104454 – crash when displaying meta info of file being downloaded

Bug 104454 - crash when displaying meta info of file being downloaded

Summary: crash when displaying meta info of file being downloaded

Status:	RESOLVED FIXED

Alias:	None

Product:	kfile-plugins
Classification:	Applications
Component:	general (show other bugs)
Version:	unspecified
Platform:	Compiled Sources Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	David Faure

URL:
Keywords:

Duplicates (1):	105901 (view as bug list)
Depends on:
Blocks:

Reported:	2005-04-24 11:50 UTC by Andreas Leuner
Modified:	2005-06-20 09:53 UTC (History)
CC List:	2 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
kfile_deb.cpp.diff (1.64 KB, text/x-diff) 2005-06-01 17:05 UTC, David Faure	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Leuner 2005-04-24 11:50:51 UTC

Version:            (using KDE Devel)
Installed from:    Compiled sources

While downloading a testcase for bug #96405 I observed another crash.
backtrace is this:
-----------------------------------------------------------------
Using host libthread_db library "/lib/tls/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread -1231256928 (LWP 2603)]
[KCrash handler]
#3  0xb6ab2e20 in strcmp () from /lib/tls/libc.so.6
#4  0xb7e0dcdf in KFilterBase::qt_cast (this=0x83d1148, 
    clname=0x2 <Address 0x2 out of bounds>) at qcstring.h:66
#5  0xb7e531ff in KTar::KTarPrivate::fillTempFile (this=0x8362760, 
    filename=@0x1)
    at $srcdir/kdelibs/kio/kio/ktar.cpp:294
#6  0xb7e537bf in KTar::openArchive (this=0xbfffe570, mode=1)
    at $srcdir/kdelibs/kio/kio/ktar.cpp:334
#7  0xb7e68621 in KArchive::open (this=0xbfffe570, mode=1)
    at $srcdir/kdelibs/kio/kio/karchive.cpp:104
#8  0xb5b033a6 in KDebPlugin::readInfo (this=0x83a18a0, info=@0xbfffe670)
    at $srcdir/kdeadmin/kfile-plugins/deb/kfile_deb.cpp:77
#9  0xb7e6ed51 in KFileMetaInfo::init (this=0xbfffe720, url=@0xbfffe730, 
    mimeType=@0xbfffe710, what=1)
    at $srcdir/kdelibs/kio/kio/kfilemetainfo.cpp:333
#10 0xb7e6eb54 in KFileMetaInfo (this=0x1, url=@0x1, mimeType=@0x1, what=1)
    at $srcdir/kdelibs/kio/kio/kfilemetainfo.cpp:309
#11 0xb7e2c1c6 in KFileItem::metaInfo (this=0xbfffe720, autoget=48)
    at $srcdir/kdelibs/kio/kio/kfileitem.cpp:942
#12 0xb7e29d08 in KFileItem::getToolTipText (this=0x81164b8, maxcount=6)
    at $srcdir/kdelibs/kio/kio/kfileitem.cpp:685
#13 0xb69bb1dc in KonqFileTip::showTip (this=0x84450e0)
    at $srcdir/kdebase/libkonq/konq_filetip.cc:232
#14 0xb69bb735 in KonqFileTip::qt_invoke (this=0x84450e0, _id=-1231280852, 
    _o=0xbfffeb10) at konq_filetip.moc:97
#15 0xb715fecf in QObject::activate_signal ()
   from $QTDIR/lib/libqt-mt.so.3
#16 0xb715fd14 in QObject::activate_signal ()
   from $QTDIR/lib/libqt-mt.so.3
#17 0xb749c96b in QTimer::timeout () from $QTDIR/lib/libqt-mt.so.3
#18 0xb7181760 in QTimer::event () from $QTDIR/lib/libqt-mt.so.3
#19 0xb710429c in QApplication::internalNotify ()
   from $QTDIR/lib/libqt-mt.so.3
#20 0xb71038c5 in QApplication::notify ()
   from $QTDIR/lib/libqt-mt.so.3
#21 0xb77454d2 in KApplication::notify (this=0xbffff540, receiver=0x8445bb8, 
    event=0xbfffef30)
    at $srcdir/kdelibs/kdecore/kapplication.cpp:549
#22 0xb70f4084 in QEventLoop::activateTimers ()
   from $QTDIR/lib/libqt-mt.so.3
#23 0xb70aac89 in QEventLoop::processEvents ()
   from $QTDIR/lib/libqt-mt.so.3
#24 0xb7116718 in QEventLoop::enterLoop ()
   from $QTDIR/lib/libqt-mt.so.3
#25 0xb71165c8 in QEventLoop::exec ()
   from $QTDIR/lib/libqt-mt.so.3
#26 0xb71044d1 in QApplication::exec ()
   from $QTDIR/lib/libqt-mt.so.3
#27 0xb66668a8 in kdemain (argc=1, argv=0x1)
    at $srcdir/kdebase/konqueror/konq_main.cc:206
#28 0xb7662986 in kdeinitmain (argc=1, argv=0x1) at konqueror_dummy.cc:2
#29 0x0804d55b in launch (argc=2, _name=0x80cb2b4 "konqueror", 
    args=0x80cb2c7 "\001", cwd=0x0, envc=1, envs=0x80cb2d8 "", 
    reset_env=false, tty=0x0, avoid_loops=false, 
    startup_id_str=0x1 <Address 0x1 out of bounds>)
    at $srcdir/kdelibs/kinit/kinit.cpp:625
#30 0x0804fc35 in handle_launcher_request (sock=8)
    at $srcdir/kdelibs/kinit/kinit.cpp:1189
#31 0x0804eaf7 in handle_requests (waitForPid=0)
    at $srcdir/kdelibs/kinit/kinit.cpp:1392
#32 0x0804c845 in main (argc=2, argv=0xbffffcb4, envp=0x1)
    at $srcdir/kdelibs/kinit/kinit.cpp:1836
----------------------------------------------------------------

This happens under similar circumstances to what I described for bug #96405. The difference is that this one only happens while the file is being downloaded.

