Bug 512059

Summary: Konsole crashed in QImage::isNull
Product: [Applications] konsole Reporter: Matt Fagnani <matt.fagnani>
Component: generalAssignee: Konsole Bugs <konsole-bugs-null>
Status: RESOLVED DUPLICATE    
Severity: crash CC: kdedev
Priority: NOR    
Version First Reported In: 25.08.2   
Target Milestone: ---   
Platform: Fedora RPMs   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Matt Fagnani 2025-11-14 03:04:28 UTC 
SUMMARY

I started Plasma 6.5.2 on Wayland in a Fedora 43 KDE installation. I ran Firefox Nightly 147.0a1. I ran Konsole 25.08.2. In Konsole, I ran sudo dnf offline-upgrade download --refresh with the updates-testing repo enabled. I selected y to start the download of the updates which included KDE Gear 25.08.3. I switched to Firefox and used it for less than a minute. I switched to Konsole. Konsole crashed in QImage::isNull in frame 5 of the trace with an invalid pointer this=this@entry=0x18. QPainter::drawImage in frame 6 had an invalid pointer image at 0x18.

(gdb) bt
#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=11, no_tid=no_tid@entry=0)
    at pthread_kill.c:44
#1  0x00007fa374c80493 in __pthread_kill_internal (threadid=<optimized out>, signo=11) at pthread_kill.c:89
#2  0x00007fa374c2618e in __GI_raise (sig=11) at ../sysdeps/posix/raise.c:26
#3  0x00007fa377469071 in KCrash::defaultCrashHandler(int) () at /lib64/libKF6Crash.so.6
#4  0x00007fa374c262c0 in <signal handler called> () at /lib64/libc.so.6
#5  QImage::isNull (this=this@entry=0x18)
    at /usr/src/debug/qt6-qtbase-6.10.0-3.fc43.x86_64/src/gui/image/qimage.cpp:1342
#6  0x00007fa375c98fc2 in QPainter::drawImage
    (this=this@entry=0x7ffc74c79558, targetRect=..., image=..., sourceRect=..., flags=flags@entry=...)
    at /usr/src/debug/qt6-qtbase-6.10.0-3.fc43.x86_64/src/gui/painting/qpainter.cpp:5197
#7  0x00007fa371d20614 in QPainter::drawImage
    (this=0x7ffc74c79558, targetRect=<synthetic pointer>..., image=<optimized out>, sourceRect=<synthetic pointer>..., flags=...) at /usr/src/debug/qt6-qtbase-6.10.0-3.fc43.x86_64/src/gui/painting/qpainter.h:777
#8  QtWaylandClient::QWaylandShmBackingStore::scroll (this=0x55e682ca9e90, region=<optimized out>, dx=0, dy=-22)
    at /usr/src/debug/qt6-qtbase-6.10.0-3.fc43.x86_64/src/plugins/platforms/wayland/qwaylandshmbackingstore.cpp:271
#9  0x00007fa375b7b40b in QBackingStore::scroll
    (this=this@entry=0x55e682ca0320, area=..., dx=dx@entry=0, dy=dy@entry=-22)
    at /usr/src/debug/qt6-qtbase-6.10.0-3.fc43.x86_64/src/gui/painting/qbackingstore.cpp:265
#10 0x00007fa3766b29ae in QWidgetRepaintManager::bltRect
    (this=this@entry=0x55e6832348e0, rect=..., dx=dx@entry=0, dy=dy@entry=-22, widget=widget@entry=0x55e6830ae9e0)
    at /usr/src/debug/qt6-qtbase-6.10.0-3.fc43.x86_64/src/widgets/kernel/qwidgetrepaintmanager.cpp:532
#11 0x00007fa3766b928c in QWidgetPrivate::scrollRect (this=0x55e6830aee90, rect=..., dx=dx@entry=0, dy=-22)
    at /usr/src/debug/qt6-qtbase-6.10.0-3.fc43.x86_64/src/widgets/kernel/qwidgetrepaintmanager.cpp:490
#12 0x00007fa37668b582 in QWidgetPrivate::scroll_sys (this=<optimized out>, dx=dx@entry=0, dy=<optimized out>, r=...)
