Bug 415340

Summary: Crash when closing print preview dialog on Linux
Product: [Applications] okular Reporter: nyanpasu64 <nyanpasu64>
Component: generalAssignee: Okular developers <okular-devel>
Status: RESOLVED FIXED    
Severity: crash CC: oliver.sander, rjvbertin
Priority: NOR Keywords: drkonqi
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: unspecified   
OS: Linux   
Latest Commit: https://invent.kde.org/kde/okular/commit/6e170312d8560963108365ee9e5c124d5c76f0e9 Version Fixed/Implemented In:
Sentry Crash Report:

Description nyanpasu64 2019-12-19 02:29:59 UTC 
Application: okular (1.9.70)

Qt Version: 5.13.2
Frameworks Version: 5.64.0
Operating System: Linux 5.4.3-1-MANJARO x86_64
Distribution: Manjaro Linux

-- Information about the crash:
- Open any file (.pdf or .md).
- Under File menu, open print preview dialog.
- Close print preview dialog.

Okular segfaults.

The crash can be reproduced every time.

-- Backtrace:
Application: Okular (okular), signal: Segmentation fault
Using host libthread_db library "/usr/lib/libthread_db.so.1".
[Current thread is 1 (Thread 0x7fac86039800 (LWP 141606))]

Thread 18 (Thread 0x7fac48c93700 (LWP 141635)):
#0  0x00007fac899e6e9d in syscall () from /usr/lib/libc.so.6
#1  0x00007fac89d648f2 in QSemaphore::acquire(int) () from /usr/lib/libQt5Core.so.5
#2  0x00007fac480d77c2 in GSRendererThread::run (this=0x564b8a87c580) at /home/nyanpasu64/aur/okular-git/src/okular/generators/spectre/rendererthread.cpp:50
#3  0x00007fac89d62530 in ?? () from /usr/lib/libQt5Core.so.5
#4  0x00007fac88f2e4cf in start_thread () from /usr/lib/libpthread.so.0
#5  0x00007fac899ec2d3 in clone () from /usr/lib/libc.so.6

Thread 17 (Thread 0x7fac497fa700 (LWP 141623)):
#0  0x00007fac88f34c45 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0
#1  0x00007fac76dd448c in ?? () from /usr/lib/dri/radeonsi_dri.so
#2  0x00007fac76dd4088 in ?? () from /usr/lib/dri/radeonsi_dri.so
#3  0x00007fac88f2e4cf in start_thread () from /usr/lib/libpthread.so.0
#4  0x00007fac899ec2d3 in clone () from /usr/lib/libc.so.6

Thread 16 (Thread 0x7fac49ffb700 (LWP 141622)):
#0  0x00007fac88f34c45 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0
#1  0x00007fac76dd448c in ?? () from /usr/lib/dri/radeonsi_dri.so
#2  0x00007fac76dd4088 in ?? () from /usr/lib/dri/radeonsi_dri.so
#3  0x00007fac88f2e4cf in start_thread () from /usr/lib/libpthread.so.0
#4  0x00007fac899ec2d3 in clone () from /usr/lib/libc.so.6

Thread 15 (Thread 0x7fac4a7fc700 (LWP 141621)):
#0  0x00007fac88f34c45 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0
#1  0x00007fac76dd448c in ?? () from /usr/lib/dri/radeonsi_dri.so
#2  0x00007fac76dd4088 in ?? () from /usr/lib/dri/radeonsi_dri.so
#3  0x00007fac88f2e4cf in start_thread () from /usr/lib/libpthread.so.0
#4  0x00007fac899ec2d3 in clone () from /usr/lib/libc.so.6

Thread 14 (Thread 0x7fac4affd700 (LWP 141620)):
#0  0x00007fac88f34c45 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0
#1  0x00007fac76dd448c in ?? () from /usr/lib/dri/radeonsi_dri.so
#2  0x00007fac76dd4088 in ?? () from /usr/lib/dri/radeonsi_dri.so
#3  0x00007fac88f2e4cf in start_thread () from /usr/lib/libpthread.so.0
#4  0x00007fac899ec2d3 in clone () from /usr/lib/libc.so.6

Thread 13 (Thread 0x7fac4b7fe700 (LWP 141619)):
#0  0x00007fac88f34c45 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0
#1  0x00007fac76dd448c in ?? () from /usr/lib/dri/radeonsi_dri.so
#2  0x00007fac76dd4088 in ?? () from /usr/lib/dri/radeonsi_dri.so
#3  0x00007fac88f2e4cf in start_thread () from /usr/lib/libpthread.so.0
#4  0x00007fac899ec2d3 in clone () from /usr/lib/libc.so.6

