Bug 437720

Summary: Closing spectacle caused a crash
Product: [Applications] Spectacle Reporter: Arcadiy Ivanov <arcadiy>
Component: GeneralAssignee: Boudhayan Gupta <me>
Status: RESOLVED DOWNSTREAM    
Severity: crash CC: kde, nyanpasu64
Priority: NOR Keywords: drkonqi
Version First Reported In: 20.12.2   
Target Milestone: ---   
Platform: Fedora RPMs   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Arcadiy Ivanov 2021-05-27 00:07:33 UTC 
Application: spectacle (20.12.2)

Qt Version: 5.15.2
Frameworks Version: 5.82.0
Operating System: Linux 5.12.6-300.fc34.x86_64 x86_64
Windowing System: X11
Drkonqi Version: 5.21.5
Distribution: "Fedora release 34 (Thirty Four)"

-- Information about the crash:
- What I was doing when the application crashed:

Application was being closed normally. During the closing a crash was registered.

The reporter is unsure if this crash is reproducible.

-- Backtrace:
Application: Spectacle (spectacle), signal: Segmentation fault

[KCrash Handler]
#4  0x00007f1b7172f205 in kImageAnnotator::FontPicker::~FontPicker() () from /lib64/libkImageAnnotator.so.0
#5  0x00007f1b716f4105 in kImageAnnotator::AnnotationItemSettings::~AnnotationItemSettings() () from /lib64/libkImageAnnotator.so.0
#6  0x00007f1b716f44a2 in kImageAnnotator::AnnotationWidget::~AnnotationWidget() () from /lib64/libkImageAnnotator.so.0
#7  0x00007f1b716ea61b in kImageAnnotator::CoreView::~CoreView() () from /lib64/libkImageAnnotator.so.0
#8  0x00007f1b716ecc7d in kImageAnnotator::KImageAnnotator::~KImageAnnotator() () from /lib64/libkImageAnnotator.so.0
#9  0x00007f1b716ece6d in kImageAnnotator::KImageAnnotator::~KImageAnnotator() () from /lib64/libkImageAnnotator.so.0
#10 0x00007f1b6fdaeeda in QObjectPrivate::deleteChildren() () from /lib64/libQt5Core.so.5
#11 0x00007f1b70853f66 in QWidget::~QWidget() () from /lib64/libQt5Widgets.so.5
#12 0x0000556cdabd8461 in KSWidget::~KSWidget() ()
#13 0x00007f1b6fdaeeda in QObjectPrivate::deleteChildren() () from /lib64/libQt5Core.so.5
#14 0x00007f1b70853f66 in QWidget::~QWidget() () from /lib64/libQt5Widgets.so.5
#15 0x0000556cdabdd715 in SpectacleCore::~SpectacleCore() ()
#16 0x0000556cdabd599f in main ()
[Inferior 1 (process 38280) detached]

Reported using DrKonqi
Comment 1 nyanpasu64 2021-05-27 03:37:46 UTC 
I built an ASAN build of Arch's spectacle and kimageannotator packages (editing the PKGBUILDs to add -DCMAKE_CXX_FLAGS=-fsanitize=address -DCMAKE_LINKER_FLAGS=-fsanitize=address). Now merely opening and closing Spectacle, without taking a screenshot (aside from the startup screenshot) or saving a file, is enough to reliably trigger an Address Sanitizer error.

Link to one such error message: https://gist.githubusercontent.com/nyanpasu64/4b21c7890744a20893f2786be7c26e02/raw/f6c16c83a99408e05f2f4cb3800084cfc66ccc8b/gistfile1.txt

The exact shadow memory layout is different on every run, but the stack trace function names are consistent.
Comment 2 nyanpasu64 2021-05-27 03:41:11 UTC 
Forgot to post my system information:

Operating System: Arch Linux
KDE Plasma Version: 5.21.5
KDE Frameworks Version: 5.82.0
Qt Version: 5.15.2
Kernel Version: 5.12.6-arch1-1
OS Type: 64-bit
Graphics Platform: X11
Processors: 12 × AMD Ryzen 5 5600X 6-Core Processor
Memory: 15.6 GiB of RAM
Graphics Processor: NVIDIA GeForce GT 730/PCIe/SSE2

I'm using Spectacle 21.04.1 and kimageannotator 0.5.0, which is noticeably newer than the version of Spectacle reported by the original issue reporter. My stack trace seems similar to the original post, but has more frames including duplicates and QScopedPointerDeleter.
Comment 3 nyanpasu64 2021-05-27 06:12:27 UTC 
This is caused by the underlying kImageAnnotator library.

I managed to reproduce the crash, with a similar stack trace, using kImageAnnotator's test program (both the 0.5.0 obtained from Arch's PKGBUILD, and latest Git from https://github.com/ksnip/kImageAnnotator).

The bug was reported yesterday at https://github.com/ksnip/kImageAnnotator/issues/242, despite the crash having been present for weeks or months. I agree with that reporter arguing that the delete calls should not be present.
Comment 4 David Redondo 2021-05-27 06:50:53 UTC 
Thanks for the investigation, closing this accordingly