| Summary: | Specific sequence of Color Picker, Text, Undo and Flood Fill leads to a segfault | ||
|---|---|---|---|
| Product: | [Applications] kolourpaint | Reporter: | Dillon <dillonotto112> |
| Component: | general | Assignee: | kolourpaint-support |
| Status: | CONFIRMED --- | ||
| Severity: | crash | CC: | john.kizer |
| Priority: | NOR | ||
| Version First Reported In: | 24.12.1 | ||
| Target Milestone: | --- | ||
| Platform: | Ubuntu | ||
| OS: | Linux | ||
| Latest Commit: | Version Fixed/Implemented In: | ||
| Sentry Crash Report: | https://crash-reports.kde.org/organizations/kde/issues/119490/events/79029804170a40719de8fd30eefdce23/ | ||
Video of Bug: https://youtu.be/77zp5Zj2Ejs Hi - thanks for your bug report! I can reproduce this crash on Fedora KDE 41. Backtrace from my device below, since it looked slightly different:
#0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=11, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1 0x00007f338c07f163 in __pthread_kill_internal (threadid=<optimized out>, signo=11) at pthread_kill.c:78
#2 0x00007f338c025fde in __GI_raise (sig=11) at ../sysdeps/posix/raise.c:26
#3 0x00007f338e6631a2 in KCrash::defaultCrashHandler (sig=11) at /usr/src/debug/kf6-kcrash-6.10.0-1.fc41.x86_64/src/kcrash.cpp:596
#4 0x00007f338c026090 in <signal handler called> () at /lib64/libc.so.6
#5 0x0000559d26b0b2eb in populatePopupMenu
(popupMenu=0x559d2b856490, undoOrRedo="Undo", commandList=QList<kpCommand *> (size = 2) = {...})
at /usr/src/debug/kolourpaint-24.12.1-1.fc41.x86_64/commands/kpCommandHistoryBase.cpp:596
#6 0x0000559d26b0fa90 in populatePopupMenu
(popupMenu=<optimized out>, undoOrRedo="Undo", commandList=QList<kpCommand *> (size = 2) = {...})
at /usr/src/debug/kolourpaint-24.12.1-1.fc41.x86_64/commands/kpCommandHistoryBase.cpp:635
#7 kpCommandHistoryBase::updateActions (this=0x559d2b72c8c0)
at /usr/src/debug/kolourpaint-24.12.1-1.fc41.x86_64/commands/kpCommandHistoryBase.cpp:633
#8 0x0000559d26b66731 in kpToolFloodFill::endDraw (this=0x559d2b9de4b0)
at /usr/src/debug/kolourpaint-24.12.1-1.fc41.x86_64/tools/kpToolFloodFill.cpp:160
#9 0x0000559d26b65095 in kpTool::endDrawInternal (this=0x559d2b9de4b0, thisPoint=<optimized out>, normalizedRect=..., wantEndShape=false)
at /usr/src/debug/kolourpaint-24.12.1-1.fc41.x86_64/tools/kpTool_Drawing.cpp:387
#10 kpTool::endDrawInternal (this=0x559d2b9de4b0, thisPoint=..., normalizedRect=..., wantEndShape=<optimized out>)
at /usr/src/debug/kolourpaint-24.12.1-1.fc41.x86_64/tools/kpTool_Drawing.cpp:358
#11 0x0000559d26b658e7 in kpTool::mouseReleaseEvent (this=0x559d2b9de4b0, e=0x7ffff93db380)
at /usr/src/debug/kolourpaint-24.12.1-1.fc41.x86_64/tools/kpTool_MouseEvents.cpp:268
#12 0x0000559d26b77b0a in kpView::mouseReleaseEvent (this=0x559d2be83e00, e=0x7ffff93db380)
at /usr/src/debug/kolourpaint-24.12.1-1.fc41.x86_64/views/kpView_Events.cpp:102
#13 0x00007f338d8a3718 in QWidget::event (this=0x559d2be83e00, event=0x7ffff93db380)
at /usr/src/debug/qt6-qtbase-6.8.1-10.fc41.x86_64/src/widgets/kernel/qwidget.cpp:9345
#14 0x00007f338d83d678 in QApplicationPrivate::notify_helper
(this=this@entry=0x559d2b629b70, receiver=receiver@entry=0x559d2be83e00, e=e@entry=0x7ffff93db380)
at /usr/src/debug/qt6-qtbase-6.8.1-10.fc41.x86_64/src/widgets/kernel/qapplication.cpp:3296
