| Summary: | event delivered to deleted object - kaboodle audio preview | ||
|---|---|---|---|
| Product: | [Applications] konqueror | Reporter: | Roger Larsson <roger.larsson> |
| Component: | general | Assignee: | Konqueror Bugs <konqueror-bugs-null> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | crash | CC: | hausmann |
| Priority: | NOR | ||
| Version First Reported In: | unspecified | ||
| Target Milestone: | --- | ||
| Platform: | Compiled Sources | ||
| OS: | Linux | ||
| Latest Commit: | Version Fixed/Implemented In: | ||
| Sentry Crash Report: | |||
| Attachments: |
Traceback from the fatal delete, note the usages higher up
Traceback from fatal delete - It is even worse... event loop patch from qt-copy |
||
Reviewing this while awake... "Preview" should be read as "Preview in embedded player" Still happens in 3.1rc2 Noticed that I could get better debug output with kdebugdialog... konqueror: KonqView::setLocationBarURL file:/var/downloaded/Media/korva.wav this=0x82b3770 konqueror: KonqMainWindow::setLocationBarURL: url = file:/var/downloaded/Media/korva.wav konqueror: changeViewMode: serviceType is audio/x-wav serviceName is kaboodle_component current service name is konq_detailedlistview konqueror: Switching view modes... konqueror: Trying to create view for "audio/x-wav" konqueror: Found requested service kaboodle_component konqueror: Trying to open lib for requested service kaboodle_component konqueror: KonqView::switchView mcop warning: user defined signal handler found for SIG_PIPE, overriding konqueror: KonqMainWindow::slotPartChanged kparts: WARNING: Part '' has a widget view widget with a focus policy of NoFocus. It should have at least a ClickFocus policy, for part activation to work well. konqueror: KonqMainWindow::slotPartActivated 0x83eb6e8 kaboodle konqueror: New current view 0x82b3770 konqueror: -KonqBaseListViewWidget konqueror: KonqView::openURL url=file:/var/downloaded/Media/korva.wav locationBarURL=file:/var/downloaded/Media/korva.wav konqueror: KonqView::setLocationBarURL file:/var/downloaded/Media/korva.wav this=0x82b3770 konqueror: KonqMainWindow::setLocationBarURL: url = file:/var/downloaded/Media/korva.wav konqueror: [void KonqView::setLoading(bool, bool = false)] loading=true hasPending=false konqueror: KonqView::slotCompleted hasPending=false libkonq: ## addToHistory: Typed URL: , Title: konqueror: [void KonqView::setLoading(bool, bool = false)] loading=false hasPending=false konqueror: KonqMainWindow::setCaption(file:/var/downloaded/Media/korva.wav) libkonq: ## addToHistory: file:/var/downloaded/Media/korva.wavTyped URL: file:/var/downloaded/Media/korva.wav, Title: konqueror: -------- KonqMainWindow::slotPopupMenu() - m_oldView = 0x82b3770, currentView = 0x82b3770, m_currentView = 0x82b3770 libkonq: ~KonqPopupMenu leave Program received signal SIGSEGV, Segmentation fault. Created attachment 350 [details]
Traceback from the fatal delete, note the usages higher up
I have done some more debugging and noticed that it was when processing an
event to qt_viewport that the object get deleted...
When returning from this one have to be really careful not to use any of its
members or make a virtual call. With the long call chain in this case it is
almost impossible.
One critical point is in the end of QScrollView::eventFilter
[widgets/qscrollview.cpp:1538]
return QFrame::eventFilter( obj, e ); // always continue with standard
event processing
* It forgets that it did accept and process the event... the code should be
something like this
return QFrame::eventFilter( obj, e ) || consumed_above;
Doing it like this will abort the processing in QObject::event a few levels
above.
But it is still VERY hard to get right.
My suggestion is to defere the deletion to a later time - is that possible?
It might not even be necessary to delete the object - often it will be reused
again really soon. (Preview in kaboodle, back to the qt_viewport)
Created attachment 351 [details]
Traceback from fatal delete - It is even worse...
as the blue pointers are used higher up in the call chain too...
the green object pointer is OK to delete - I think...
Subject: Critical for KDE 3.1 RC2? Hi, Soon there will be an RC2 - I have found a bug that I think is pretty bad. (It has not yet been confirmed by anyone else, maybe not even noticed - since no one has commented on it yet) Summary: Working with deleted objects [Two notes: It says that it still happens in KDE 3.1rc2 I hope this will not be the case (happens with recent cvs)... It happens with embedded previews for KHTML too...] http://bugs.kde.org/show_bug.cgi?id=49600 Having bugs of this kind can both produce crashes AND all sort of strange behavior... please try upgrading qt-copy. *** This bug has been marked as a duplicate of 49896 *** Subject: Re: event delivered to deleted object - kaboodle audio preview
I checked out the new qt-copy
Recompiled qt-copy (no clean - could still be a problem)
Recompiled kde (cvs clean, cvs refresh, clean install)'
And retested - Still crashes...
