Bug 465243

Summary: Dolphin crashes while setting up a new KWallet password store for network share credentials
Product: [Frameworks and Libraries] frameworks-kio Reporter: Gigaman <gigaman>
Component: generalAssignee: KIO Bugs <kio-bugs-null>
Status: RESOLVED DUPLICATE    
Severity: crash CC: dolphin-bugs-null, fschaefer.oss, kdedev, kdelibs-bugs-null, postix
Priority: NOR Keywords: drkonqi
Version First Reported In: 5.105.0   
Target Milestone: ---   
Platform: unspecified   
OS: Linux   
See Also: https://bugs.kde.org/show_bug.cgi?id=451050
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report: https://crash-reports.kde.org/organizations/kde/issues/279083/events/23932fef591d441a8c22520578277e76/
Attachments: New crash information added by DrKonqi

Description Gigaman 2023-02-03 20:07:50 UTC 
Application: dolphin (22.12.1)

Qt Version: 5.15.8
Frameworks Version: 5.102.0
Operating System: Linux 6.1.8-1-default x86_64
Windowing System: X11
Distribution: openSUSE Tumbleweed
DrKonqi: 5.26.5 [KCrashBackend]

-- Information about the crash:
Steps to reproduce:
1) I have opened Dolphin.
2) I opened KWallet.
3) I deleted the password vault in KWallet. It also contained the credentials for a network share.
4) In Dolphin, I clicked on a previously set up shortcut to the network share.
5) KWallet appeared and prompted me to set up a new password vault.
6) I have set up a new password vault.

Result:
Dolphin crashed in the background.

The reporter is unsure if this crash is reproducible.

-- Backtrace:
Application: Dolphin (dolphin), signal: Segmentation fault

[KCrash Handler]
#4  0x00007f82915a1a00 in QListData::begin (this=<optimized out>) at /usr/include/qt5/QtCore/qlist.h:118
#5  QList<KFileItem>::begin (this=<optimized out>, this=<optimized out>) at /usr/include/qt5/QtCore/qlist.h:339
#6  KCoreDirListerCache::slotUpdateResult (this=0x7f829161b4c0 <_ZZN12_GLOBAL__N_121Q_QGS_kDirListerCache13innerFunctionEvE6holder.lto_priv.0>, j=<optimized out>) at /usr/src/debug/kio-5.102.0/src/core/kcoredirlister.cpp:1751
#7  0x00007f828f9132dd in QtPrivate::QSlotObjectBase::call (a=0x7ffd90ca1640, r=0x7f829161b4c0 <_ZZN12_GLOBAL__N_121Q_QGS_kDirListerCache13innerFunctionEvE6holder.lto_priv.0>, this=0x55fcc9ceb050) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#8  doActivate<false> (sender=0x55fcc9d3a350, signal_index=6, argv=0x7ffd90ca1640) at kernel/qobject.cpp:3923
#9  0x00007f828f90c75f in QMetaObject::activate (sender=sender@entry=0x55fcc9d3a350, m=<optimized out>, local_signal_index=local_signal_index@entry=3, argv=argv@entry=0x7ffd90ca1640) at kernel/qobject.cpp:3983
#10 0x00007f8290d75e15 in KJob::result (this=this@entry=0x55fcc9d3a350, _t1=<optimized out>, _t1@entry=0x55fcc9d3a350, _t2=...) at /usr/src/debug/kcoreaddons-5.102.0/build/src/lib/KF5CoreAddons_autogen/include/moc_kjob.cpp:633
#11 0x00007f8290d7a07b in KJob::finishJob (this=0x55fcc9d3a350, emitResult=<optimized out>) at /usr/src/debug/kcoreaddons-5.102.0/src/lib/jobs/kjob.cpp:98
#12 0x00007f828f9132dd in QtPrivate::QSlotObjectBase::call (a=0x7ffd90ca1700, r=0x55fcc9d3a350, this=0x55fcc96eb8a0) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#13 doActivate<false> (sender=0x55fcc9645540, signal_index=7, argv=0x7ffd90ca1700) at kernel/qobject.cpp:3923
#14 0x00007f828f90c75f in QMetaObject::activate (sender=sender@entry=0x55fcc9645540, m=<optimized out>, local_signal_index=local_signal_index@entry=4, argv=argv@entry=0x0) at kernel/qobject.cpp:3983
#15 0x00007f8291546b03 in KIO::SlaveInterface::finished (this=this@entry=0x55fcc9645540) at /usr/src/debug/kio-5.102.0/build/src/core/KF5KIOCore_autogen/include/moc_slaveinterface.cpp:464
#16 0x00007f829154b6d0 in KIO::SlaveInterface::dispatch (this=0x55fcc9645540, _cmd=104, rawdata=...) at /usr/src/debug/kio-5.102.0/src/core/slaveinterface.cpp:149
#17 0x00007f82915468f6 in KIO::SlaveInterface::dispatch (this=0x55fcc9645540) at /usr/src/debug/kio-5.102.0/src/core/slaveinterface.cpp:78
#18 0x00007f8291549119 in KIO::Slave::gotInput (this=0x55fcc9645540) at /usr/src/debug/kio-5.102.0/src/core/slave.cpp:346
#19 0x00007f828f9132dd in QtPrivate::QSlotObjectBase::call (a=0x7ffd90ca1930, r=0x55fcc9645540, this=0x55fcc9bc6ec0) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#20 doActivate<false> (sender=0x55fcc9619310, signal_index=3, argv=0x7ffd90ca1930) at kernel/qobject.cpp:3923
#21 0x00007f828f907c50 in QObject::event (this=0x55fcc9619310, e=0x55fcc9c704d0) at kernel/qobject.cpp:1347
#22 0x00007f82905a544e in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x55fcc9619310, e=0x55fcc9c704d0) at kernel/qapplication.cpp:3640
#23 0x00007f828f8dc138 in QCoreApplication::notifyInternal2 (receiver=0x55fcc9619310, event=0x55fcc9c704d0) at kernel/qcoreapplication.cpp:1064
#24 0x00007f828f8df0d1 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x55fcc91c4f50) at kernel/qcoreapplication.cpp:1821
#25 0x00007f828f934363 in postEventSourceDispatch (s=0x55fcc92e0530) at kernel/qeventdispatcher_glib.cpp:277
#26 0x00007f828d51ba90 in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
#27 0x00007f828d51be48 in ?? () from /lib64/libglib-2.0.so.0
#28 0x00007f828d51bedc in g_main_context_iteration () from /lib64/libglib-2.0.so.0
#29 0x00007f828f933b66 in QEventDispatcherGlib::processEvents (this=0x55fcc92ea9b0, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#30 0x00007f828f8dabab in QEventLoop::exec (this=this@entry=0x7ffd90ca1d20, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#31 0x00007f828f8e2d16 in QCoreApplication::exec () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#32 0x000055fcc7669719 in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/dolphin-22.12.1/src/main.cpp:235
[Inferior 1 (process 10444) detached]

