f7c00)
    at /usr/include/x86_64-linux-gnu/bits/poll2.h:46
#2  _xcb_conn_wait (c=c@entry=0x714db0, cond=cond@entry=0x714df0, 
    vector=vector@entry=0x0, count=count@entry=0x0) at ../../src/xcb_conn.c:459
#3  0x00007ffff67d08d7 in xcb_wait_for_event (c=0x714db0) at ../../src/xcb_in.c:693
#4  0x00007fffe564ba39 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5
#5  0x00007ffff2da9b98 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#6  0x00007ffff1e8d6fa in start_thread (arg=0x7fffe32f8700) at pthread_create.c:333
#7  0x00007ffff26b6b5d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 1 (Thread 0x7ffff7e048c0 (LWP 16477)):
#0  malloc_consolidate (av=av@entry=0x7ffff2973b20 <main_arena>) at malloc.c:4168
#1  0x00007ffff263155e in _int_malloc (av=av@entry=0x7ffff2973b20 <main_arena>, 
    bytes=bytes@entry=4096) at malloc.c:3451
---Type <return> to continue, or q <return> to quit---
#2  0x00007ffff26335a4 in __GI___libc_malloc (bytes=4096) at malloc.c:2914
#3  0x00007ffff25f588f in __realpath (
    name=0x4924ba8 "/home/kaiuwe/.local/share/plasma/plasmoids/org.kde.plasma.simpified-javascript-http-example", resolved=0x0) at canonicalize.c:78
#4  0x00007ffff2f1083c in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#5  0x00007ffff2e96753 in QDir::canonicalPath() const ()
   from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#6  0x00007ffff5ca3b90 in KPackage::Package::setPath(QString const&) ()
   from /usr/lib/x86_64-linux-gnu/libKF5Package.so.5
#7  0x00007ffff5cb5114 in KPackage::PackageJob::PackageJob(KPackage::Package*, QObject*)::{lambda(QString const&)#1}::operator()(QString const&) const ()
   from /usr/lib/x86_64-linux-gnu/libKF5Package.so.5
#8  0x00007ffff5cb593b in QtPrivate::FunctorCall<QtPrivate::IndexesList<0>, QtPrivate::List<QString const&>, void, KPackage::PackageJob::PackageJob(KPackage::Package*, QObject*)::{lambda(QString const&)#1}>::call({lambda(QString const&)#1}&, void**) ()
   from /usr/lib/x86_64-linux-gnu/libKF5Package.so.5
#9  0x00007ffff5cb58ff in void QtPrivate::Functor<KPackage::PackageJob::PackageJob(KPackage::Package*, QObject*)::{lambda(QString const&)#1}, 1>::call<QtPrivate::List<QString const&>, void>({lambda(QString const&)#1}&, void*, {lambda(QString const&)#1}&*) ()
   from /usr/lib/x86_64-linux-gnu/libKF5Package.so.5
#10 0x00007ffff5cb58c4 in QtPrivate::QFunctorSlotObject<KPackage::PackageJob::PackageJob(KPackage::Package*, QObject*)::{lambda(QString const&)#1}, 1, QtPrivate::List<QString const&>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) ()
   from /usr/lib/x86_64-linux-gnu/libKF5Package.so.5
#11 0x00007ffff2fada19 in QObject::event(QEvent*) ()
   from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#12 0x00007ffff386d89c in QApplicationPrivate::notify_helper(QObject*, QEvent*) ()
   from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#13 0x00007ffff3875296 in QApplication::notify(QObject*, QEvent*) ()
   from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#14 0x00007ffff2f81cf8 in QCoreApplication::notifyInternal2(QObject*, QEvent*) ()
   from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#15 0x00007ffff2f843bb in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#16 0x00007ffff2fd4e13 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#17 0x00007fffee2ab1a7 in g_main_context_dispatch ()
   from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#18 0x00007fffee2ab400 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#19 0x00007fffee2ab4ac in g_main_context_iteration ()
   from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#20 0x00007ffff2fd521f in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#21 0x00007ffff2f7fcea in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) ()
   from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#22 0x00007ffff2f882fc in QCoreApplication::exec() ()
   from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
---Type <return> to continue, or q <return> to quit---
#23 0x000000000042151b in main ()


Reproducible: Always
Comment 1 Kai Uwe Broulik 2016-10-04 19:43:29 UTC 
The same exact thing also happens when I use the "Get new widgets" button in Widget Explorer and choose "install from file". It crashes right when I click on the file, I don't even need to finish the dialog.
Comment 2 David Edmundson 2016-10-16 12:13:16 UTC 
Git commit cfb69e21fb0aad92f403487b4c8a75b2b0bc8041 by David Edmundson.
Committed on 16/10/2016 at 12:13.
Pushed by davidedmundson into branch 'master'.

Fix dangling pointer in KPackageJob

A KPackage::Package object uses qexplicitlyshareddata, and it designed
to be kept on the stack and copied. However, PackageJob takes a pointer
to a package, which it later updates, which is expected to exist for the
lifecycle of the job.

This means

Package p = PackageLoader::self()->loadPackage(..);
p.install();

will crash.

Given that, I don't think this is an application error, and but a
library bug.

Both plasmashell installation and uninstallation have this problem:
Related: bug 370718

As Package is not a QObject we can't just use a QWeakPointer, and
we can't just copy the Package in the packagejob as we need to detatch
and update the \*original\* KPackage instance. Also to match behaviour
we need to do this without changing any other
KPackage instances sharing the same shareddata.

Not a neat fix at all, but there aren't many options that work
without breaking API or behaviour.

REVIEW: 129187

M  +31   -1    autotests/plasmoidpackagetest.cpp
M  +1    -0    autotests/plasmoidpackagetest.h
M  +9    -0    src/kpackage/package.cpp
M  +20   -0    src/kpackage/private/package_p.h
M  +12   -1    src/kpackage/private/packagejob.cpp

http://commits.kde.org/kpackage/cfb69e21fb0aad92f403487b4c8a75b2b0bc8041