    at /usr/src/debug/qt6-qtbase-6.10.0-3.fc43.x86_64/src/widgets/kernel/qwidget.cpp:11164
#13 0x00007fa37668b7a4 in QWidget::scroll (this=this@entry=0x55e6830ae9e0, dx=dx@entry=0, dy=<optimized out>, r=...)
--Type <RET> for more, q to quit, c to continue without paging--c
    at /usr/src/debug/qt6-qtbase-6.10.0-3.fc43.x86_64/src/widgets/kernel/qwidget.cpp:11159
#14 0x00007fa3772f21d6 in Konsole::TerminalScrollBar::scrollImage
    (this=<optimized out>, lines=1, screenWindowRegion=<optimized out>, image=<optimized out>, imageSize=<optimized out>) at /usr/src/debug/konsole-25.08.2-1.fc43.x86_64/src/terminalDisplay/TerminalScrollBar.cpp:243
#15 0x00007fa3772dee8b in Konsole::TerminalDisplay::updateImage (this=0x55e6830ae9e0)
    at /usr/src/debug/konsole-25.08.2-1.fc43.x86_64/src/terminalDisplay/TerminalDisplay.cpp:478
#16 0x00007fa37536855a in QtPrivate::QSlotObjectBase::call (this=0x55e6831a41e0, r=0x55e6830ae9e0, a=0x7ffc74c79a98)
    at /usr/src/debug/qt6-qtbase-6.10.0-3.fc43.x86_64/src/corelib/kernel/qobjectdefs_impl.h:461
#17 doActivate<false> (sender=0x55e68323dff0, signal_index=<optimized out>, argv=<optimized out>)
    at /usr/src/debug/qt6-qtbase-6.10.0-3.fc43.x86_64/src/corelib/kernel/qobject.cpp:4255
#18 0x00007fa37536855a in QtPrivate::QSlotObjectBase::call (this=0x55e6831a4150, r=0x55e68323dff0, a=0x7ffc74c79b68)
    at /usr/src/debug/qt6-qtbase-6.10.0-3.fc43.x86_64/src/corelib/kernel/qobjectdefs_impl.h:461
#19 doActivate<false> (sender=0x55e6830a4340, signal_index=<optimized out>, argv=0x7ffc74c79b68, argv@entry=0x0)
    at /usr/src/debug/qt6-qtbase-6.10.0-3.fc43.x86_64/src/corelib/kernel/qobject.cpp:4255
#20 0x00007fa37535efb9 in QMetaObject::activate
    (sender=sender@entry=0x55e6830a4340, m=m@entry=0x7fa377447e80 <Konsole::Emulation::staticMetaObject>, local_signal_index=local_signal_index@entry=8, argv=argv@entry=0x0)
    at /usr/src/debug/qt6-qtbase-6.10.0-3.fc43.x86_64/src/corelib/kernel/qobject.cpp:4315
#21 0x00007fa3772266a7 in Konsole::Emulation::outputChanged (this=this@entry=0x55e6830a4340)
    at /usr/src/debug/konsole-25.08.2-1.fc43.x86_64/redhat-linux-build/src/konsoleprivate_autogen/include/moc_Emulation.cpp:441
#22 0x00007fa37722d087 in Konsole::Emulation::showBulk (this=0x55e6830a4340)
    at /usr/src/debug/konsole-25.08.2-1.fc43.x86_64/src/Emulation.cpp:287
#23 0x00007fa37536855a in QtPrivate::QSlotObjectBase::call (this=0x55e6830a6370, r=0x55e6830a4340, a=0x7ffc74c79cd0)
    at /usr/src/debug/qt6-qtbase-6.10.0-3.fc43.x86_64/src/corelib/kernel/qobjectdefs_impl.h:461
#24 doActivate<false> (sender=0x55e6830a4400, signal_index=<optimized out>, argv=argv@entry=0x7ffc74c79cd0)
    at /usr/src/debug/qt6-qtbase-6.10.0-3.fc43.x86_64/src/corelib/kernel/qobject.cpp:4255
#25 0x00007fa37535efb9 in QMetaObject::activate
    (sender=<optimized out>, m=m@entry=0x7fa3758bcda0 <QTimer::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7ffc74c79cd0)
    at /usr/src/debug/qt6-qtbase-6.10.0-3.fc43.x86_64/src/corelib/kernel/qobject.cpp:4315
#26 0x00007fa375378bb3 in QMetaObject::activate<void, QTimer::QPrivateSignal>