So to reproduce this do the following:

1. Start downloading a Debian package via Konqueror kio_ftp (I don't know if other file types "work", don't know if kio_ftp is mandatory)
2. Open the download target location in a konq_fileview (treeview  or other) while the download still happens.
 -> the file should be displayed as having zero filesize and should have a .part suffix.
3. hit F5 to reload.
4. try to display the file meta info of the .part file

Crash should occur either after step 3 or 4.

regards,
Andreas Leuner

Comment 1 Thiago Macieira 2005-05-19 04:02:17 UTC

*** Bug 105901 has been marked as a duplicate of this bug. ***

Comment 2 David Faure 2005-06-01 16:50:53 UTC

Hmm, what does kdelibs/kio/kio/ktar.cpp:294 read for you?
For me it's "delete filterDev;", in 3.4-branch, which isn't a call to qt_cast nor an inline method which could be calling that, either.
In fact there is no qt_cast in the whole kio directory... Strange.

Can anyone try with valgrind, maybe?

Comment 3 Ana Guerrero (Debian KDE maintainers) 2005-06-01 16:56:38 UTC

"delete filterDev;" it is here as well.

Comment 4 David Faure 2005-06-01 17:05:03 UTC

OK I think the KTar is created with a QIODevice being set to 0. This could be checked with this assert:
--- karchive.cpp        (revision 418311)
+++ karchive.cpp        (working copy)
@@ -76,6 +76,7 @@
 {
     d = new KArchivePrivate;
     d->rootDir = 0;
+    assert( dev );
     m_dev = dev;
     m_open = false;
 }

Does the attached patch help?


Created an attachment (id=11284)
kfile_deb.cpp.diff

Comment 5 Ana Guerrero (Debian KDE maintainers) 2005-06-01 17:12:59 UTC

I'll test that immediately, and let you know ASAP. Thanks.

Comment 6 Ana Guerrero (Debian KDE maintainers) 2005-06-01 22:01:55 UTC

OK, I applied these patches. Konqueror no longer crashes, but the kfile_deb plugin also doesn't seem to do anything. Only application/x-deb is listed as a mimetype, so it should be attempting to use kfile_deb, but nothing happens. Reverting to a kdelibs without "assert( dev );" doesn't seem to make a difference - no crashes, but no meta-info either.

Comment 7 David Faure 2005-06-02 01:13:19 UTC

> OK, I applied these patches. Konqueror no longer crashes, but the kfile_deb plugin also doesn't seem to do anything. 

There seems to be a bug in this debian kfile plugin then (I didn't write it btw :)
Laurence? Do you still maintain this kfile-plugin? Can you have a look?

Comment 8 David Faure 2005-06-02 01:17:04 UTC

SVN commit 421006 by dfaure:

Fix crash and use correct mimetype. Rumours say this doesn't completely fix this plugin though.
CCBUG: 104454


 M  +16 -8     kfile_deb.cpp  


--- trunk/KDE/kdeadmin/kfile-plugins/deb/kfile_deb.cpp #421005:421006
@@ -48,7 +48,7 @@
     
     : KFilePlugin(parent, name, args)
 {
-    KFileMimeTypeInfo* info = addMimeTypeInfo( "application/x-debian-package" );
+    KFileMimeTypeInfo* info = addMimeTypeInfo( "application/x-deb" );
     KFileMimeTypeInfo::GroupInfo* group = 0L;
     group = addGroupInfo(info, "General", i18n("General"));
     KFileMimeTypeInfo::ItemInfo* item;
@@ -70,15 +70,23 @@
 
     const KArchiveDirectory* debdir = debfile.directory();
     const KArchiveEntry* controlentry = debdir->entry( "control.tar.gz" );
-    Q_ASSERT( controlentry && controlentry->isFile() );
-    
-    KTar tarfile ( KFilterDev::device( static_cast<const KArchiveFile *>(controlentry)->device(), "application/x-gzip" ) );
-    
+    if ( !controlentry || !controlentry->isFile() ) {
+        kdWarning(7034) << "control.tar.gz not found" << endl;
+        return false;
+    }
+
+    QIODevice* filterDev = KFilterDev::device( static_cast<const KArchiveFile *>( controlentry )->device(), "application/x-gzip" );
+    if ( !filterDev ) {
+        kdWarning(7034) << "Couldn't create filter device for control.tar.gz" << endl;
+        return false;
+    }
+    KTar tarfile( filterDev );
+
     if ( !tarfile.open( IO_ReadOnly ) ) {
-        kdDebug(7034) << "Couldn't open control.tar.gz" << endl;
-        return false;    
+        kdWarning(7034) << "Couldn't open control.tar.gz" << endl;
+        return false;
     }
-        
+
     const KArchiveDirectory* controldir = tarfile.directory();
     Q_ASSERT( controldir );

Comment 9 Andreas Leuner 2005-06-05 19:33:49 UTC

This crash still occurs with svn head of 20050604. Tooltips really seem to be crash-prone ATM. 
I have a folder full of .deb files plus one .deb.part file. If I slide over those files with the mouse cursor - allowing a tooltip appear now and then - then trigger the tooltip of the .deb.part file - hit F5: konqi crashes with the above backtrace.

There are also entirely different backtraces and different signals than SIGSEGV (namely SIGILL) occuring which maybe depends on how long you do this sliding over files thing.

I am not sure if I should post them all here - since you should easily get an assortment if you try :-(

Comment 10 David Faure 2005-06-05 19:40:05 UTC

Are you really getting the same backtrace, or rather those like in http://bugs.kde.org/show_bug.cgi?id=96405 
and related bugs?

Comment 11 Andreas Leuner 2005-06-07 14:03:48 UTC

>Are you really getting the same backtrace, or rather those like in http://bugs.kde.org/show_bug.cgi?id=96405
> and related bugs?
Yes, I did get the bt from _this_ bug report twice (with svn of 20050604). They were totally equal to it maybe except those addresses -- which I didn't check.