Thread 12 (Thread 0x7fac4bfff700 (LWP 141618)):
#0  0x00007fac88f34c45 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0
#1  0x00007fac76dd448c in ?? () from /usr/lib/dri/radeonsi_dri.so
#2  0x00007fac76dd4088 in ?? () from /usr/lib/dri/radeonsi_dri.so
#3  0x00007fac88f2e4cf in start_thread () from /usr/lib/libpthread.so.0
#4  0x00007fac899ec2d3 in clone () from /usr/lib/libc.so.6

Thread 11 (Thread 0x7fac68ff9700 (LWP 141617)):
#0  0x00007fac88f34c45 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0
#1  0x00007fac76dd448c in ?? () from /usr/lib/dri/radeonsi_dri.so
#2  0x00007fac76dd4088 in ?? () from /usr/lib/dri/radeonsi_dri.so
#3  0x00007fac88f2e4cf in start_thread () from /usr/lib/libpthread.so.0
#4  0x00007fac899ec2d3 in clone () from /usr/lib/libc.so.6

Thread 10 (Thread 0x7fac697fa700 (LWP 141616)):
#0  0x00007fac88f34c45 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0
#1  0x00007fac76dd448c in ?? () from /usr/lib/dri/radeonsi_dri.so
#2  0x00007fac76dd4088 in ?? () from /usr/lib/dri/radeonsi_dri.so
#3  0x00007fac88f2e4cf in start_thread () from /usr/lib/libpthread.so.0
#4  0x00007fac899ec2d3 in clone () from /usr/lib/libc.so.6

Thread 9 (Thread 0x7fac69ffb700 (LWP 141615)):
#0  0x00007fac88f34c45 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0
#1  0x00007fac76dd448c in ?? () from /usr/lib/dri/radeonsi_dri.so
#2  0x00007fac76dd4088 in ?? () from /usr/lib/dri/radeonsi_dri.so
#3  0x00007fac88f2e4cf in start_thread () from /usr/lib/libpthread.so.0
#4  0x00007fac899ec2d3 in clone () from /usr/lib/libc.so.6

Thread 8 (Thread 0x7fac6a7fc700 (LWP 141614)):
#0  0x00007fac88f34c45 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0
#1  0x00007fac76dd448c in ?? () from /usr/lib/dri/radeonsi_dri.so
#2  0x00007fac76dd4088 in ?? () from /usr/lib/dri/radeonsi_dri.so
#3  0x00007fac88f2e4cf in start_thread () from /usr/lib/libpthread.so.0
#4  0x00007fac899ec2d3 in clone () from /usr/lib/libc.so.6

Thread 7 (Thread 0x7fac6affd700 (LWP 141613)):
#0  0x00007fac88f34c45 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0
#1  0x00007fac76dd448c in ?? () from /usr/lib/dri/radeonsi_dri.so
#2  0x00007fac76dd4088 in ?? () from /usr/lib/dri/radeonsi_dri.so
#3  0x00007fac88f2e4cf in start_thread () from /usr/lib/libpthread.so.0
#4  0x00007fac899ec2d3 in clone () from /usr/lib/libc.so.6

Thread 6 (Thread 0x7fac6b7fe700 (LWP 141612)):
#0  0x00007fac88f34c45 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0
#1  0x00007fac76dd448c in ?? () from /usr/lib/dri/radeonsi_dri.so
#2  0x00007fac76dd4088 in ?? () from /usr/lib/dri/radeonsi_dri.so
#3  0x00007fac88f2e4cf in start_thread () from /usr/lib/libpthread.so.0
#4  0x00007fac899ec2d3 in clone () from /usr/lib/libc.so.6

Thread 5 (Thread 0x7fac6bfff700 (LWP 141611)):
#0  0x00007fac88f34c45 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0
#1  0x00007fac76dd448c in ?? () from /usr/lib/dri/radeonsi_dri.so
#2  0x00007fac76dd4088 in ?? () from /usr/lib/dri/radeonsi_dri.so
#3  0x00007fac88f2e4cf in start_thread () from /usr/lib/libpthread.so.0
#4  0x00007fac899ec2d3 in clone () from /usr/lib/libc.so.6