#15 0x00007f338d84895b in QApplication::notify (this=<optimized out>, receiver=<optimized out>, e=0x7ffff93db380)
at /usr/src/debug/qt6-qtbase-6.8.1-10.fc41.x86_64/src/widgets/kernel/qapplication.cpp:2774
#16 0x00007f338c6f33f8 in QCoreApplication::notifyInternal2 (receiver=0x559d2be83e00, event=0x7ffff93db380)
at /usr/src/debug/qt6-qtbase-6.8.1-10.fc41.x86_64/src/corelib/kernel/qcoreapplication.cpp:1168
#17 0x00007f338c6f365d in QCoreApplication::sendSpontaneousEvent (receiver=<optimized out>, event=<optimized out>)
at /usr/src/debug/qt6-qtbase-6.8.1-10.fc41.x86_64/src/corelib/kernel/qcoreapplication.cpp:1626
#18 0x00007f338d846eec in QApplicationPrivate::sendMouseEvent
(receiver=receiver@entry=0x559d2be83e00, event=event@entry=0x7ffff93db380, alienWidget=<optimized out>,
alienWidget@entry=0x559d2be83e00, nativeWidget=0x559d2b864000, buttonDown=buttonDown@entry=0x7f338dfd1950 <qt_button_down>, lastMouseReceiver=..., spontaneous=true, onlyDispatchEnterLeave=false)
at /usr/src/debug/qt6-qtbase-6.8.1-10.fc41.x86_64/src/widgets/kernel/qapplication.cpp:2355
#19 0x00007f338d8b7f5c in QWidgetWindow::handleMouseEvent (this=0x559d2be7fde0, event=event@entry=0x7ffff93db630)
at /usr/src/debug/qt6-qtbase-6.8.1-10.fc41.x86_64/src/widgets/kernel/qwidgetwindow.cpp:667
#20 0x00007f338d8bafc0 in QWidgetWindow::event (this=0x559d2be7fde0, event=0x7ffff93db630)
at /usr/src/debug/qt6-qtbase-6.8.1-10.fc41.x86_64/src/widgets/kernel/qwidgetwindow.cpp:299
#21 0x00007f338d83d678 in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x559d2be7fde0, e=0x7ffff93db630)
at /usr/src/debug/qt6-qtbase-6.8.1-10.fc41.x86_64/src/widgets/kernel/qapplication.cpp:3296
#22 0x00007f338c6f33f8 in QCoreApplication::notifyInternal2 (receiver=0x559d2be7fde0, event=0x7ffff93db630)
at /usr/src/debug/qt6-qtbase-6.8.1-10.fc41.x86_64/src/corelib/kernel/qcoreapplication.cpp:1168
#23 0x00007f338c6f365d in QCoreApplication::sendSpontaneousEvent (receiver=<optimized out>, event=<optimized out>)
at /usr/src/debug/qt6-qtbase-6.8.1-10.fc41.x86_64/src/corelib/kernel/qcoreapplication.cpp:1626
#24 0x00007f338cee9ba9 in QGuiApplicationPrivate::processMouseEvent (e=0x559d2c009bf0)
at /usr/src/debug/qt6-qtbase-6.8.1-10.fc41.x86_64/src/gui/kernel/qguiapplication.cpp:2461
#25 0x00007f338cf5209c in QWindowSystemInterface::sendWindowSystemEvents (flags=...)
at /usr/src/debug/qt6-qtbase-6.8.1-10.fc41.x86_64/src/gui/kernel/qwindowsysteminterface.cpp:1114
#26 0x00007f338d4ba914 in userEventSourceDispatch (source=<optimized out>)
at /usr/src/debug/qt6-qtbase-6.8.1-10.fc41.x86_64/src/gui/platform/unix/qeventdispatcher_glib.cpp:38
#27 0x00007f338b6a728c in g_main_dispatch (context=0x7f3370000f30) at ../glib/gmain.c:3357
#28 g_main_context_dispatch_unlocked (context=0x7f3370000f30) at ../glib/gmain.c:4208
#29 0x00007f338b7077b8 in g_main_context_iterate_unlocked.isra.0
(context=context@entry=0x7f3370000f30, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4273
#30 0x00007f338b6a8783 in g_main_context_iteration (context=0x7f3370000f30, may_block=1) at ../glib/gmain.c:4338
#31 0x00007f338c9ed233 in QEventDispatcherGlib::processEvents (this=0x559d2b62c550, flags=...)
at /usr/src/debug/qt6-qtbase-6.8.1-10.fc41.x86_64/src/corelib/kernel/qeventdispatcher_glib.cpp:399
#32 0x00007f338c701c7b in QEventLoop::exec (this=this@entry=0x7ffff93dbad0, flags=..., flags@entry=...)
