Bug 448114

Summary: kioslave5 crashes when searching in Dolphin
Product: [Frameworks and Libraries] frameworks-kio Reporter: kde
Component: generalAssignee: KIO Bugs <kio-bugs-null>
Status: RESOLVED FIXED    
Severity: crash CC: a.samirh78, asturm, jan.rathmann, kdelibs-bugs, nate, nicolas.fella
Priority: NOR    
Version: 5.89.0   
Target Milestone: ---   
Platform: openSUSE   
OS: Linux   
Latest Commit: Version Fixed In: 22.04.3
Attachments: first crash
second crash

Description kde 2022-01-08 12:47:27 UTC
Created attachment 145220 [details]
first crash

SUMMARY
I searched for a file by name in Dolphin (Ctrl-F) and kioslave5 crashed.

STEPS TO REPRODUCE
1. open Dolphin
2. search filename

OBSERVED RESULT
crash

EXPECTED RESULT
no crash

SOFTWARE/OS VERSIONS
Operating System: openSUSE Tumbleweed 20220106
KDE Plasma Version: 5.23.4
KDE Frameworks Version: 5.89.0
Qt Version: 5.15.2
Kernel Version: 5.15.12-1-default (64-bit)
Graphics Platform: X11

ADDITIONAL INFORMATION
The search returns some results, but I can't tell if they're partial or all.

Reproducible: every time

I attached two crash logs, first the initial crash, then replicated using the same steps (they appear to be the same except for memory addresses).
Comment 1 kde 2022-01-08 12:47:44 UTC
Created attachment 145221 [details]
second crash
Comment 2 Nicolas Fella 2022-01-08 14:15:52 UTC
Pasting the crash report inline for better searchability:

Application: kioslave5 (kioslave5), signal: Segmentation fault
Content of s_kcrashErrorMessage: std::unique_ptr<char []> = {get() = <optimized out>}
[KCrash Handler]
#6  std::__atomic_base<int>::operator++ (this=0xf00000001) at /usr/include/c++/11/bits/atomic_base.h:377
#7  QAtomicOps<int>::ref<int> (_q_value=...) at ../../include/QtCore/../../src/corelib/thread/qatomic_cxx11.h:283
#8  QBasicAtomicInteger<int>::ref (this=0xf00000001) at ../../include/QtCore/../../src/corelib/thread/qbasicatomic.h:118
#9  QUrl::QUrl (this=this@entry=0x7ffd4fae42b8, other=...) at io/qurl.cpp:1862
#10 0x00007f9868d756f3 in FileNameSearchProtocol::listDir (this=0x7ffd4fae4540, url=...) at /usr/src/debug/kio-extras5-21.12.0-1.2.x86_64/filenamesearch/kio_filenamesearch.cpp:160
#11 0x00007f9868c944d6 in KIO::SlaveBase::dispatch (this=0x7ffd4fae4550, command=71, data=...) at /usr/src/debug/kio-5.89.0-1.2.x86_64/src/core/slavebase.cpp:1277
#12 0x00007f9868c8d136 in KIO::SlaveBase::dispatchLoop (this=0x7ffd4fae4550) at /usr/src/debug/kio-5.89.0-1.2.x86_64/src/core/slavebase.cpp:335
#13 0x00007f9868d75fa1 in kdemain (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/kio-extras5-21.12.0-1.2.x86_64/filenamesearch/kio_filenamesearch.cpp:234
#14 0x0000562b1d56e362 in main (argc=5, argv=0x7ffd4fae47f8) at /usr/src/debug/kio-5.89.0-1.2.x86_64/src/kioslave/kioslave.cpp:141
[Inferior 1 (process 492) detached]
Comment 3 Nicolas Fella 2022-01-08 14:16:09 UTC
Application: kioslave5 (kioslave5), signal: Segmentation fault
Content of s_kcrashErrorMessage: std::unique_ptr<char []> = {get() = <optimized out>}
[KCrash Handler]
#6  std::__atomic_base<int>::operator++ (this=0xf00000001) at /usr/include/c++/11/bits/atomic_base.h:377
#7  QAtomicOps<int>::ref<int> (_q_value=...) at ../../include/QtCore/../../src/corelib/thread/qatomic_cxx11.h:283
#8  QBasicAtomicInteger<int>::ref (this=0xf00000001) at ../../include/QtCore/../../src/corelib/thread/qbasicatomic.h:118
#9  QUrl::QUrl (this=this@entry=0x7ffd469a8168, other=...) at io/qurl.cpp:1862
#10 0x00007f96a466b6f3 in FileNameSearchProtocol::listDir (this=0x7ffd469a83f0, url=...) at /usr/src/debug/kio-extras5-21.12.0-1.2.x86_64/filenamesearch/kio_filenamesearch.cpp:160
#11 0x00007f96a458a4d6 in KIO::SlaveBase::dispatch (this=0x7ffd469a8400, command=71, data=...) at /usr/src/debug/kio-5.89.0-1.2.x86_64/src/core/slavebase.cpp:1277
#12 0x00007f96a4583136 in KIO::SlaveBase::dispatchLoop (this=0x7ffd469a8400) at /usr/src/debug/kio-5.89.0-1.2.x86_64/src/core/slavebase.cpp:335
#13 0x00007f96a466bfa1 in kdemain (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/kio-extras5-21.12.0-1.2.x86_64/filenamesearch/kio_filenamesearch.cpp:234
#14 0x000055a0146b9362 in main (argc=5, argv=0x7ffd469a86a8) at /usr/src/debug/kio-5.89.0-1.2.x86_64/src/kioslave/kioslave.cpp:141
[Inferior 1 (process 543) detached]
Comment 5 Ahmad Samir 2022-06-13 19:31:26 UTC
Git commit f60b327c5ab3a48b1eb781a67e553f33f2ced71a by Ahmad Samir.
Committed on 13/06/2022 at 19:20.
Pushed by ahmadsamir into branch 'master'.

kio_filenamesearch: don't use iterators when searching pending dirs

Looking at the backtrace from the bug report, it looks like the vector
could get reallocated when it changes capacity ...etc, which would
invalidate iterators.

Instead use a FIFO std::queue, since ideally the dirs should be searched in
the same order they're added to the pendingDirs container, and then
removed, and removing from the from of a vector is more costly than with a
queue (which uses a std::deque by default).
FIXED-IN: 22.04.3

M  +6    -6    filenamesearch/kio_filenamesearch.cpp
M  +2    -2    filenamesearch/kio_filenamesearch.h

https://invent.kde.org/network/kio-extras/commit/f60b327c5ab3a48b1eb781a67e553f33f2ced71a