Thread 4 (Thread 0x7fac70ab6700 (LWP 141610)):
#0  0x00007fac88f34c45 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0
#1  0x00007fac76dd448c in ?? () from /usr/lib/dri/radeonsi_dri.so
#2  0x00007fac76dd4088 in ?? () from /usr/lib/dri/radeonsi_dri.so
#3  0x00007fac88f2e4cf in start_thread () from /usr/lib/libpthread.so.0
#4  0x00007fac899ec2d3 in clone () from /usr/lib/libc.so.6

Thread 3 (Thread 0x7fac713f8700 (LWP 141609)):
#0  0x00007fac88f34c45 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0
#1  0x00007fac76dd448c in ?? () from /usr/lib/dri/radeonsi_dri.so
#2  0x00007fac76dd4088 in ?? () from /usr/lib/dri/radeonsi_dri.so
#3  0x00007fac88f2e4cf in start_thread () from /usr/lib/libpthread.so.0
#4  0x00007fac899ec2d3 in clone () from /usr/lib/libc.so.6

Thread 2 (Thread 0x7fac7f2c7700 (LWP 141608)):
#0  0x00007fac899e19ef in poll () from /usr/lib/libc.so.6
#1  0x00007fac88419120 in ?? () from /usr/lib/libglib-2.0.so.0
#2  0x00007fac884191f1 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#3  0x00007fac89f88b2c in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5
#4  0x00007fac89f2f83c in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5
#5  0x00007fac89d61305 in QThread::exec() () from /usr/lib/libQt5Core.so.5
#6  0x00007fac8a1c2b37 in ?? () from /usr/lib/libQt5DBus.so.5
#7  0x00007fac89d62530 in ?? () from /usr/lib/libQt5Core.so.5
#8  0x00007fac88f2e4cf in start_thread () from /usr/lib/libpthread.so.0
#9  0x00007fac899ec2d3 in clone () from /usr/lib/libc.so.6