--Type <RET> for more, q to quit, c to continue without paging--
at /usr/src/debug/qt6-qtbase-6.8.1-10.fc41.x86_64/src/corelib/global/qflags.h:34
#33 0x00007f338c6fd3fe in QCoreApplication::exec () at /usr/src/debug/qt6-qtbase-6.8.1-10.fc41.x86_64/src/corelib/global/qflags.h:74
#34 0x00007f338ced6bfd in QGuiApplication::exec ()
at /usr/src/debug/qt6-qtbase-6.8.1-10.fc41.x86_64/src/gui/kernel/qguiapplication.cpp:1975
#35 0x00007f338d83d5e9 in QApplication::exec () at /usr/src/debug/qt6-qtbase-6.8.1-10.fc41.x86_64/src/widgets/kernel/qapplication.cpp:2564
#36 0x0000559d26b06c1c in main (argc=<optimized out>, argv=<optimized out>)
at /usr/src/debug/kolourpaint-24.12.1-1.fc41.x86_64/kolourpaint.cpp:162
|
SUMMARY Specific tool combination involving undo leads to a segfault. STEPS TO REPRODUCE 1. Select Color Picker + Click the Canvas 2. Select text tool + Click the Canvas 3. Hit Undo 4. Select Flood tool + Click the Canvas OBSERVED RESULT Crashes with a segfault EXPECTED RESULT Doesn't crash BACKTRACE Thread 1 "kolourpaint" received signal SIGSEGV, Segmentation fault. 0x00005555555ad741 in populatePopupMenu ( popupMenu=popupMenu@entry=0x555555be7990, undoOrRedo=..., commandList=...) at /home/dillon/kde/src/kolourpaint/commands/kpCommandHistoryBase.cpp:519 519 QAction *action = new QAction(i18n("%1: %2", undoOrRedo, (*it)->name()), popupMenu); (gdb) bt full #0 0x00005555555ad741 in populatePopupMenu (popupMenu=popupMenu@entry=0x555555be7990, undoOrRedo=..., commandList=...) at /home/dillon/kde/src/kolourpaint/commands/kpCommandHistoryBase.cpp:519 action = <optimized out> it = {i = 0x5555560b8998} i = 1 #1 0x00005555555abdc2 in kpCommandHistoryBase::updateActions (this=this@entry=0x555555be24c0) at /home/dillon/kde/src/kolourpaint/commands/kpCommandHistoryBase.cpp:554 #2 0x00005555555abbdd in kpCommandHistoryBase::trimCommandListsUpdateActions (this=0x555555be24c0) at /home/dillon/kde/src/kolourpaint/commands/kpCommandHistoryBase.cpp:411 #3 kpCommandHistoryBase::addCommand (this=0x555555be24c0, command=<optimized out>, execute=<optimized out>) at /home/dillon/kde/src/kolourpaint/commands/kpCommandHistoryBase.cpp:232 #4 0x0000555555665266 in kpToolFloodFill::endDraw (this=0x555555df60b0) at /home/dillon/kde/src/kolourpaint/tools/kpToolFloodFill.cpp:135 #5 0x0000555555664600 in kpTool::endDrawInternal (this=0x555555df60b0, thisPoint=..., normalizedRect=..., wantEndShape=<optimized out>) at /home/dillon/kde/src/kolourpaint/tools/kpTool_Drawing.cpp:345 #6 0x000055555566750b in kpTool::mouseReleaseEvent (this=0x555555df60b0, e=0x7fffffffd2a0) at /home/dillon/kde/src/kolourpaint/tools/kpTool_MouseEvents.cpp:226 #7 0x00005555556897f0 in kpView::mouseReleaseEvent (this=0x555555f68c80, e=0x7fffffffd2a0) at /home/dillon/kde/src/kolourpaint/views/kpView_Events.cpp:74 #8 0x00007ffff67e3400 in QWidget::event (this=0x555555f68c80, event=0x7fffffffd2a0) at /usr/src/qt6-base-6.6.2+dfsg-12/src/widgets/kernel/qwidget.cpp:8959 d = 0x555555ef3b90 #9 0x00007ffff6793260 in QApplicationPrivate::notify_helper (this=this@entry=0x555555961b80, receiver=receiver@entry=0x555555f68c80, e=e@entry=0x7fffffffd2a0) at /usr/src/qt6-base-6.6.2+dfsg-12/src/widgets/kernel/qapplication.cpp:3296 consumed = false filtered = false #10 0x00007ffff67975fe in QApplication::notify (this=<optimized out>, receiver=0x555555f68c80, e=0x7fffffffd2a0) at /usr/src/qt6-base-6.6.2+dfsg-12/src/widgets/kernel/qapplication.cpp:2782