Bug 66209

Summary: Konqueror Drag and Drop Can Cause Crash (with backtrace)
Product: [Applications] konqueror Reporter: Clay Holladay <jhollad>
Component: generalAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED DUPLICATE    
Severity: crash    
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Slackware   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Clay Holladay 2003-10-18 17:58:53 UTC
Version:           3.1.4 (using KDE KDE 3.1.4)
Installed from:    Slackware Packages
Compiler:          gcc (GCC) 3.2.3 Slackware 9.1 Default
OS:          Linux

Using drag and drop to move and copy files from the web or from local folders sometimes causes Konqueror to immediately crash.  Unfortunately I have not been able to reliably produce this crash with documents I own, but one presentation posted to a centrinity firstclass bulletin board web site consistently crashes konq.  However dragging this same file from the desktop or another folder fails to produce a crash.  Hope this helps the project.
Backtrace:
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...[New Thread 16384 (LWP 820)]

0x410775c9 in waitpid () from /lib/libpthread.so.0
#0  0x410775c9 in waitpid () from /lib/libpthread.so.0
#1  0x407639ed in KCrash::defaultCrashHandler(int) ()
   from /opt/kde/lib/libkdecore.so.4
#2  0x41075c45 in __pthread_sighandler () from /lib/libpthread.so.0
#3  <signal handler called>
#4  0x40a4de10 in qt_xdnd_handle_selection_request(XSelectionRequestEvent const*) () from /usr/lib/qt/lib/libqt-mt.so.3
#5  0x40a4e151 in QDropEvent::encodedData(char const*) const ()
   from /usr/lib/qt/lib/libqt-mt.so.3
#6  0x401073cb in KonqIconViewWidget::contentsDragEnterEvent(QDragEnterEvent*)
    () from /opt/kde/lib/libkonq.so.4
#7  0x40c0b15a in QScrollView::viewportDragEnterEvent(QDragEnterEvent*) ()
   from /usr/lib/qt/lib/libqt-mt.so.3
#8  0x40c0a879 in QScrollView::eventFilter(QObject*, QEvent*) ()
   from /usr/lib/qt/lib/libqt-mt.so.3
#9  0x40cbc2bf in QIconView::eventFilter(QObject*, QEvent*) ()
   from /usr/lib/qt/lib/libqt-mt.so.3
#10 0x40afb96e in QObject::activate_filters(QEvent*) ()
   from /usr/lib/qt/lib/libqt-mt.so.3
#11 0x40afb891 in QObject::event(QEvent*) () from /usr/lib/qt/lib/libqt-mt.so.3
#12 0x40b3260c in QWidget::event(QEvent*) () from /usr/lib/qt/lib/libqt-mt.so.3
#13 0x40aa3035 in QApplication::internalNotify(QObject*, QEvent*) ()
   from /usr/lib/qt/lib/libqt-mt.so.3
#14 0x40aa26eb in QApplication::notify(QObject*, QEvent*) ()
   from /usr/lib/qt/lib/libqt-mt.so.3
#15 0x406e6c89 in KApplication::notify(QObject*, QEvent*) ()
   from /opt/kde/lib/libkdecore.so.4
#16 0x40a4bc92 in qt_handle_xdnd_position(QWidget*, _XEvent const*, bool) ()
   from /usr/lib/qt/lib/libqt-mt.so.3
#17 0x40a3a342 in QApplication::x11ClientMessage(QWidget*, _XEvent*, bool) ()
   from /usr/lib/qt/lib/libqt-mt.so.3
#18 0x40a3b501 in QApplication::x11ProcessEvent(_XEvent*) ()
   from /usr/lib/qt/lib/libqt-mt.so.3
#19 0x40a50ed7 in QEventLoop::processEvents(unsigned) ()
   from /usr/lib/qt/lib/libqt-mt.so.3
#20 0x40ab6276 in QEventLoop::enterLoop() () from /usr/lib/qt/lib/libqt-mt.so.3
#21 0x40ab6118 in QEventLoop::exec() () from /usr/lib/qt/lib/libqt-mt.so.3
#22 0x40aa3281 in QApplication::exec() () from /usr/lib/qt/lib/libqt-mt.so.3
#23 0x40056a27 in main () from /opt/kde/lib/konqueror.so
#24 0x411c6d06 in __libc_start_main () from /lib/libc.so.6
Comment 1 Clay Holladay 2003-10-19 00:41:03 UTC
It may be worthwhile to add that this crash does not always produce the backtrace dialog box.
Comment 2 Clay Holladay 2003-10-19 19:25:10 UTC
Here is another backtrace from a crash that occurred when dragging my desktop cdrom and floppy shortcuts across a konqueror local directory window.  The crash occurred immediately after the icon entered the window.  I did not drop it, the icon simply passed over the window.
Backtrace:
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...[New Thread 16384 (LWP 717)]

