Summary: | Dolphin crashes when hiding device from device tab | ||
---|---|---|---|
Product: | [Applications] dolphin | Reporter: | Dennis Irrgang <me> |
Component: | general | Assignee: | David Hallas <david> |
Status: | RESOLVED FIXED | ||
Severity: | crash | CC: | david, elvis.angelaccio, fierralin, lukibartl, nate |
Priority: | NOR | Keywords: | drkonqi |
Version: | 18.12.0 | ||
Target Milestone: | --- | ||
Platform: | openSUSE | ||
OS: | Linux | ||
Latest Commit: | https://commits.kde.org/dolphin/78540e49213ed1a03687d55063816659c9142eba | Version Fixed In: | 19.08.0 |
Attachments: | New crash information added by DrKonqi |
Description
Dennis Irrgang
2019-01-10 10:54:02 UTC
Can you reproduce the crash every time? (In reply to Elvis Angelaccio from comment #1) > Can you reproduce the crash every time? I tried un-hiding and re-hiding the devices a bunch of times, but couldn't reproduce the crash unfortunately. Though I'm running a new version of Dolphin now, so take it with a grain of salt. Ok. If you manage to reproduce it, please provide a valgrind log as described here: https://community.kde.org/Dolphin/FAQ/Crashes Created attachment 118989 [details]
New crash information added by DrKonqi
dolphin (18.12.2) using Qt 5.11.3
- What I was doing when the application crashed:
I hided an encrypted device in dolphin. I can reproduce the bug sometimes.
-- Backtrace (Reduced):
#10 0x00007f7dd296fc3e in KItemModelBase::itemsChanged(KItemRangeList const&, QSet<QByteArray> const&) () from /lib64/libdolphinprivate.so.5
#11 0x00007f7dd291c97b in KStandardItem::setDataValue(QByteArray const&, QVariant const&) () from /lib64/libdolphinprivate.so.5
[...]
#14 0x00007f7dd06ca1c3 in QtPrivate::QSlotObjectBase::call (a=0x7fff8af7f490, r=0x5624cdeee170, this=0x5624ce657420) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:376
[...]
#16 0x00007f7dd296ee8a in KItemListController::itemContextMenuRequested(int, QPointF const&) () from /lib64/libdolphinprivate.so.5
#17 0x00007f7dd2902791 in KItemListController::mousePressEvent(QGraphicsSceneMouseEvent*, QTransform const&) () from /lib64/libdolphinprivate.so.5
I can reproduce the crash if I do the following: 1. Right click a device in the places panel and select hide 2. Right click the places panel and select show hidden 3. Right click the hidden device and select show 4. Right click the same device and select hide This is the output I get from address sanitizer: ================================================================= ==10758==ERROR: AddressSanitizer: heap-use-after-free on address 0x60d000661db8 at pc 0x7f11e094c809 bp 0x7fffc2009310 sp 0x7fffc2009300 READ of size 8 at 0x60d000661db8 thread T0 #0 0x7f11e094c808 in KStandardItem::setDataValue(QByteArray const&, QVariant const&) ../src/kitemviews/kstandarditem.cpp:118 #1 0x7f11e222b1a8 in PlacesItem::setHidden(bool) ../src/panels/places/placesitem.cpp:96 #2 0x7f11e221cb94 in PlacesPanel::slotItemContextMenuRequested(int, QPointF const&) ../src/panels/places/placespanel.cpp:260 #3 0x7f11e222905a in QtPrivate::FunctorCall<QtPrivate::IndexesList<0, 1>, QtPrivate::List<int, QPointF const&>, void, void (PlacesPanel::*)(int, QPointF const&)>::call(void (PlacesPanel::*)(int, QPointF const&), PlacesPanel*, void**) /usr/include/qt5/QtCore/qobjectdefs_impl.h:134 #4 0x7f11e2228621 in void QtPrivate::FunctionPointer<void (PlacesPanel::*)(int, QPointF const&)>::call<QtPrivate::List<int, QPointF const&>, void>(void (PlacesPanel::*)(int, QPointF const&), PlacesPanel*, void**) /usr/include/qt5/QtCore/qobjectdefs_impl.h:167 #5 0x7f11e222769b in QtPrivate::QSlotObject<void (PlacesPanel::*)(int, QPointF const&), QtPrivate::List<int, QPointF const&>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) /usr/include/qt5/QtCore/qobjectdefs_impl.h:396 #6 0x7f11d919c96e in QMetaObject::activate(QObject*, int, int, void**) (/usr/lib64/libQt5Core.so.5+0x26796e) #7 0x7f11e0a73a39 in KItemListController::itemContextMenuRequested(int, QPointF const&) src/dolphinprivate_autogen/Z3MQH7AOBD/moc_kitemlistcontroller.cpp:449 #8 0x7f11e08d7199 in KItemListController::mousePressEvent(QGraphicsSceneMouseEvent*, QTransform const&) ../src/kitemviews/kitemlistcontroller.cpp:624 #9 0x7f11e08dc2c4 in KItemListController::processEvent(QEvent*, QTransform const&) ../src/kitemviews/kitemlistcontroller.cpp:1038 #10 0x7f11e08fbaf1 in KItemListView::event(QEvent*) ../src/kitemviews/kitemlistview.cpp:923 #11 0x7f11da2f9d8b in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/usr/lib64/libQt5Widgets.so.5+0x15ad8b) #12 0x7f11da30134e in QApplication::notify(QObject*, QEvent*) (/usr/lib64/libQt5Widgets.so.5+0x16234e) #13 0x7f11d91753a0 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (/usr/lib64/libQt5Core.so.5+0x2403a0) #14 0x7f11da5ff8c2 (/usr/lib64/libQt5Widgets.so.5+0x4608c2) #15 0x7f11da5ffcb1 (/usr/lib64/libQt5Widgets.so.5+0x460cb1) #16 0x7f11da607cea (/usr/lib64/libQt5Widgets.so.5+0x468cea) #17 0x7f11da607f28 in QGraphicsScene::mousePressEvent(QGraphicsSceneMouseEvent*) (/usr/lib64/libQt5Widgets.so.5+0x468f28) #18 0x7f11da60f1cf in QGraphicsScene::event(QEvent*) (/usr/lib64/libQt5Widgets.so.5+0x4701cf) #19 0x7f11da2f9d8b in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/usr/lib64/libQt5Widgets.so.5+0x15ad8b) #20 0x7f11da30134e in QApplication::notify(QObject*, QEvent*) (/usr/lib64/libQt5Widgets.so.5+0x16234e) #21 0x7f11d91753a0 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (/usr/lib64/libQt5Core.so.5+0x2403a0) #22 0x7f11da62bda3 in QGraphicsView::mousePressEvent(QMouseEvent*) (/usr/lib64/libQt5Widgets.so.5+0x48cda3) #23 0x7f11da33941e in QWidget::event(QEvent*) (/usr/lib64/libQt5Widgets.so.5+0x19a41e) #24 0x7f11da3dab3d in QFrame::event(QEvent*) (/usr/lib64/libQt5Widgets.so.5+0x23bb3d) #25 0x7f11da62d04a in QGraphicsView::viewportEvent(QEvent*) (/usr/lib64/libQt5Widgets.so.5+0x48e04a) #26 0x7f11d91751ed in QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) (/usr/lib64/libQt5Core.so.5+0x2401ed) #27 0x7f11da2f9d64 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/usr/lib64/libQt5Widgets.so.5+0x15ad64) #28 0x7f11da301ee6 in QApplication::notify(QObject*, QEvent*) (/usr/lib64/libQt5Widgets.so.5+0x162ee6) #29 0x7f11d91753a0 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (/usr/lib64/libQt5Core.so.5+0x2403a0) #30 0x7f11da300831 in QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool) (/usr/lib64/libQt5Widgets.so.5+0x161831) #31 0x7f11da353ac2 (/usr/lib64/libQt5Widgets.so.5+0x1b4ac2) #32 0x7f11da356088 (/usr/lib64/libQt5Widgets.so.5+0x1b7088) #33 0x7f11da2f9d8b in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/usr/lib64/libQt5Widgets.so.5+0x15ad8b) #34 0x7f11da30134e in QApplication::notify(QObject*, QEvent*) (/usr/lib64/libQt5Widgets.so.5+0x16234e) #35 0x7f11d91753a0 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (/usr/lib64/libQt5Core.so.5+0x2403a0) #36 0x7f11d9bbbf02 in QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*) (/usr/lib64/libQt5Gui.so.5+0xfbf02) #37 0x7f11d9bbdc34 in QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) (/usr/lib64/libQt5Gui.so.5+0xfdc34) #38 0x7f11d9b98dba in QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib64/libQt5Gui.so.5+0xd8dba) #39 0x7f11c8aad74a (/usr/lib64/libQt5XcbQpa.so.5+0xcc74a) #40 0x7f11d9174372 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib64/libQt5Core.so.5+0x23f372) #41 0x7f11d917c1a1 in QCoreApplication::exec() (/usr/lib64/libQt5Core.so.5+0x2471a1) #42 0x7f11e218859a in kdemain ../src/main.cpp:168 #43 0x56181eb18956 in main src/dolphin_dummy.cpp:3 #44 0x7f11e13baae6 in __libc_start_main ../csu/libc-start.c:308 #45 0x56181eb18859 in _start (/home/dha/workspace/kde/install/bin/dolphin+0x859) 0x60d000661db8 is located 24 bytes inside of 136-byte region [0x60d000661da0,0x60d000661e28) freed by thread T0 here: #0 0x7f11e26d2c30 in operator delete(void*) /var/tmp/portage/sys-devel/gcc-8.2.0-r6/work/gcc-8.2.0/libsanitizer/asan/asan_new_delete.cc:135 #1 0x7f11e222a1d3 in PlacesItem::~PlacesItem() ../src/panels/places/placesitem.cpp:51 #2 0x7f11e096eefd in KStandardItemModel::removeItem(int) ../src/kitemviews/kstandarditemmodel.cpp:115 #3 0x7f11e223eea5 in PlacesItemModel::onSourceModelDataChanged(QModelIndex const&, QModelIndex const&, QVector<int> const&) ../src/panels/places/placesitemmodel.cpp:569 #4 0x7f11e2250ff1 in QtPrivate::FunctorCall<QtPrivate::IndexesList<0, 1, 2>, QtPrivate::List<QModelIndex const&, QModelIndex const&, QVector<int> const&>, void, void (PlacesItemModel::*)(QModelIndex const&, QModelIndex const&, QVector<int> const&)>::call(void (PlacesItemModel::*)(QModelIndex const&, QModelIndex const&, QVector<int> const&), PlacesItemModel*, void**) (/home/dha/workspace/kde/install/lib64/libkdeinit5_dolphin.so+0x147ff1) #5 0x7f11e224fb9d in void QtPrivate::FunctionPointer<void (PlacesItemModel::*)(QModelIndex const&, QModelIndex const&, QVector<int> const&)>::call<QtPrivate::List<QModelIndex const&, QModelIndex const&, QVector<int> const&>, void>(void (PlacesItemModel::*)(QModelIndex const&, QModelIndex const&, QVector<int> const&), PlacesItemModel*, void**) (/home/dha/workspace/kde/install/lib64/libkdeinit5_dolphin.so+0x146b9d) #6 0x7f11e224b6fd in QtPrivate::QSlotObject<void (PlacesItemModel::*)(QModelIndex const&, QModelIndex const&, QVector<int> const&), QtPrivate::List<QModelIndex const&, QModelIndex const&, QVector<int> const&>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) /usr/include/qt5/QtCore/qobjectdefs_impl.h:396 #7 0x7f11d919c96e in QMetaObject::activate(QObject*, int, int, void**) (/usr/lib64/libQt5Core.so.5+0x26796e) #8 0x7f11d913245b in QAbstractItemModel::dataChanged(QModelIndex const&, QModelIndex const&, QVector<int> const&) (/usr/lib64/libQt5Core.so.5+0x1fd45b) previously allocated by thread T0 here: #0 0x7f11e26d1dc0 in operator new(unsigned long) /var/tmp/portage/sys-devel/gcc-8.2.0-r6/work/gcc-8.2.0/libsanitizer/asan/asan_new_delete.cc:90 #1 0x7f11e223b231 in PlacesItemModel::addItemFromSourceModel(QModelIndex const&) ../src/panels/places/placesitemmodel.cpp:392 #2 0x7f11e223644d in PlacesItemModel::setHiddenItemsShown(bool) ../src/panels/places/placesitemmodel.cpp:115 #3 0x7f11e2222d67 in PlacesPanel::showHiddenEntries(bool) ../src/panels/places/placespanel.cpp:551 #4 0x7f11e221e72c in PlacesPanel::slotViewContextMenuRequested(QPointF const&) ../src/panels/places/placespanel.cpp:345 #5 0x7f11e222930c in QtPrivate::FunctorCall<QtPrivate::IndexesList<0>, QtPrivate::List<QPointF const&>, void, void (PlacesPanel::*)(QPointF const&)>::call(void (PlacesPanel::*)(QPointF