Thread 1 (Thread 0x7fac86039800 (LWP 141606)):
[KCrash Handler]
#6  0x00007fac8a97e860 in QAction::isChecked() const () from /usr/lib/libQt5Widgets.so.5
#7  0x00007fac7e000f09 in PageView::capability (this=0x564b8a8105a0, capability=<optimized out>) at /home/nyanpasu64/aur/okular-git/src/okular/ui/pageview.cpp:1595
#8  0x00007fac7ddfa0ec in Okular::DocumentPrivate::saveViewsInfo (this=this@entry=0x564b8a73d190, view=view@entry=0x564b8a8105e0, e=...) at /home/nyanpasu64/aur/okular-git/src/okular/core/document.cpp:771
#9  0x00007fac7de104bb in Okular::DocumentPrivate::saveDocumentInfo (this=<optimized out>) at /home/nyanpasu64/aur/okular-git/src/okular/core/document.cpp:1335
#10 0x00007fac7de12870 in Okular::Document::closeDocument (this=0x564b8a7d1300) at /home/nyanpasu64/aur/okular-git/src/okular/core/document.cpp:2769
#11 Okular::Document::closeDocument (this=0x564b8a7d1300) at /home/nyanpasu64/aur/okular-git/src/okular/core/document.cpp:2738
#12 0x00007fac7df88363 in Okular::Part::closeUrl (promptToSave=<optimized out>, this=0x564b8a77bbe0) at /home/nyanpasu64/aur/okular-git/src/okular/part.cpp:1903
#13 Okular::Part::closeUrl (this=0x564b8a77bbe0, promptToSave=<optimized out>) at /home/nyanpasu64/aur/okular-git/src/okular/part.cpp:1842
#14 0x00007fac7df89533 in Okular::Part::~Part (this=this@entry=0x564b8a77bbe0, __in_chrg=<optimized out>, __vtt_parm=<optimized out>) at /home/nyanpasu64/aur/okular-git/src/okular/part.cpp:971
#15 0x00007fac7df895ca in Okular::Part::~Part (this=0x564b8a77bbe0, __in_chrg=<optimized out>, __vtt_parm=<optimized out>) at /home/nyanpasu64/aur/okular-git/src/okular/part.cpp:963
#16 0x00007fac89f5a80e in QObjectPrivate::deleteChildren() () from /usr/lib/libQt5Core.so.5
#17 0x00007fac8a9c38d3 in QWidget::~QWidget() () from /usr/lib/libQt5Widgets.so.5
#18 0x00007fac7dfc384b in Okular::FilePrinterPreview::~FilePrinterPreview (this=0x7ffec8809180, __in_chrg=<optimized out>) at /usr/include/qt/QtCore/qarraydata.h:236
#19 0x00007fac7df9b208 in Okular::Part::slotPrintPreview (this=<optimized out>) at /home/nyanpasu64/aur/okular-git/src/okular/part.cpp:3042
#20 0x00007fac7df5f3d2 in Okular::Part::qt_static_metacall (_o=0x564b89f850e0, _c=<optimized out>, _id=<optimized out>, _a=<optimized out>) at /home/nyanpasu64/aur/okular-git/src/build/okularpart_autogen/EWIEGA46WW/moc_part.cpp:449
#21 0x00007fac89f5cac1 in QMetaObject::activate(QObject*, int, int, void**) () from /usr/lib/libQt5Core.so.5
#22 0x00007fac8a97dea3 in QAction::triggered(bool) () from /usr/lib/libQt5Widgets.so.5
#23 0x00007fac8a980634 in QAction::activate(QAction::ActionEvent) () from /usr/lib/libQt5Widgets.so.5
#24 0x00007fac8ab0c6b3 in ?? () from /usr/lib/libQt5Widgets.so.5
#25 0x00007fac8ab13f6c in ?? () from /usr/lib/libQt5Widgets.so.5
#26 0x00007fac8ab16c8b in QMenu::keyPressEvent(QKeyEvent*) () from /usr/lib/libQt5Widgets.so.5
#27 0x00007fac8a9c86cb in QWidget::event(QEvent*) () from /usr/lib/libQt5Widgets.so.5
#28 0x00007fac8ab1760c in QMenu::event(QEvent*) () from /usr/lib/libQt5Widgets.so.5
#29 0x00007fac8a9844e5 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQt5Widgets.so.5
#30 0x00007fac8a98e544 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libQt5Widgets.so.5
#31 0x00007fac89f30d12 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /usr/lib/libQt5Core.so.5
#32 0x00007fac8a9e743e in ?? () from /usr/lib/libQt5Widgets.so.5
#33 0x00007fac8a9844e5 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQt5Widgets.so.5
#34 0x00007fac8a98de11 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libQt5Widgets.so.5
#35 0x00007fac89f30d12 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /usr/lib/libQt5Core.so.5
#36 0x00007fac8a36316d in QGuiApplicationPrivate::processKeyEvent(QWindowSystemInterfacePrivate::KeyEvent*) () from /usr/lib/libQt5Gui.so.5
#37 0x00007fac8a36862f in QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) () from /usr/lib/libQt5Gui.so.5
#38 0x00007fac8a342b0c in QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Gui.so.5
#39 0x00007fac85bf30ec in ?? () from /usr/lib/libQt5XcbQpa.so.5
#40 0x00007fac8841739e in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#41 0x00007fac884191b1 in ?? () from /usr/lib/libglib-2.0.so.0
#42 0x00007fac884191f1 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#43 0x00007fac89f88b13 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5
#44 0x00007fac89f2f83c in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5
#45 0x00007fac89f37676 in QCoreApplication::exec() () from /usr/lib/libQt5Core.so.5
#46 0x0000564b89b0979a in main (argc=<optimized out>, argv=<optimized out>) at /home/nyanpasu64/aur/okular-git/src/okular/shell/main.cpp:95
[Inferior 1 (process 141606) detached]

The reporter indicates this bug may be a duplicate of or related to bug 414937.

Reported using DrKonqi
Comment 1 nyanpasu64 2019-12-19 04:39:31 UTC 
Okular 78cf6bd910aa2dfeb55ea110a1d0423fc54f58a5 via AUR okular-git.

Running with valgrind causes okular to crash as soon as I open a document. Is this a false positive?

I managed to build Okular with `-fsanitize=address,undefined -fno-sanitize=vptr`. (Omitting -fno-sanitize results in a nondescript linking error like `undefined reference to `typeinfo for MyObject'`. I eventually found https://stackoverflow.com/a/48322000 which mentions that the vptr sanitizer is incompatible with RTTI off.)

The resulting asan Okular does not crash as soon as I open a document, nor when I open print preview. It prints the following message when I close print preview:

/home/nyanpasu64/aur/okular-git/src/okular/ui/pageview.cpp:1595:49: runtime error: member access within null pointer of type 'struct KToggleAction'
/home/nyanpasu64/aur/okular-git/src/okular/ui/pageview.cpp:1595:49: runtime error: member call on null pointer of type 'struct QAction'
Comment 2 nyanpasu64 2019-12-19 05:54:48 UTC 
The crash occurs after ~FilePrinterPreview finishes, while unwinding FilePrinterPreview's Qt child widgets (via QObjectPrivate::deleteChildren).