0x40f535c9 in waitpid () from /lib/libpthread.so.0
#0  0x40f535c9 in waitpid () from /lib/libpthread.so.0
#1  0x4063f9ed in KCrash::defaultCrashHandler(int) ()
   from /opt/kde/lib/libkdecore.so.4
#2  0x40f51c45 in __pthread_sighandler () from /lib/libpthread.so.0
#3  <signal handler called>
#4  0x40929e10 in qt_xdnd_handle_selection_request(XSelectionRequestEvent const*) () from /usr/lib/qt/lib/libqt-mt.so.3
#5  0x4092a151 in QDropEvent::encodedData(char const*) const ()
   from /usr/lib/qt/lib/libqt-mt.so.3
#6  0x40b87d2f in QIconDragPrivate::decode(QMimeSource*, QValueList<QIconDragDataItem>&) () from /usr/lib/qt/lib/libqt-mt.so.3
#7  0x40b98132 in QIconView::initDragEnter(QDropEvent*) ()
   from /usr/lib/qt/lib/libqt-mt.so.3
#8  0x40b93ef8 in QIconView::contentsDragEnterEvent(QDragEnterEvent*) ()
   from /usr/lib/qt/lib/libqt-mt.so.3
#9  0x419193a5 in KonqIconViewWidget::contentsDragEnterEvent(QDragEnterEvent*)
    () from /opt/kde/lib/libkonq.so.4
#10 0x40ae715a in QScrollView::viewportDragEnterEvent(QDragEnterEvent*) ()
   from /usr/lib/qt/lib/libqt-mt.so.3
#11 0x40ae6879 in QScrollView::eventFilter(QObject*, QEvent*) ()
   from /usr/lib/qt/lib/libqt-mt.so.3
#12 0x40b982bf in QIconView::eventFilter(QObject*, QEvent*) ()
   from /usr/lib/qt/lib/libqt-mt.so.3
#13 0x409d796e in QObject::activate_filters(QEvent*) ()
   from /usr/lib/qt/lib/libqt-mt.so.3
#14 0x409d7891 in QObject::event(QEvent*) () from /usr/lib/qt/lib/libqt-mt.so.3
#15 0x40a0e60c in QWidget::event(QEvent*) () from /usr/lib/qt/lib/libqt-mt.so.3
#16 0x4097f035 in QApplication::internalNotify(QObject*, QEvent*) ()
   from /usr/lib/qt/lib/libqt-mt.so.3
#17 0x4097e6eb in QApplication::notify(QObject*, QEvent*) ()
   from /usr/lib/qt/lib/libqt-mt.so.3
#18 0x405c2c89 in KApplication::notify(QObject*, QEvent*) ()
   from /opt/kde/lib/libkdecore.so.4
#19 0x40927c92 in qt_handle_xdnd_position(QWidget*, _XEvent const*, bool) ()
   from /usr/lib/qt/lib/libqt-mt.so.3
#20 0x40916342 in QApplication::x11ClientMessage(QWidget*, _XEvent*, bool) ()
   from /usr/lib/qt/lib/libqt-mt.so.3
#21 0x40917501 in QApplication::x11ProcessEvent(_XEvent*) ()
   from /usr/lib/qt/lib/libqt-mt.so.3
#22 0x4092ced7 in QEventLoop::processEvents(unsigned) ()
   from /usr/lib/qt/lib/libqt-mt.so.3
#23 0x40992276 in QEventLoop::enterLoop() () from /usr/lib/qt/lib/libqt-mt.so.3
#24 0x40992118 in QEventLoop::exec() () from /usr/lib/qt/lib/libqt-mt.so.3
#25 0x4097f281 in QApplication::exec() () from /usr/lib/qt/lib/libqt-mt.so.3
#26 0x4198ca27 in main () from /opt/kde/lib/konqueror.so
#27 0x0804cbe1 in strcpy ()
#28 0x0804da09 in strcpy ()
#29 0x0804de8c in strcpy ()
#30 0x0804ec3a in strcpy ()
#31 0x410a1d06 in __libc_start_main () from /lib/libc.so.6
Comment 3 Wilbur Pan 2003-12-17 23:17:43 UTC
I have noticed similar behavior with KDE 3.2.0_beta2.  Konqueror sometimes and erratically crashes when i drag a file icon over the window.  Of note, this has happened when Konqueror is in either file management or web browser mode.