const&), PlacesPanel*, void**) /usr/include/qt5/QtCore/qobjectdefs_impl.h:134 #6 0x7f11e2228666 in void QtPrivate::FunctionPointer<void (PlacesPanel::*)(QPointF const&)>::call<QtPrivate::List<QPointF const&>, void>(void (PlacesPanel::*)(QPointF const&), PlacesPanel*, void**) /usr/include/qt5/QtCore/qobjectdefs_impl.h:167 #7 0x7f11e222786b in QtPrivate::QSlotObject<void (PlacesPanel::*)(QPointF const&), QtPrivate::List<QPointF const&>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) /usr/include/qt5/QtCore/qobjectdefs_impl.h:396 #8 0x7f11d919c96e in QMetaObject::activate(QObject*, int, int, void**) (/usr/lib64/libQt5Core.so.5+0x26796e) #9 0x7f11e0a73bba in KItemListController::viewContextMenuRequested(QPointF const&) src/dolphinprivate_autogen/Z3MQH7AOBD/moc_kitemlistcontroller.cpp:456 #10 0x7f11e08d7526 in KItemListController::mousePressEvent(QGraphicsSceneMouseEvent*, QTransform const&) ../src/kitemviews/kitemlistcontroller.cpp:635 #11 0x7f11e08dc2c4 in KItemListController::processEvent(QEvent*, QTransform const&) ../src/kitemviews/kitemlistcontroller.cpp:1038 #12 0x7f11e08fbaf1 in KItemListView::event(QEvent*) ../src/kitemviews/kitemlistview.cpp:923 #13 0x7f11da2f9d8b in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/usr/lib64/libQt5Widgets.so.5+0x15ad8b) SUMMARY: AddressSanitizer: heap-use-after-free ../src/kitemviews/kstandarditem.cpp:118 in KStandardItem::setDataValue(QByteArray const&, QVariant const&) Shadow bytes around the buggy address: 0x0c1a800c4360: fa fa fa fa fa fa fd fd fd fd fd fd fd fd fd fd 0x0c1a800c4370: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa 0x0c1a800c4380: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c1a800c4390: fd fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd 0x0c1a800c43a0: fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa =>0x0c1a800c43b0: fa fa fa fa fd fd fd[fd]fd fd fd fd fd fd fd fd 0x0c1a800c43c0: fd fd fd fd fd fa fa fa fa fa fa fa fa fa fd fd 0x0c1a800c43d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1a800c43e0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x0c1a800c43f0: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa 0x0c1a800c4400: fa fa fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==10758==ABORTING I have pushed a fix for it here: https://phabricator.kde.org/D20024 Please test and report if it fixes the problem. Git commit 78540e49213ed1a03687d55063816659c9142eba by David Hallas. Committed on 13/05/2019 at 14:58. Pushed by hallas into branch 'master'. Summary: Fixes crash when hiding devices Summary: Fixes crash when hiding devices. The crash is caused by KStandardItem::setDataValue which calls the KStandardItemModel::onItemChanged function, and that function will delete the KStandardItem if the data value being set is the hidden attribute being set to true. To fix this KStandardItem now derives QObject so that we can use deleteLater. Test Plan: Right click a device in the places panel and select hide Right click the places panel and select show hidden Right click the hidden device and select show Right click the same device and select hide Reviewers: #dolphin, elvisangelaccio Reviewed By: #dolphin, elvisangelaccio Subscribers: kfm-devel Tags: #dolphin Differential Revision: https://phabricator.kde.org/D21050 M +3 -30 src/kitemviews/kstandarditem.cpp M +3 -11 src/kitemviews/kstandarditem.h M +1 -1 src/kitemviews/kstandarditemmodel.cpp https://commits.kde.org/dolphin/78540e49213ed1a03687d55063816659c9142eba *** Bug 407943 has been marked as a duplicate of this bug. *** |