Right now I tried to reproduce this backtrace but didn't succeed. Konqi kept crashing producing other bt's, like this one:

-------------------------------------------------------------------
Using host libthread_db library "/lib/tls/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread -1231293792 (LWP 2313)]
[KCrash handler]
#3  KTempFile::file (this=0x630069)
    at $kde_srcdir/kdelibs/kdecore/ktempfile.cpp:172
#4  0xb7e51d65 in KTar::KTarPrivate::fillTempFile (this=0x84002a8, 
    filename=@0x84002a8)
    at $kde_srcdir/kdelibs/kio/kio/ktar.cpp:292
#5  0xb7e5233f in KTar::openArchive (this=0xbfffe570, mode=1)
    at $kde_srcdir/kdelibs/kio/kio/ktar.cpp:334
#6  0xb7e671a1 in KArchive::open (this=0xbfffe570, mode=1)
    at $kde_srcdir/kdelibs/kio/kio/karchive.cpp:105
#7  0xb5aec436 in KDebPlugin::readInfo ()
   from /usr/local/kde/lib/kde3/kfile_deb.so
#8  0xb7e6d8d1 in KFileMetaInfo::init (this=0xbfffe720, url=@0xbfffe730, 
    mimeType=@0xbfffe710, what=1)
    at $kde_srcdir/kdelibs/kio/kio/kfilemetainfo.cpp:333
#9  0xb7e6d6d4 in KFileMetaInfo (this=0x84002a8, url=@0x84002a8, 
    mimeType=@0x84002a8, what=138412712)
    at $kde_srcdir/kdelibs/kio/kio/kfilemetainfo.cpp:309
#10 0xb7e2ac96 in KFileItem::metaInfo (this=0xbfffe720, autoget=48)
    at $kde_srcdir/kdelibs/kio/kio/kfileitem.cpp:941
#11 0xb7e287c8 in KFileItem::getToolTipText (this=0x83c1a98, maxcount=6)
    at $kde_srcdir/kdelibs/kio/kio/kfileitem.cpp:685
#12 0xb69b1cdc in KonqFileTip::showTip (this=0x844dbf0)
    at $kde_srcdir/kdebase/libkonq/konq_filetip.cc:232
#13 0xb69b2235 in KonqFileTip::qt_invoke (this=0x844dbf0, _id=-1231318804, 
    _o=0xbfffeb10) at konq_filetip.moc:97
#14 0xb7157ecf in QObject::activate_signal ()
   from $QTDIR/lib/libqt-mt.so.3
#15 0xb7157d14 in QObject::activate_signal ()
   from $QTDIR/lib/libqt-mt.so.3
#16 0xb749496b in QTimer::timeout () from $QTDIR/lib/libqt-mt.so.3
#17 0xb7179760 in QTimer::event () from $QTDIR/lib/libqt-mt.so.3
#18 0xb70fc29c in QApplication::internalNotify ()
   from $QTDIR/lib/libqt-mt.so.3
#19 0xb70fb8c5 in QApplication::notify ()
   from $QTDIR/lib/libqt-mt.so.3
#20 0xb773ead2 in KApplication::notify (this=0xbffff540, receiver=0x844e958, 
    event=0xbfffef30)
    at $kde_srcdir/kdelibs/kdecore/kapplication.cpp:549
#21 0xb70ec084 in QEventLoop::activateTimers ()
   from $QTDIR/lib/libqt-mt.so.3
#22 0xb70a2c89 in QEventLoop::processEvents ()
   from $QTDIR/lib/libqt-mt.so.3
#23 0xb710e718 in QEventLoop::enterLoop ()
   from $QTDIR/lib/libqt-mt.so.3
#24 0xb710e5c8 in QEventLoop::exec ()
   from $QTDIR/lib/libqt-mt.so.3
#25 0xb70fc4d1 in QApplication::exec ()
   from $QTDIR/lib/libqt-mt.so.3
#26 0xb665c568 in kdemain (argc=138412712, argv=0x84002a8)
    at $kde_srcdir/kdebase/konqueror/konq_main.cc:206
#27 0xb765b986 in kdeinitmain (argc=138412712, argv=0x84002a8)
    at konqueror_dummy.cc:2
#28 0x0804d55b in launch (argc=2, _name=0x806ffac "konqueror", 
    args=0x806ffbf "\001", cwd=0x0, envc=1, envs=0x806ffd0 "", 
    reset_env=false, tty=0x0, avoid_loops=false, 
    startup_id_str=0x84002a8 "àÑ;\b")
    at $kde_srcdir/kdelibs/kinit/kinit.cpp:636
#29 0x0804fda5 in handle_launcher_request (sock=8)
    at $kde_srcdir/kdelibs/kinit/kinit.cpp:1200
#30 0x0804ec57 in handle_requests (waitForPid=0)
    at $kde_srcdir/kdelibs/kinit/kinit.cpp:1403
#31 0x0804c845 in main (argc=2, argv=0xbffffcb4, envp=0x84002a8)
    at $kde_srcdir/kdelibs/kinit/kinit.cpp:1847
-------------------------------------------------------------------
 and that one:
-------------------------------------------------------------------
Using host libthread_db library "/lib/tls/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread -1231293792 (LWP 2332)]
[KCrash handler]
#3  0x00000000 in ?? ()
#4  0xb7e2712e in KFileItem::mimetype (this=0xbfffe800) at ksharedptr.h:126
#5  0xb7e5d2f3 in KIO::PreviewJob::startPreview (this=0x8468e58)
    at qptrlist.h:174
#6  0xb7e5c633 in KIO::PreviewJob::qt_invoke (this=0x8468e58, _id=7, 
    _o=0xbfffeae0) at previewjob.moc:137
#7  0xb7157ecf in QObject::activate_signal ()
   from $QTDIR/lib/libqt-mt.so.3
#8  0xb74926d8 in QSignal::signal () from $QTDIR/lib/libqt-mt.so.3
#9  0xb717216f in QSignal::activate ()
   from $QTDIR/lib/libqt-mt.so.3
#10 0xb7179943 in QSingleShotTimer::event ()
   from $QTDIR/lib/libqt-mt.so.3
#11 0xb70fc29c in QApplication::internalNotify ()
   from $QTDIR/lib/libqt-mt.so.3
#12 0xb70fb8c5 in QApplication::notify ()
   from $QTDIR/lib/libqt-mt.so.3
#13 0xb773ead2 in KApplication::notify (this=0xbffff540, receiver=0x8228df8, 
    event=0xbfffef30)
    at $kde_srcdir/kdelibs/kdecore/kapplication.cpp:549
#14 0xb70ec084 in QEventLoop::activateTimers ()
   from $QTDIR/lib/libqt-mt.so.3
#15 0xb70a2c89 in QEventLoop::processEvents ()
   from $QTDIR/lib/libqt-mt.so.3
#16 0xb710e718 in QEventLoop::enterLoop ()
   from $QTDIR/lib/libqt-mt.so.3
#17 0xb710e5c8 in QEventLoop::exec ()
   from $QTDIR/lib/libqt-mt.so.3
#18 0xb70fc4d1 in QApplication::exec ()
   from $QTDIR/lib/libqt-mt.so.3
#19 0xb665c568 in kdemain (argc=-1073747968, argv=0xbfffe800)
    at $kde_srcdir/kdebase/konqueror/konq_main.cc:206
#20 0xb765b986 in kdeinitmain (argc=-1073747968, argv=0xbfffe800)
    at konqueror_dummy.cc:2
#21 0x0804d55b in launch (argc=2, _name=0x807026c "konqueror", 
    args=0x807027f "\001", cwd=0x0, envc=1, envs=0x8070290 "", 
    reset_env=false, tty=0x0, avoid_loops=false, 
    startup_id_str=0xbfffe800 "X\025I\b")
    at $kde_srcdir/kdelibs/kinit/kinit.cpp:636
#22 0x0804fda5 in handle_launcher_request (sock=8)
    at $kde_srcdir/kdelibs/kinit/kinit.cpp:1200
#23 0x0804ec57 in handle_requests (waitForPid=0)
    at $kde_srcdir/kdelibs/kinit/kinit.cpp:1403
#24 0x0804c845 in main (argc=2, argv=0xbffffcb4, envp=0xbfffe800)
    at $kde_srcdir/kdelibs/kinit/kinit.cpp:1847
-------------------------------------------------------------------