    (sender=<optimized out>, mo=0x7fa3758bcda0 <QTimer::staticMetaObject>, local_signal_index=0, ret=0x0)
    at /usr/src/debug/qt6-qtbase-6.10.0-3.fc43.x86_64/src/corelib/kernel/qobjectdefs.h:319
#27 QTimer::timeout (this=<optimized out>, _t1=...)
    at /usr/src/debug/qt6-qtbase-6.10.0-3.fc43.x86_64/redhat-linux-build/src/corelib/Core_autogen/include/moc_qtimer.cpp:182
#28 0x00007fa3753599d5 in QObject::event (this=<optimized out>, e=<optimized out>)
    at /usr/src/debug/qt6-qtbase-6.10.0-3.fc43.x86_64/src/corelib/kernel/qobject.cpp:1441
#29 0x00007fa37663db1f in QApplicationPrivate::notify_helper
    (this=<optimized out>, receiver=0x55e6830a4400, e=0x7ffc74c79e80)
    at /usr/src/debug/qt6-qtbase-6.10.0-3.fc43.x86_64/src/widgets/kernel/qapplication.cpp:3307
#30 0x00007fa3752fcaa8 in QCoreApplication::notifyInternal2 (receiver=0x55e6830a4400, event=0x7ffc74c79e80)
    at /usr/src/debug/qt6-qtbase-6.10.0-3.fc43.x86_64/src/corelib/kernel/qcoreapplication.cpp:1109
#31 0x00007fa3752fcd0d in QCoreApplication::sendEvent (receiver=<optimized out>, event=<optimized out>)
    at /usr/src/debug/qt6-qtbase-6.10.0-3.fc43.x86_64/src/corelib/kernel/qcoreapplication.cpp:1549
#32 0x00007fa3754d1eb8 in QTimerInfoList::activateTimers (this=0x55e682a7aae0)
    at /usr/src/debug/qt6-qtbase-6.10.0-3.fc43.x86_64/src/corelib/kernel/qtimerinfo_unix.cpp:426
#33 0x00007fa375620df1 in timerSourceDispatch (source=<optimized out>)
    at /usr/src/debug/qt6-qtbase-6.10.0-3.fc43.x86_64/src/corelib/kernel/qeventdispatcher_glib.cpp:152
#34 idleTimerSourceDispatch (source=<optimized out>)
    at /usr/src/debug/qt6-qtbase-6.10.0-3.fc43.x86_64/src/corelib/kernel/qeventdispatcher_glib.cpp:199
#35 0x00007fa372ee52a3 in g_main_dispatch (context=0x7fa358001380) at ../glib/gmain.c:3565
#36 g_main_context_dispatch_unlocked (context=0x7fa358001380) at ../glib/gmain.c:4425
#37 0x00007fa372eee1f8 in g_main_context_iterate_unlocked
    (context=context@entry=0x7fa358001380, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>)
    at ../glib/gmain.c:4490
#38 0x00007fa372eee3a3 in g_main_context_iteration (context=0x7fa358001380, may_block=1) at ../glib/gmain.c:4556
#39 0x00007fa3756210ad in QEventDispatcherGlib::processEvents (this=0x55e682a21b50, flags=...)
    at /usr/src/debug/qt6-qtbase-6.10.0-3.fc43.x86_64/src/corelib/kernel/qeventdispatcher_glib.cpp:399
#40 0x00007fa375309603 in QEventLoop::exec (this=this@entry=0x7ffc74c7a130, flags=..., flags@entry=...)
    at /usr/src/debug/qt6-qtbase-6.10.0-3.fc43.x86_64/src/corelib/global/qflags.h:77
#41 0x00007fa375304df9 in QCoreApplication::exec ()
    at /usr/src/debug/qt6-qtbase-6.10.0-3.fc43.x86_64/src/corelib/kernel/qcoreapplication.cpp:1452
#42 0x00007fa375adf25d in QGuiApplication::exec ()
    at /usr/src/debug/qt6-qtbase-6.10.0-3.fc43.x86_64/src/gui/kernel/qguiapplication.cpp:1973
#43 0x00007fa37663da89 in QApplication::exec ()
    at /usr/src/debug/qt6-qtbase-6.10.0-3.fc43.x86_64/src/widgets/kernel/qapplication.cpp:2574
#44 0x000055e6607ef961 in main (argc=<optimized out>, argv=<optimized out>)
    at /usr/src/debug/konsole-25.08.2-1.fc43.x86_64/src/main.cpp:260