Here's my backtrace (Konqueror was in web browsing mode):

(no debugging symbols found)...Using host libthread_db library "/lib/libthread_db.so.1".
(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...[Thread debugging using libthread_db enabled]
[New Thread 16384 (LWP 28914)]
0x40f64a28 in waitpid ()
   from /lib/libpthread.so.0
#0  0x40f64a28 in waitpid () from /lib/libpthread.so.0
#1  0x406be28c in ?? () from /usr/kde/3.2/lib/libkdecore.so.4
#2  0x40627775 in KCrash::defaultCrashHandler(int) ()
   from /usr/kde/3.2/lib/libkdecore.so.4
#3  0x00000018 in ?? ()
Comment 4 Waldo Bastian 2004-01-19 15:11:17 UTC
Just got this crash:

[New Thread 16384 (LWP 21832)]
0x41432fd6 in waitpid () from /lib/libpthread.so.0
#0  0x41432fd6 in waitpid () from /lib/libpthread.so.0
#1  0x409287a4 in KCrash::defaultCrashHandler(int) (sig=11) at kcrash.cpp:246
#2  0x41431bb1 in __pthread_sighandler () from /lib/libpthread.so.0
#3  <signal handler called>
#4  0x40cbce49 in QPaintDevice::x11Screen() const (this=0x8385f78)
    at qpaintdevice.h:335
#5  0x40ce0654 in QPainter::begin(QPaintDevice const*, bool) (this=0xbfffe330, 
    pd=0x8385f78, unclipped=false) at kernel/qpainter_x11.cpp:1008
#6  0x40f62079 in QIconView::drawDragShapes(QPoint const&) (this=0x838c6a0, 
    pos=@0xbfffe9b0) at iconview/qiconview.cpp:5531
#7  0x40f5df4d in QIconView::contentsDragEnterEvent(QDragEnterEvent*) (
    this=0x838c6a0, e=0xbfffe990) at iconview/qiconview.cpp:4680
#8  0x40143a3e in KonqIconViewWidget::contentsDragEnterEvent(QDragEnterEvent*)
    (this=0x838c6a0, e=0xbfffe990) at libkonq/konq_iconviewwidget.cc:1175
#9  0x40ead840 in QScrollView::viewportDragEnterEvent(QDragEnterEvent*) (
    this=0x838c6a0, e=0xbfffe990) at widgets/qscrollview.cpp:1800
#10 0x40eacd66 in QScrollView::eventFilter(QObject*, QEvent*) (this=0x838c6a0, 
    obj=0x8385f50, e=0xbfffe990) at widgets/qscrollview.cpp:1518
#11 0x40f62846 in QIconView::eventFilter(QObject*, QEvent*) (this=0x838c6a0, 
    o=0x8385f50, e=0xbfffe990) at iconview/qiconview.cpp:5646
#12 0x40d87480 in QObject::activate_filters(QEvent*) (this=0x8385f50, 
    e=0xbfffe990) at kernel/qobject.cpp:902
#13 0x40d872f2 in QObject::event(QEvent*) (this=0x8385f50, e=0xbfffe990)
    at kernel/qobject.cpp:735
#14 0x40dc18f3 in QWidget::event(QEvent*) (this=0x8385f50, e=0xbfffe990)
    at kernel/qwidget.cpp:4630
#15 0x40d27281 in QApplication::internalNotify(QObject*, QEvent*) (
    this=0xbffff1d0, receiver=0x8385f50, e=0xbfffe990)
    at kernel/qapplication.cpp:2614
#16 0x40d26eb1 in QApplication::notify(QObject*, QEvent*) (this=0xbffff1d0, 
    receiver=0x8385f50, e=0xbfffe990) at kernel/qapplication.cpp:2502
#17 0x40889e4d in KApplication::notify(QObject*, QEvent*) (this=0xbffff1d0, 
    receiver=0x8385f50, event=0xbfffe990) at kapplication.cpp:505
#18 0x40cbd92f in QApplication::sendEvent(QObject*, QEvent*) (
    receiver=0x8385f50, event=0xbfffe990) at qapplication.h:490
#19 0x40cc8e3e in qt_handle_xdnd_position(QWidget*, _XEvent const*, bool) (