Sorry for posting several bt's but they were produced the same way AFAICT.

Comment 12 Andreas Leuner 2005-06-07 14:12:56 UTC

To be precise - I don't know if this bug is the same as Bug #96405. Before my last  update I seem to remember at least a backtrace similar to the last one of those in Bug #96405.
But I am not sure anymore how I triggered it. I'll try using valgrind.

Comment 13 Andreas Leuner 2005-06-09 12:39:59 UTC

I just had the valgrind session. 
I invoked valgrind with the following command:
"valgrind --num-callers=20 konqueror"

Find the log below (I commented some stages in it):
----------------------------------------------------------------------------------
==2952== Memcheck, a memory error detector for x86-linux.
==2952== Copyright (C) 2002-2005, and GNU GPL'd, by Julian Seward et al.
==2952== Using valgrind-2.4.0, a program supervision framework for x86-linux.
==2952== Copyright (C) 2000-2005, and GNU GPL'd, by Julian Seward et al.
==2952== 
==2952== My PID = 2952, parent PID = 2815.  Prog and args are:
==2952==    konqueror
==2952== For more details, rerun with: -v
==2952== 
==2952== Syscall param writev(vector[...]) points to uninitialised byte(s)
==2952==    at 0x1D0835E8: (within /lib/tls/libc-2.3.2.so)
==2952==    by 0x1CE36EBF: (within /usr/X11R6/lib/libX11.so.6.2)
==2952==    by 0x1CE37A8E: _X11TransWritev (in /usr/X11R6/lib/libX11.so.6.2)
==2952==    by 0x1CE18186: _XSend (in /usr/X11R6/lib/libX11.so.6.2)
==2952==    by 0x1CE0D683: (within /usr/X11R6/lib/libX11.so.6.2)
==2952==    by 0x1CE0DDCA: XPutImage (in /usr/X11R6/lib/libX11.so.6.2)
==2952==    by 0x1CCB33F5: XcursorImageLoadCursor (in /usr/lib/libXcursor.so.1.0.2)
==2952==    by 0x1CCB38C4: XcursorImagesLoadCursor (in /usr/lib/libXcursor.so.1.0.2)
==2952==    by 0x1CCB67D9: XcursorLibraryLoadCursor (in /usr/lib/libXcursor.so.1.0.2)
==2952==    by 0x1C6F4C2E: QCursor::update() const (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C6F47FE: QCursor::handle() const (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7173F5: qt_x11_enforce_cursor(QWidget*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C717DF2: QWidget::create(unsigned long, bool, bool) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7E1008: QWidget::QWidget(QWidget*, char const*, unsigned) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C2B1FC0: KApplication::init(bool) (kapplication.cpp:949)
==2952==    by 0x1C2B0916: KApplication::KApplication(bool, bool) (kapplication.cpp:637)
==2952==    by 0x1B957ECE: kdemain (konq_main.h:13)
==2952==    by 0x80486CA: main (konqueror.la.cc:2)
==2952==  Address 0x804D0B1 is not stack'd, malloc'd or (recently) free'd
"kfmclient openProfile webbrowsing" finished. (I had disabled the default intro page.)

==2952== 
==2952== Conditional jump or move depends on uninitialised value(s)
==2952==    at 0x1DEAF3F6: KHTMLPart::clear() (khtml_part.cpp:1358)
==2952==    by 0x1DEA9A8D: KHTMLPart::~KHTMLPart() (khtml_part.cpp:500)
==2952==    by 0x1B968C73: KonqView::switchView(KonqViewFactory&) (konq_view.cc:250)
==2952==    by 0x1B969214: KonqView::changeViewMode(QString const&, QString const&, bool) (konq_view.cc:353)
==2952==    by 0x1B9A6CDA: KonqMainWindow::openView(QString, KURL const&, KonqView*, KonqOpenURLRequest&) (konq_mainwindow.cc:866)
==2952==    by 0x1B9A50A5: KonqMainWindow::openURL(KonqView*, KURL const&, QString const&, KonqOpenURLRequest&, bool) (konq_mainwindow.cc:568)
==2952==    by 0x1B9A3F78: KonqMainWindow::openFilteredURL(QString const&, KonqOpenURLRequest&) (konq_mainwindow.cc:451)
==2952==    by 0x1B9A4326: KonqMainWindow::openFilteredURL(QString const&, bool, bool) (konq_mainwindow.cc:468)
==2952==    by 0x1B9AFBB1: KonqMainWindow::slotHome(KAction::ActivationReason, Qt::ButtonState) (konq_mainwindow.cc:1783)
==2952==    by 0x1B9CFD15: KonqMainWindow::qt_invoke(int, QUObject*) (qucom_p.h:312)
==2952==    by 0x1C7B0ECE: QObject::activate_signal(QConnectionList*, QUObject*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C009374: KAction::activated(KAction::ActivationReason, Qt::ButtonState) (kaction.moc:188)
==2952==    by 0x1C008544: KAction::slotPopupActivated() (kaction.cpp:1136)
==2952==    by 0x1C00958E: KAction::qt_invoke(int, QUObject*) (kaction.moc:213)
==2952==    by 0x1C7B0ECE: QObject::activate_signal(QConnectionList*, QUObject*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1CAEB6D7: QSignal::signal(QVariant const&) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7CB16E: QSignal::activate() (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C8B6933: QPopupMenu::mouseReleaseEvent(QMouseEvent*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1BFF2E70: KPopupMenu::mouseReleaseEvent(QMouseEvent*) (kpopupmenu.cpp:511)
==2952==    by 0x1C7E6D89: QWidget::event(QEvent*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
This is directly after opening the home folder. 