(gdb) frame 5
#5  QImage::isNull (this=this@entry=0x18)
    at /usr/src/debug/qt6-qtbase-6.10.0-3.fc43.x86_64/src/gui/image/qimage.cpp:1342
1342        return !d;
(gdb) p d
Cannot access memory at address 0x28
(gdb) p this
$1 = (const QImage * const) 0x18
(gdb) l
1337
1338        A null image has all parameters set to zero and no allocated data.
1339    */
1340    bool QImage::isNull() const
1341    {
1342        return !d;
1343    }
1344
1345    /*!
1346        \fn int QImage::width() const
(gdb) frame 6
#6  0x00007fa375c98fc2 in QPainter::drawImage (this=this@entry=0x7ffc74c79558, targetRect=..., image=..., 
    sourceRect=..., flags=flags@entry=...)
    at /usr/src/debug/qt6-qtbase-6.10.0-3.fc43.x86_64/src/gui/painting/qpainter.cpp:5197
5197        if (!d->engine || image.isNull())
(gdb) p d
$2 = <optimized out>
(gdb) l
5192    void QPainter::drawImage(const QRectF &targetRect, const QImage &image, const QRectF &sourceRect,
5193                             Qt::ImageConversionFlags flags)
5194    {
5195        Q_D(QPainter);
5196
5197        if (!d->engine || image.isNull())
5198            return;
5199
5200        qreal x = targetRect.x();
5201        qreal y = targetRect.y();
(gdb) p image
$3 = (const QImage &) <error reading variable: Cannot access memory at address 0x18>

This problem happened once. I tried it again and it didn't crash. The problem might involve a race condition.

STEPS TO REPRODUCE
1. start Plasma 6.5.2 on Wayland in a Fedora 43 KDE installation. 
2. run Firefox 
3. run Konsole 25.08.2. 
4. In Konsole, run sudo dnf offline-upgrade download --refresh with the updates-testing repo enabled. 
5. select y to start the download of the updates. 
6. switch to Firefox and use it. 
7. switch to Konsole.

OBSERVED RESULT
Konsole crashed in QImage::isNull

EXPECTED RESULT
Konsole shouldn't have crashed.

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Fedora 43
KDE Plasma Version: 6.5.2
KDE Frameworks Version: 6.19.0
Qt Version: 6.10.0

ADDITIONAL INFORMATION
Comment 1 TraceyC 2025-11-17 22:52:26 UTC 
Thank you for the bug report. Based on the backtrace this looks like a duplicate of bug 511945. Please follow that report if you would like updates on the progress of this issue.

*** This bug has been marked as a duplicate of bug 511945 ***