    w=0x80d2fc8, xe=0xbfffedc0, passive=false) at kernel/qdnd_x11.cpp:621
#20 0x40cb3c26 in QApplication::x11ClientMessage(QWidget*, _XEvent*, bool) (
    this=0xbffff1d0, w=0x80d2fc8, event=0xbfffedc0, passive_only=false)
    at kernel/qapplication_x11.cpp:3078
#21 0x40cb4e99 in QApplication::x11ProcessEvent(_XEvent*) (this=0xbffff1d0, 
    event=0xbfffedc0) at kernel/qapplication_x11.cpp:3576
#22 0x40cceb40 in QEventLoop::processEvents(unsigned) (this=0x8085040, flags=4)
    at kernel/qeventloop_x11.cpp:192
#23 0x40d3b432 in QEventLoop::enterLoop() (this=0x8085040)
    at kernel/qeventloop.cpp:198
#24 0x40d3b34e in QEventLoop::exec() (this=0x8085040)
    at kernel/qeventloop.cpp:145
#25 0x40d27401 in QApplication::exec() (this=0xbffff1d0)
    at kernel/qapplication.cpp:2737
#26 0x40067600 in kdemain (argc=2, argv=0xbffff324)
    at konqueror/konq_main.cc:184
#27 0x08048627 in main (argc=2, argv=0xbffff324)
    at konqueror/kdeinit_konqueror.cpp:2
Comment 5 Waldo Bastian 2004-01-19 15:21:37 UTC
Valgrind:
==21868== Invalid read of size 4
==21868==    at 0x40ED8E3D: QPaintDevice::x11Screen() const (qpaintdevice.h:335)
==21868==    by 0x40EFC653: QPainter::begin(QPaintDevice const*, bool) (qpainter_x11.cpp:1008)
==21868==    by 0x4117E078: QIconView::drawDragShapes(QPoint const&) (qiconview.cpp:5531)
==21868==    by 0x41179F4C: QIconView::contentsDragEnterEvent(QDragEnterEvent*) (qiconview.cpp:4680)
==21868==    by 0x4035EA3D: KonqIconViewWidget::contentsDragEnterEvent(QDragEnterEvent*) (konq_iconviewwidget
==21868==    by 0x410C983F: QScrollView::viewportDragEnterEvent(QDragEnterEvent*) (qscrollview.cpp:1800)
==21868==    by 0x410C8D65: QScrollView::eventFilter(QObject*, QEvent*) (qscrollview.cpp:1518)
==21868==    by 0x4117E845: QIconView::eventFilter(QObject*, QEvent*) (qiconview.cpp:5646)
==21868==    by 0x40FA347F: QObject::activate_filters(QEvent*) (qobject.cpp:902)
==21868==    by 0x40FA32F1: QObject::event(QEvent*) (qobject.cpp:735)
==21868==    by 0x40FDD8F2: QWidget::event(QEvent*) (qwidget.cpp:4630)
==21868==    by 0x40F43280: QApplication::internalNotify(QObject*, QEvent*) (qapplication.cpp:2614)
==21868==    by 0x40F42EB0: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:2502)
==21868==    by 0x40AA4E4C: KApplication::notify(QObject*, QEvent*) (kapplication.cpp:505)
==21868==    by 0x40ED992E: QApplication::sendEvent(QObject*, QEvent*) (qapplication.h:490)
==21868==    by 0x40EE4E3D: qt_handle_xdnd_position(QWidget*, _XEvent const*, bool) (qdnd_x11.cpp:621)
==21868==    by 0x40ECFC25: QApplication::x11ClientMessage(QWidget*, _XEvent*, bool) (qapplication_x11.cpp:30
==21868==    by 0x40ED0E98: QApplication::x11ProcessEvent(_XEvent*) (qapplication_x11.cpp:3576)
==21868==    by 0x40EEAB3F: QEventLoop::processEvents(unsigned) (qeventloop_x11.cpp:192)
==21868==    by 0x40F57431: QEventLoop::enterLoop() (qeventloop.cpp:198)
==21868==    by 0x40F5734D: QEventLoop::exec() (qeventloop.cpp:145)
==21868==    by 0x40F43400: QApplication::exec() (qapplication.cpp:2737)