I now changed to a directory containing my deb files -- without anything from valgrind.

==2952== 
==2952== Syscall param write(buf) points to uninitialised byte(s)
==2952==    at 0x1CDD2621: (within /lib/tls/libpthread-0.60.so)
==2952==    by 0x1CE37A2E: _X11TransWrite (in /usr/X11R6/lib/libX11.so.6.2)
==2952==    by 0x1CE17271: (within /usr/X11R6/lib/libX11.so.6.2)
==2952==    by 0x1CE1891C: _XReply (in /usr/X11R6/lib/libX11.so.6.2)
==2952==    by 0x1CE1544D: XTranslateCoordinates (in /usr/X11R6/lib/libX11.so.6.2)
==2952==    by 0x1C7196B7: QWidget::mapToGlobal(QPoint const&) const (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1BA88721: KonqFileTip::reposition() (qrect.h:239)
==2952==    by 0x1BA89010: KonqFileTip::resizeEvent(QResizeEvent*) (konq_filetip.cc:278)
==2952==    by 0x1C7E6ED8: QWidget::event(QEvent*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C75529B: QApplication::internalNotify(QObject*, QEvent*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7548C4: QApplication::notify(QObject*, QEvent*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C2AFAD1: KApplication::notify(QObject*, QEvent*) (kapplication.cpp:549)
==2952==    by 0x1C756045: QApplication::sendPostedEvents(QObject*, int) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C755ED7: QApplication::sendPostedEvents() (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C6FB4CC: QEventLoop::processEvents(unsigned) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C767717: QEventLoop::enterLoop() (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7675C7: QEventLoop::exec() (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7554D0: QApplication::exec() (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1B958567: kdemain (konq_main.cc:206)
==2952==    by 0x80486CA: main (konqueror.la.cc:2)
==2952==  Address 0x804D46C is not stack'd, malloc'd or (recently) free'd
==2952== 
==2952== Syscall param write(buf) points to uninitialised byte(s)
==2952==    at 0x1CDD2621: (within /lib/tls/libpthread-0.60.so)
==2952==    by 0x1CE37A2E: _X11TransWrite (in /usr/X11R6/lib/libX11.so.6.2)
==2952==    by 0x1CE17271: (within /usr/X11R6/lib/libX11.so.6.2)
==2952==    by 0x1CE170F6: _XFlush (in /usr/X11R6/lib/libX11.so.6.2)
==2952==    by 0x1CE11F42: _XSetClipRectangles (in /usr/X11R6/lib/libX11.so.6.2)
==2952==    by 0x1CE11FA5: XSetClipRectangles (in /usr/X11R6/lib/libX11.so.6.2)
==2952==    by 0x1C70C587: QPainter::setClipping(bool) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7B859F: qt_format_text(QFont const&, QRect const&, int, QString const&, int, QRect*, int, int*, int, QTextParag**, QPainter*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7B78EA: QPainter::drawText(QRect const&, int, QString const&, int, QRect*, QTextParag**) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C88DEF2: QListViewItem::paintCell(QPainter*, QColorGroup const&, int, int, int) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C042750: KListViewItem::paintCell(QPainter*, QColorGroup const&, int, int, int) (klistview.cpp:2337)
==2952==    by 0x1E768506: KonqListViewItem::paintCell(QPainter*, QColorGroup const&, int, int, int) (konq_listviewitems.cc:333)
==2952==    by 0x1C8909DA: QListView::drawContentsOffset(QPainter*, int, int, int, int, int, int) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C8C514F: QScrollView::viewportPaintEvent(QPaintEvent*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C03F8E9: KListView::viewportPaintEvent(QPaintEvent*) (klistview.cpp:1912)
==2952==    by 0x1E761FC3: KonqBaseListViewWidget::viewportPaintEvent(QPaintEvent*) (konq_listviewwidget.cc:674)
==2952==    by 0x1C8C4B72: QScrollView::eventFilter(QObject*, QEvent*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C8930F7: QListView::eventFilter(QObject*, QEvent*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7AE98D: QObject::activate_filters(QEvent*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7AE8B5: QObject::event(QEvent*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==  Address 0x804CFEC is not stack'd, malloc'd or (recently) free'd
==2952== 
==2952== Syscall param writev(vector[...]) points to uninitialised byte(s)
==2952==    at 0x1D0835E8: (within /lib/tls/libc-2.3.2.so)
==2952==    by 0x1D08342B: writev (in /lib/tls/libc-2.3.2.so)
==2952==    by 0x1CE36EBF: (within /usr/X11R6/lib/libX11.so.6.2)
==2952==    by 0x1CE37A8E: _X11TransWritev (in /usr/X11R6/lib/libX11.so.6.2)
==2952==    by 0x1CE18186: _XSend (in /usr/X11R6/lib/libX11.so.6.2)
==2952==    by 0x1CE0D683: (within /usr/X11R6/lib/libX11.so.6.2)
==2952==    by 0x1CE0DDCA: XPutImage (in /usr/X11R6/lib/libX11.so.6.2)
==2952==    by 0x1C7045DB: QPixmap::convertFromImage(QImage const&, int) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7C3547: QPixmap::convertFromImage(QImage const&, QPixmap::ColorMode) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C32CC55: KIconLoader::loadIcon(QString const&, KIcon::Group, int, int, QString*, bool) const (kiconloader.cpp:844)
==2952==    by 0x1C2AFC46: KApplication::notify(QObject*, QEvent*) (kapplication.cpp:538)
==2952==    by 0x1C7E5E0A: QWidget::show() (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1BA88DB4: KonqFileTip::showTip() (konq_filetip.cc:245)
==2952==    by 0x1BA89234: KonqFileTip::qt_invoke(int, QUObject*) (konq_filetip.moc:97)
==2952==    by 0x1C7B0ECE: QObject::activate_signal(QConnectionList*, QUObject*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7B0D13: QObject::activate_signal(int) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1CAED96A: QTimer::timeout() (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7D275F: QTimer::event(QEvent*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C75529B: QApplication::internalNotify(QObject*, QEvent*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7548C4: QApplication::notify(QObject*, QEvent*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==  Address 0x804CFEC is not stack'd, malloc'd or (recently) free'd
This is after displaying a tooltip for a .deb file which is already completely downloaded.
Now I try to produce the crash: At least once trigger the tooltip above a partially downloaded .deb file -- and hit F5 a few times, well until it crashes. 