I noticed that in the callchain there is still a timer event in the call
chain. (Below the point where the deleted object is used)
I have made this patch to QObjects destructor - the qWarning line is great for
a breakpoint... (add one and retest even if your konqueror does not crash - a
corrupt pointer is bad even without a crash)
Notice the "delete oldPart" in KonqView::switchView shouldn't it be deferred
with a new timer event?
/RogerL
Index: qobject.cpp
===================================================================
RCS file: /cvs/qt-copy/src/kernel/qobject.cpp,v
retrieving revision 1.52
diff -u -3 -p -r1.52 qobject.cpp
--- qobject.cpp 2002/10/30 10:59:31 1.52
+++ qobject.cpp 2002/11/02 23:29:21
@@ -379,6 +379,9 @@ QObject::QObject( QObject *parent, const
QObject::~QObject()
{
+ if (objname && strcmp(objname, "qt_viewport") == 0)
+ qWarning(QString("Deleting qt_viewport
this=%1").arg((long)this,0,16));
+
if ( wasDeleted ) {
#if defined(QT_DEBUG)
qWarning( "Double QObject deletion detected." );
reopening Looking at the second backtrace I believe this should be fixed in qt-copy already. If you grep for 'shortcut' in qt-copy/src/kernel/qeventloop_p.h , do you get any hints? No, there is no sign of 'shortcut' in qeventloop_p.h in my files. But neither are there in http://kdewebcvs.pandmservices.com/cgi-bin/cvsweb.cgi/qt-copy/src/kernel/qapplication_p.h or my cvs source kdecvs.radar.tugraz.at Created attachment 368 [details]
event loop patch from qt-copy
Ok, looks like anoncvs and webcvs are outdated. Please try attachment 1 [details] , it's the event loop patch
from Brad that I believe should fix this bug.
*** This bug has been marked as a duplicate of 49896 *** |
Version: (using KDE Devel) Installed from: Compiled sources I have investigated a crash that I get when I right click on a audio file (ogg or wav tested) How to reproduce: * view a folder containing media files with konqueror * rightclick and select preview kaboom! Backtrace further down... This is what happens (I think) - debugged with breakpoints (texts in "" are objname) * "qt_viewport" is notified of a RMB down - OK * parent is notified of a RMB down - OK * "konq_popupmenu" is notified of a RMB release - OK ("qt_viewport" gets deleted, since screen is updated to handle plugins) * the deleted and reused [Note the this pointer = 0x1] for other purposes "qt_viewport" is notified with a RMB release - CRASH! (since the object does not exist - I have seen objnames like ":"?") #5 <signal handler called> #6 QShared::deref (this=0x1) at /opt/qt-copy/include/qshared.h:50 #7 0x080522f3 in QValueListPrivate<QString>::derefAndDelete (this=0x1) at /opt/qt-copy/include/qvaluelist.h:234 #8 0x080521d7 in QValueList<QString>::operator= (this=0x8302ea4, l=@0xbfffe9a8) at /opt/qt-copy/include/qvaluelist.h:449 #9 0x08051928 in QStringList::operator= (this=0x8302ea4, _ctor_arg=@0xbfffe9a8) at kinit.cpp:315 #10 0x40a63fe7 in QProcess::setArguments (this=0x8302e58, args=@0xbfffe9a8) at kernel/qprocess.cpp:301 #11 0x40a7cb5b in QWidget::event (this=0x8302e58, e=0xbfffe9a8) at kernel/qwidget.cpp:4308 #12 0x409fb179 in QApplication::internalNotify (this=0xbfffef58, receiver=0x8302e58, e=0xbfffe9a8) at kernel/qapplication.cpp:2288 #13 0x409fa870 in QApplication::notify (this=0xbfffef58, receiver=0x8302e58, e=0xbfffe9a8) at kernel/qapplication.cpp:2096 #14 0x40665e54 in KApplication::notify (this=0xbfffef58, receiver=0x8302e58, event=0xbfffe9a8) at kapplication.cpp:440 #15 0x40ddb4f4 in QApplication::sendSpontaneousEvent (receiver=0x8302e58, event=0xbfffe9a8) at .moc/debug-shared-mt/../../kernel/qapplication.h:480 #16 0x409a7c9d in QETWidget::translateMouseEvent (this=0x8302e58, event=0xbfffed00) at kernel/qapplication_x11.cpp:4235 #17 0x409a54b5 in QApplication::x11ProcessEvent (this=0xbfffef58, event=0xbfffed00) at kernel/qapplication_x11.cpp:3383 #18 0x409b7b4c in QEventLoop::processEvents (this=0x80b07f0, flags=4) at kernel/qeventloop_x11.cpp:167 #19 0x40a0dc00 in QEventLoop::enterLoop (this=0x80b07f0) at kernel/qeventloop.cpp:188 #20 0x40a0db45 in QEventLoop::exec (this=0x80b07f0) at kernel/qeventloop.cpp:138 #21 0x409fb375 in QApplication::exec (this=0xbfffef58) at kernel/qapplication.cpp:2409 #22 0x41357e94 in main (argc=3, argv=0x805f2a8) at konq_main.cc:130