==21868==    by 0x402825FF: kdemain (konq_main.cc:184)
==21868==    by 0x8048626: main (kdeinit_konqueror.cpp:2)
==21868==    by 0x41787D3D: __libc_start_main (in /lib/libc.so.6)
==21868==    by 0x8048570: ??? (start.S:102)
==21868==    Address 0x4BAAF840 is 56 bytes inside a block of size 116 free'd
==21868==    at 0x4002A0B3: __builtin_delete (vg_replace_malloc.c:244)
==21868==    by 0x4002A0D1: operator delete(void*) (vg_replace_malloc.c:253)
==21868==    by 0x410CC1AD: QViewportWidget::~QViewportWidget() (qscrollview.cpp:631)
==21868==    by 0x40EE757D: qt_xdnd_obtain_data(char const*) (qdnd_x11.cpp:1474)
==21868==    by 0x40EE766E: QDropEvent::encodedData(char const*) const (qdnd_x11.cpp:1542)
==21868==    by 0x40F51AFD: QUriDrag::decode(QMimeSource const*, QStrList&) (qdragobject.cpp:1368)
==21868==    by 0x40B907B2: KURLDrag::decode(QMimeSource const*, KURL::List&) (kurldrag.cpp:74)
==21868==    by 0x4035EA1B: KonqIconViewWidget::contentsDragEnterEvent(QDragEnterEvent*) (konq_iconviewwidget
==21868==    by 0x410C983F: QScrollView::viewportDragEnterEvent(QDragEnterEvent*) (qscrollview.cpp:1800)
==21868==    by 0x410C8D65: QScrollView::eventFilter(QObject*, QEvent*) (qscrollview.cpp:1518)
==21868==    by 0x4117E845: QIconView::eventFilter(QObject*, QEvent*) (qiconview.cpp:5646)
==21868==    by 0x40FA347F: QObject::activate_filters(QEvent*) (qobject.cpp:902)
==21868==    by 0x40FA32F1: QObject::event(QEvent*) (qobject.cpp:735)
==21868==    by 0x40FDD8F2: QWidget::event(QEvent*) (qwidget.cpp:4630)
==21868==    by 0x40F43280: QApplication::internalNotify(QObject*, QEvent*) (qapplication.cpp:2614)
==21868==    by 0x40F42EB0: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:2502)
==21868==    by 0x40AA4E4C: KApplication::notify(QObject*, QEvent*) (kapplication.cpp:505)
==21868==    by 0x40ED992E: QApplication::sendEvent(QObject*, QEvent*) (qapplication.h:490)
==21868==    by 0x40EE4E3D: qt_handle_xdnd_position(QWidget*, _XEvent const*, bool) (qdnd_x11.cpp:621)
==21868==    by 0x40ECFC25: QApplication::x11ClientMessage(QWidget*, _XEvent*, bool) (qapplication_x11.cpp:30
==21868==    by 0x40ED0E98: QApplication::x11ProcessEvent(_XEvent*) (qapplication_x11.cpp:3576)
==21868==    by 0x40EEAB3F: QEventLoop::processEvents(unsigned) (qeventloop_x11.cpp:192)
==21868==    by 0x40F57431: QEventLoop::enterLoop() (qeventloop.cpp:198)
==21868==    by 0x40F5734D: QEventLoop::exec() (qeventloop.cpp:145)
==21868==    by 0x40F43400: QApplication::exec() (qapplication.cpp:2737)
==21868==    by 0x402825FF: kdemain (konq_main.cc:184)
==21868==    by 0x8048626: main (kdeinit_konqueror.cpp:2)
==21868==    by 0x41787D3D: __libc_start_main (in /lib/libc.so.6)
==21868==    by 0x8048570: ??? (start.S:102)
Comment 6 Waldo Bastian 2004-01-19 16:06:51 UTC
qt_xdnd_obtain_data() may incorrectly delete tw due to reentrancy in
qt_xclb_wait_for_event() --> BR61412

Most likely also causes weirdness in qt_xdnd_handle_selection_request (backtraces in #1, #2 and #3)

*** This bug has been marked as a duplicate of 61412 ***