Like this:
==2952== 
==2952== Invalid read of size 4
==2952==    at 0x1BD6417D: KFileItem::determineMimeType() (ksharedptr.h:146)
==2952==    by 0x1BD6411B: KFileItem::mimetype() const (ksharedptr.h:164)
==2952==    by 0x1BD9A2F2: KIO::PreviewJob::startPreview() (qptrlist.h:174)
==2952==    by 0x1BD99632: KIO::PreviewJob::qt_invoke(int, QUObject*) (previewjob.moc:137)
==2952==    by 0x1C7B0ECE: QObject::activate_signal(QConnectionList*, QUObject*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1CAEB6D7: QSignal::signal(QVariant const&) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7CB16E: QSignal::activate() (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7D2942: QSingleShotTimer::event(QEvent*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C75529B: QApplication::internalNotify(QObject*, QEvent*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7548C4: QApplication::notify(QObject*, QEvent*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C2AFAD1: KApplication::notify(QObject*, QEvent*) (kapplication.cpp:549)
==2952==    by 0x1C745083: QEventLoop::activateTimers() (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C6FBC88: QEventLoop::processEvents(unsigned) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C767717: QEventLoop::enterLoop() (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7675C7: QEventLoop::exec() (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7554D0: QApplication::exec() (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1B958567: kdemain (konq_main.cc:206)
==2952==    by 0x80486CA: main (konqueror.la.cc:2)
==2952==  Address 0x1E3A972C is 68 bytes inside a block of size 124 free'd
==2952==    at 0x1B906CA8: operator delete(void*) (vg_replace_malloc.c:155)
==2952==    by 0x1BD62F5E: KFileItem::~KFileItem() (kfileitem.cpp:122)
==2952==    by 0x1B96FB3D: QPtrList<KFileItem>::deleteItem(void*) (qptrlist.h:150)
==2952==    by 0x1CA66615: QGList::clear() (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1B96FA2C: QPtrList<KFileItem>::~QPtrList() (qptrlist.h:93)
==2952==    by 0x1BD81132: QCache<KDirListerCache::DirItem>::deleteItem(void*) (qcache.h:90)
==2952==    by 0x1CA6244D: QGCache::remove_string(QString const&) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1BD6A02C: KDirListerCache::listDir(KDirLister*, KURL const&, bool, bool) (qcache.h:70)
==2952==    by 0x1BD7AEE2: KDirLister::openURL(KURL const&, bool, bool) (kdirlister.cpp:1825)
==2952==    by 0x1E763982: KonqBaseListViewWidget::openURL(KURL const&) (konq_listviewwidget.cc:1024)
==2952==    by 0x1E76A014: KonqTreeViewWidget::openURL(KURL const&) (konq_treeviewwidget.cc:75)
==2952==    by 0x1E756750: KonqListView::doOpenURL(KURL const&) (konq_listview.cc:317)
==2952==    by 0x1BA6E3F2: KonqDirPart::openURL(KURL const&) (konq_dirpart.cc:645)
==2952==    by 0x1B967E0B: KonqView::openURL(KURL const&, QString const&, QString const&, bool) (konq_view.cc:218)
==2952==    by 0x1B9A6DA4: KonqMainWindow::openView(QString, KURL const&, KonqView*, KonqOpenURLRequest&) (konq_mainwindow.cc:882)
==2952==    by 0x1B9A50A5: KonqMainWindow::openURL(KonqView*, KURL const&, QString const&, KonqOpenURLRequest&, bool) (konq_mainwindow.cc:568)
==2952==    by 0x1B9AF4FE: KonqMainWindow::slotReload(KonqView*) (konq_mainwindow.cc:1746)
==2952==    by 0x1B9CFC16: KonqMainWindow::qt_invoke(int, QUObject*) (konq_mainwindow.moc:612)
==2952==    by 0x1C7B0ECE: QObject::activate_signal(QConnectionList*, QUObject*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7B0D13: QObject::activate_signal(int) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952== 
==2952== Invalid read of size 1
==2952==    at 0x1BD64184: KFileItem::determineMimeType() (ksharedptr.h:146)
==2952==    by 0x1BD6411B: KFileItem::mimetype() const (ksharedptr.h:164)
==2952==    by 0x1BD9A2F2: KIO::PreviewJob::startPreview() (qptrlist.h:174)
==2952==    by 0x1BD99632: KIO::PreviewJob::qt_invoke(int, QUObject*) (previewjob.moc:137)
==2952==    by 0x1C7B0ECE: QObject::activate_signal(QConnectionList*, QUObject*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1CAEB6D7: QSignal::signal(QVariant const&) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7CB16E: QSignal::activate() (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7D2942: QSingleShotTimer::event(QEvent*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C75529B: QApplication::internalNotify(QObject*, QEvent*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7548C4: QApplication::notify(QObject*, QEvent*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C2AFAD1: KApplication::notify(QObject*, QEvent*) (kapplication.cpp:549)
==2952==    by 0x1C745083: QEventLoop::activateTimers() (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C6FBC88: QEventLoop::processEvents(unsigned) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C767717: QEventLoop::enterLoop() (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7675C7: QEventLoop::exec() (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7554D0: QApplication::exec() (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1B958567: kdemain (konq_main.cc:206)
==2952==    by 0x80486CA: main (konqueror.la.cc:2)
==2952==  Address 0x1E3A9738 is 80 bytes inside a block of size 124 free'd
==2952==    at 0x1B906CA8: operator delete(void*) (vg_replace_malloc.c:155)
==2952==    by 0x1BD62F5E: KFileItem::~KFileItem() (kfileitem.cpp:122)
==2952==    by 0x1B96FB3D: QPtrList<KFileItem>::deleteItem(void*) (qptrlist.h:150)
==2952==    by 0x1CA66615: QGList::clear() (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1B96FA2C: QPtrList<KFileItem>::~QPtrList() (qptrlist.h:93)