Reported using DrKonqi
Comment 1 Frank Schaefer 2023-04-29 09:23:25 UTC 
Created attachment 158532 [details]
New crash information added by DrKonqi

dolphin (23.04.0) using Qt 5.15.9

Steps to reproduce:
1) open Dolphin
2) enter SMB share location (smb://mysambaserver/myusername)
3) enter authentification data in authentification dialog

Result:
Dolphin crashes

-- Backtrace (Reduced):
#4  0x00007f8a8a049e40 in QListData::begin (this=<optimized out>) at /usr/include/qt5/QtCore/qlist.h:118
#5  QList<KFileItem>::begin (this=<optimized out>, this=<optimized out>) at /usr/include/qt5/QtCore/qlist.h:339
#6  KCoreDirListerCache::slotUpdateResult (this=0x7f8a8a0c44c0 <_ZZN12_GLOBAL__N_121Q_QGS_kDirListerCache13innerFunctionEvE6holder.lto_priv.0>, j=<optimized out>) at /usr/src/debug/kio-5.105.0/src/core/kcoredirlister.cpp:1750
#7  0x00007f8a88525232 in QtPrivate::QSlotObjectBase::call (a=0x7fff57862970, r=0x7f8a8a0c44c0 <_ZZN12_GLOBAL__N_121Q_QGS_kDirListerCache13innerFunctionEvE6holder.lto_priv.0>, this=0x55b373974b00) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#8  doActivate<false> (sender=0x55b37388ada0, signal_index=6, argv=0x7fff57862970) at kernel/qobject.cpp:3923
Comment 2 Frank Schaefer 2023-04-29 09:41:58 UTC 
(In reply to Frank Schaefer from comment #1)
> Steps to reproduce:
> ...
> 2) enter SMB share location (smb://mysambaserver/myusername)
> ...

Correction:
It happens only if  I enter "smb://mysambaserver".
Entering "smb://mysambaserver/myusername" doesn't result in a crash.

Additional notes:
I have KWallet disabled.
Samba server version is 4.13.13.
Comment 3 Frank Schaefer 2023-04-29 11:09:27 UTC 
Looking int https://invent.kde.org/frameworks/kio/-/blob/v5.105.0/src/core/kcoredirlister.cpp:
...
KCoreDirListerCache::slotUpdateResult():
{
...
    DirItem *dir = itemsInUse.value(jobUrl, nullptr);
    if (!dir) {
        qCWarning(KIO_CORE) << "Internal error: itemsInUse did not contain" << jobUrl;
#ifndef NDEBUG
        printDebug();
#endif
        Q_ASSERT(dir);
    } else {
        dir->complete = true;
    }
    ...
// => so dir can be nullptr and we go on
    ...
    for (const KFileItem &item : std::as_const(dir->lstItems)) {
// => BOOM. dir is dereferenced without nullptr check.
        fileItems.insert(item.name(), item);
    }
   ...
}

Looks like it is enough to embrace this loop with a nullptr check, but someone who knows KIO better should validate that.
Comment 4 Frank Schaefer 2023-04-29 18:26:39 UTC 
(In reply to Frank Schaefer from comment #3)
> Looks like it is enough to embrace this loop with a nullptr check, but
> someone who knows KIO better should validate that.

Unfortunately it isn't.
Looks like KCoreDirListerCache::slotUpdateResult() is supposed to never be called with a KJob whose url isn't on the itemsInUse list.

smb:///MyServer is changed to smb://username@MyServer after user name and password have been entered.
Apparently this change isn't handled properly, but I failed to track this down further.
I'm neither familiar with the KIO caching concept nor do I know all the different use cases in kio-extra components.
Comment 5 Frank Schaefer 2023-05-01 15:20:00 UTC 
Changing product to frameworks-kio because the bug is located there.
Comment 6 postix 2023-06-21 09:52:48 UTC 
Sounds like a duplicate of bug #451050.
Comment 7 TraceyC 2025-11-18 17:10:40 UTC 
The backtrace is nearly identical to bug 507185. Since this was for Plasma 5, I'll merge it into the other report, which is for Plasma 6. Therefore, the backtraces in the other report are more useful in the present.

*** This bug has been marked as a duplicate of bug 507185 ***