Okular::Part::~Part calls Okular::Document::closeDocument calls d->saveDocumentInfo().

void DocumentPrivate::saveDocumentInfo() const
{
    ...
    for ( View *view : qAsConst(m_views) )
    {
        QDomElement viewEntry = doc.createElement( QStringLiteral("view") );
        viewEntry.setAttribute( QStringLiteral("name"), view->name() );
        viewsNode.appendChild( viewEntry );
        saveViewsInfo( view, viewEntry );
    }


void DocumentPrivate::saveViewsInfo( View *view, QDomElement &e ) const
{
    ...
        const bool mode = view->capability( View::Continuous ).toBool();

QVariant PageView::capability( ViewCapability capability ) const
{
    switch ( capability )
    {
        ...
        case Continuous:
            return d->aViewContinuous->isChecked();

## Null pointers

The problem is that PageView::d's member pointers are mostly nullptr (assigned by the constructor). This is what causes the crash.

Is the PageViewPrivate of a print preview document supposed to contain many nullptr, or should the pointers be initialized through PageView::setupViewerActions()? (This method constructs QAction and whatnot. Maybe it makes no sense to initialize them to QAction/etc, since the print preview dialog has no buttons.)

## Operating on null pointers.

I'm suspicious that Okular::Document::closeDocument unconditionally calls DocumentPrivate::saveDocumentInfo() (which leads to the crash). Is it necessary to save the info of a print-preview document? (It crashes if PageView::setupViewerActions() has not been called.)

The hacky workaround is to patch PageView::capability() to return some dummy value instead of dereferencing null pointers.
Comment 3 nyanpasu64 2019-12-19 06:00:48 UTC 
PageView::capability() did not call methods on d->ptr until commit bd25d17e704ed4bfed8e0db1dd233fe584fa96ef, which I think introduced the crash.

>Save view information per file
>
>Adds the functionality to save the view mode (single page, facing...),
>continuous scrolling, and margin trimming  to the document information,
>as it is already done with the zoom information.

https://cgit.kde.org/okular.git/commit/?id=bd25d17e704ed4bfed8e0db1dd233fe584fa96ef
https://github.com/KDE/okular/commit/bd25d17e704ed4bfed8e0db1dd233fe584fa96ef
Comment 4 Oliver Sander 2019-12-19 07:30:10 UTC 
Indeed.  For me it even crashes when *opening* the print preview.

A fix for this should be accompagnied by a unit test.
Comment 5 nyanpasu64 2019-12-20 01:56:52 UTC 
(In reply to Oliver Sander from comment #4)
> Indeed.  For me it even crashes when *opening* the print preview.
> 
> A fix for this should be accompagnied by a unit test.

If that's the case, this may be the same issue as bug 414937, where a Windows user reports that Okular crashes as soon as they open print preview. And my analysis of the bug may be incomplete as well.

Interestingly I got no error or warnings at all when opening print preview, not even in an asan+ubsan build (which dramatically slowed down build speed).

I tried flatpak Okular on Kubuntu 18.04 (not Manjaro) and also only got the crash when closing print preview. app/org.kde.okular/x86_64/master 7b82eadb1b05a162de9aec5e67ee6d90dc47fd1bf683a18f1a98f29c31bf6018
Comment 6 Albert Astals Cid 2019-12-28 22:42:37 UTC 
Git commit 6e170312d8560963108365ee9e5c124d5c76f0e9 by Albert Astals Cid.
Committed on 28/12/2019 at 22:28.
Pushed by aacid into branch 'release/19.12'.

Fix crash when closing print preview dialog

M  +4    -3    ui/pageview.cpp

https://invent.kde.org/kde/okular/commit/6e170312d8560963108365ee9e5c124d5c76f0e9
Comment 7 Albert Astals Cid 2019-12-28 23:12:18 UTC 
Git commit 5b5ef039cbc52a42d540b3705b67c9732ec4fbda by Albert Astals Cid.
Committed on 28/12/2019 at 22:43.
Pushed by aacid into branch 'master'.

Add test that opens the print preview dialog

At least this way we may find earlier gross mistakes like the one
causing bug 415340

M  +12   -0    autotests/parttest.cpp

https://invent.kde.org/kde/okular/commit/5b5ef039cbc52a42d540b3705b67c9732ec4fbda
Comment 8 Laura David Hurka 2021-06-27 12:10:14 UTC 
*** Bug 439216 has been marked as a duplicate of this bug. ***