==2952==    by 0x1BD81132: QCache<KDirListerCache::DirItem>::deleteItem(void*) (qcache.h:90)
==2952==    by 0x1CA6244D: QGCache::remove_string(QString const&) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1BD6A02C: KDirListerCache::listDir(KDirLister*, KURL const&, bool, bool) (qcache.h:70)
==2952==    by 0x1BD7AEE2: KDirLister::openURL(KURL const&, bool, bool) (kdirlister.cpp:1825)
==2952==    by 0x1E763982: KonqBaseListViewWidget::openURL(KURL const&) (konq_listviewwidget.cc:1024)
==2952==    by 0x1E76A014: KonqTreeViewWidget::openURL(KURL const&) (konq_treeviewwidget.cc:75)
==2952==    by 0x1E756750: KonqListView::doOpenURL(KURL const&) (konq_listview.cc:317)
==2952==    by 0x1BA6E3F2: KonqDirPart::openURL(KURL const&) (konq_dirpart.cc:645)
==2952==    by 0x1B967E0B: KonqView::openURL(KURL const&, QString const&, QString const&, bool) (konq_view.cc:218)
==2952==    by 0x1B9A6DA4: KonqMainWindow::openView(QString, KURL const&, KonqView*, KonqOpenURLRequest&) (konq_mainwindow.cc:882)
==2952==    by 0x1B9A50A5: KonqMainWindow::openURL(KonqView*, KURL const&, QString const&, KonqOpenURLRequest&, bool) (konq_mainwindow.cc:568)
==2952==    by 0x1B9AF4FE: KonqMainWindow::slotReload(KonqView*) (konq_mainwindow.cc:1746)
==2952==    by 0x1B9CFC16: KonqMainWindow::qt_invoke(int, QUObject*) (konq_mainwindow.moc:612)
==2952==    by 0x1C7B0ECE: QObject::activate_signal(QConnectionList*, QUObject*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7B0D13: QObject::activate_signal(int) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952== 
==2952== Invalid read of size 4
==2952==    at 0x1BD64219: KFileItem::determineMimeType() (ksharedptr.h:62)
==2952==    by 0x1BD6411B: KFileItem::mimetype() const (ksharedptr.h:164)
==2952==    by 0x1BD9A2F2: KIO::PreviewJob::startPreview() (qptrlist.h:174)
==2952==    by 0x1BD99632: KIO::PreviewJob::qt_invoke(int, QUObject*) (previewjob.moc:137)
==2952==    by 0x1C7B0ECE: QObject::activate_signal(QConnectionList*, QUObject*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1CAEB6D7: QSignal::signal(QVariant const&) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7CB16E: QSignal::activate() (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7D2942: QSingleShotTimer::event(QEvent*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C75529B: QApplication::internalNotify(QObject*, QEvent*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7548C4: QApplication::notify(QObject*, QEvent*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C2AFAD1: KApplication::notify(QObject*, QEvent*) (kapplication.cpp:549)
==2952==    by 0x1C745083: QEventLoop::activateTimers() (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C6FBC88: QEventLoop::processEvents(unsigned) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C767717: QEventLoop::enterLoop() (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7675C7: QEventLoop::exec() (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7554D0: QApplication::exec() (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1B958567: kdemain (konq_main.cc:206)
==2952==    by 0x80486CA: main (konqueror.la.cc:2)
==2952==  Address 0x1E6BCA14 is 4 bytes inside a block of size 52 free'd
==2952==    at 0x1B906CA8: operator delete(void*) (vg_replace_malloc.c:155)
==2952==    by 0x1BD291C3: KMimeType::~KMimeType() (kmimetype.cpp:448)
==2952==    by 0x1BD62F87: KFileItem::~KFileItem() (qvaluelist.h:235)
==2952==    by 0x1B96FB3D: QPtrList<KFileItem>::deleteItem(void*) (qptrlist.h:150)
==2952==    by 0x1CA66615: QGList::clear() (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1B96FA2C: QPtrList<KFileItem>::~QPtrList() (qptrlist.h:93)
==2952==    by 0x1BD81132: QCache<KDirListerCache::DirItem>::deleteItem(void*) (qcache.h:90)
==2952==    by 0x1CA6244D: QGCache::remove_string(QString const&) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1BD6A02C: KDirListerCache::listDir(KDirLister*, KURL const&, bool, bool) (qcache.h:70)
==2952==    by 0x1BD7AEE2: KDirLister::openURL(KURL const&, bool, bool) (kdirlister.cpp:1825)
==2952==    by 0x1E763982: KonqBaseListViewWidget::openURL(KURL const&) (konq_listviewwidget.cc:1024)
==2952==    by 0x1E76A014: KonqTreeViewWidget::openURL(KURL const&) (konq_treeviewwidget.cc:75)
==2952==    by 0x1E756750: KonqListView::doOpenURL(KURL const&) (konq_listview.cc:317)
==2952==    by 0x1BA6E3F2: KonqDirPart::openURL(KURL const&) (konq_dirpart.cc:645)
==2952==    by 0x1B967E0B: KonqView::openURL(KURL const&, QString const&, QString const&, bool) (konq_view.cc:218)
==2952==    by 0x1B9A6DA4: KonqMainWindow::openView(QString, KURL const&, KonqView*, KonqOpenURLRequest&) (konq_mainwindow.cc:882)
==2952==    by 0x1B9A50A5: KonqMainWindow::openURL(KonqView*, KURL const&, QString const&, KonqOpenURLRequest&, bool) (konq_mainwindow.cc:568)
==2952==    by 0x1B9AF4FE: KonqMainWindow::slotReload(KonqView*) (konq_mainwindow.cc:1746)
==2952==    by 0x1B9CFC16: KonqMainWindow::qt_invoke(int, QUObject*) (konq_mainwindow.moc:612)
==2952==    by 0x1C7B0ECE: QObject::activate_signal(QConnectionList*, QUObject*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952== 
==2952== Invalid read of size 4
==2952==    at 0x1BD64122: KFileItem::mimetype() const (ksharedptr.h:126)
==2952==    by 0x1BD9A2F2: KIO::PreviewJob::startPreview() (qptrlist.h:174)
==2952==    by 0x1BD99632: KIO::PreviewJob::qt_invoke(int, QUObject*) (previewjob.moc:137)
