Bug 439948

Summary: Plasmashell crashes in in KIO::isClipboardDataCut() when drag the file from telegram to the desktop or copying text to the clipboard
Product: [Plasma] plasmashell Reporter: MrNekit <Balykin_nikita>
Component: ClipboardAssignee: Plasma Bugs List <plasma-bugs>
Status: RESOLVED FIXED    
Severity: crash CC: kde, nate, plasma-bugs
Priority: NOR Keywords: drkonqi
Version: 5.22.3   
Target Milestone: 1.0   
Platform: Manjaro   
OS: Linux   
Latest Commit: Version Fixed In:

Description MrNekit 2021-07-16 12:44:23 UTC
Application: plasmashell (5.22.3)

Qt Version: 5.15.2
Frameworks Version: 5.84.0
Operating System: Linux 5.12.17-lqx2-1-lqx x86_64
Windowing System: X11
Drkonqi Version: 5.22.3
Distribution: Manjaro Linux

-- Information about the crash:
- What I was doing when the application crashed:
I downloaded a .zip archive in telegram and tried to drag it to my desktop. On my desktop, I have a folder view widget.

The crash can be reproduced every time.

-- Backtrace:
Application: Plasma (plasmashell), signal: Segmentation fault

[KCrash Handler]
#4  0x00007f24119f7713 in  () at /usr/lib/libQt5Core.so.5
#5  0x00007f24119f886e in QMimeData::data(QString const&) const () at /usr/lib/libQt5Core.so.5
#6  0x00007f2411004913 in KIO::isClipboardDataCut(QMimeData const*) () at /usr/lib/libKF5KIOWidgets.so.5
#7  0x00007f24110272ff in  () at /usr/lib/libKF5KIOWidgets.so.5
#8  0x00007f24119fe4ff in QObject::event(QEvent*) () at /usr/lib/libQt5Core.so.5
#9  0x00007f24126c2d62 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () at /usr/lib/libQt5Widgets.so.5
#10 0x00007f24119d13aa in QCoreApplication::notifyInternal2(QObject*, QEvent*) () at /usr/lib/libQt5Core.so.5
#11 0x00007f24119d44a9 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () at /usr/lib/libQt5Core.so.5
#12 0x00007f2411a2a9a4 in  () at /usr/lib/libQt5Core.so.5
#13 0x00007f240fc4c10c in g_main_context_dispatch () at /usr/lib/libglib-2.0.so.0
#14 0x00007f240fc9fb99 in  () at /usr/lib/libglib-2.0.so.0
#15 0x00007f240fc49871 in g_main_context_iteration () at /usr/lib/libglib-2.0.so.0
#16 0x00007f2411a29fd6 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/libQt5Core.so.5
#17 0x00007f24119cfd1c in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/libQt5Core.so.5
#18 0x00007f24119d8284 in QCoreApplication::exec() () at /usr/lib/libQt5Core.so.5
#19 0x000055b0fa41b21a in  ()
#20 0x00007f2411357b25 in __libc_start_main () at /usr/lib/libc.so.6
#21 0x000055b0fa41b34e in  ()
[Inferior 1 (process 1893) detached]

Possible duplicates by query: bug 439800, bug 439642, bug 439605, bug 439500, bug 439386.

Reported using DrKonqi
Comment 1 Nate Graham 2022-02-14 19:03:30 UTC
*** Bug 450251 has been marked as a duplicate of this bug. ***
Comment 2 David Edmundson 2022-02-14 22:59:50 UTC
paste.cpp


>    const QMimeData *m_mimeData;

Well there's our problem. The lifespan of the mimedata is managed by the backend. Storing a pointer we don't own for an async job is not safe.
Comment 3 Bug Janitor Service 2022-02-14 23:06:30 UTC
A possibly relevant merge request was started @ https://invent.kde.org/frameworks/kio/-/merge_requests/756
Comment 4 David Edmundson 2022-02-15 13:13:52 UTC
Git commit 1d668a9fe65c5bc178487fc32e6662ff815147f6 by David Edmundson.
Committed on 15/02/2022 at 12:27.
Pushed by davidedmundson into branch 'master'.

Fix potential crash in pastejob

Mimedata is owned by the QPA. It will be deleted when a new clipboard
arrives.

PasteJob stores a pointer to the mimedata used. It has an async step
`QTimer::singleShot(0, this, SLOT(slotStart()));` mimeData can be
deleted in the meantime.

This patch adds a guard for that.

M  +5    -0    src/widgets/pastejob.cpp
M  +1    -1    src/widgets/pastejob_p.h

https://invent.kde.org/frameworks/kio/commit/1d668a9fe65c5bc178487fc32e6662ff815147f6