==2952==    by 0x1C7B0ECE: QObject::activate_signal(QConnectionList*, QUObject*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1CAEB6D7: QSignal::signal(QVariant const&) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7CB16E: QSignal::activate() (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7D2942: QSingleShotTimer::event(QEvent*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C75529B: QApplication::internalNotify(QObject*, QEvent*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7548C4: QApplication::notify(QObject*, QEvent*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C2AFAD1: KApplication::notify(QObject*, QEvent*) (kapplication.cpp:549)
==2952==    by 0x1C745083: QEventLoop::activateTimers() (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C6FBC88: QEventLoop::processEvents(unsigned) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C767717: QEventLoop::enterLoop() (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7675C7: QEventLoop::exec() (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7554D0: QApplication::exec() (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1B958567: kdemain (konq_main.cc:206)
==2952==    by 0x80486CA: main (konqueror.la.cc:2)
==2952==  Address 0x1E6BCA10 is 0 bytes inside a block of size 52 free'd
==2952==    at 0x1B906CA8: operator delete(void*) (vg_replace_malloc.c:155)
==2952==    by 0x1BD291C3: KMimeType::~KMimeType() (kmimetype.cpp:448)
==2952==    by 0x1BD62F87: KFileItem::~KFileItem() (qvaluelist.h:235)
==2952==    by 0x1B96FB3D: QPtrList<KFileItem>::deleteItem(void*) (qptrlist.h:150)
==2952==    by 0x1CA66615: QGList::clear() (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1B96FA2C: QPtrList<KFileItem>::~QPtrList() (qptrlist.h:93)
==2952==    by 0x1BD81132: QCache<KDirListerCache::DirItem>::deleteItem(void*) (qcache.h:90)
==2952==    by 0x1CA6244D: QGCache::remove_string(QString const&) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1BD6A02C: KDirListerCache::listDir(KDirLister*, KURL const&, bool, bool) (qcache.h:70)
==2952==    by 0x1BD7AEE2: KDirLister::openURL(KURL const&, bool, bool) (kdirlister.cpp:1825)
==2952==    by 0x1E763982: KonqBaseListViewWidget::openURL(KURL const&) (konq_listviewwidget.cc:1024)
==2952==    by 0x1E76A014: KonqTreeViewWidget::openURL(KURL const&) (konq_treeviewwidget.cc:75)
==2952==    by 0x1E756750: KonqListView::doOpenURL(KURL const&) (konq_listview.cc:317)
==2952==    by 0x1BA6E3F2: KonqDirPart::openURL(KURL const&) (konq_dirpart.cc:645)
==2952==    by 0x1B967E0B: KonqView::openURL(KURL const&, QString const&, QString const&, bool) (konq_view.cc:218)
==2952==    by 0x1B9A6DA4: KonqMainWindow::openView(QString, KURL const&, KonqView*, KonqOpenURLRequest&) (konq_mainwindow.cc:882)
==2952==    by 0x1B9A50A5: KonqMainWindow::openURL(KonqView*, KURL const&, QString const&, KonqOpenURLRequest&, bool) (konq_mainwindow.cc:568)
==2952==    by 0x1B9AF4FE: KonqMainWindow::slotReload(KonqView*) (konq_mainwindow.cc:1746)
==2952==    by 0x1B9CFC16: KonqMainWindow::qt_invoke(int, QUObject*) (konq_mainwindow.moc:612)
==2952==    by 0x1C7B0ECE: QObject::activate_signal(QConnectionList*, QUObject*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
--2952-- disInstr: unhandled instruction bytes: 0xC4 0xA7 0xF6 0x1C
--2952--           at 0x1CF6A724: (within /usr/lib/libstdc++.so.5.0.7)
==2952== 
==2952== Invalid read of size 1
==2952==    at 0x1CF6A548: (within /usr/lib/libstdc++.so.5.0.7)
==2952==    by 0x1BD9A2F2: KIO::PreviewJob::startPreview() (qptrlist.h:174)
==2952==    by 0x1BD99632: KIO::PreviewJob::qt_invoke(int, QUObject*) (previewjob.moc:137)
==2952==    by 0x1C7B0ECE: QObject::activate_signal(QConnectionList*, QUObject*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1CAEB6D7: QSignal::signal(QVariant const&) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7CB16E: QSignal::activate() (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7D2942: QSingleShotTimer::event(QEvent*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C75529B: QApplication::internalNotify(QObject*, QEvent*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7548C4: QApplication::notify(QObject*, QEvent*) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C2AFAD1: KApplication::notify(QObject*, QEvent*) (kapplication.cpp:549)
==2952==    by 0x1C745083: QEventLoop::activateTimers() (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C6FBC88: QEventLoop::processEvents(unsigned) (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C767717: QEventLoop::enterLoop() (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7675C7: QEventLoop::exec() (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1C7554D0: QApplication::exec() (in $QTDIR/lib/libqt-mt.so.3.3.4)
==2952==    by 0x1B958567: kdemain (konq_main.cc:206)
==2952==    by 0x80486CA: main (konqueror.la.cc:2)
==2952==  Address 0xFB0FF7D5 is not stack'd, malloc'd or (recently) free'd
==2952== 
==2952== ERROR SUMMARY: 46 errors from 10 contexts (suppressed: 506 from 10)
==2952== malloc/free: in use at exit: 2157436 bytes in 62829 blocks.
==2952== malloc/free: 758760 allocs, 695931 frees, 19202760 bytes allocated.
==2952== For counts of detected errors, rerun with: -v
==2952== searching for pointers to 62829 not-freed blocks.
==2952== checked 14096504 bytes.
==2952== 
==2952== LEAK SUMMARY:
==2952==    definitely lost: 26060 bytes in 993 blocks.
==2952==      possibly lost: 356 bytes in 1 blocks.
==2952==    still reachable: 2131020 bytes in 61835 blocks.
==2952==         suppressed: 0 bytes in 0 blocks.
==2952== Use --leak-check=full to see details of leaked memory.

Comment 14 David Faure 2005-06-17 19:27:25 UTC

SVN commit 426556 by dfaure:

Fix KTar crash, e.g. when displaying the tooltip for a .deb file.
tmpFile wasn't initialized to 0 in both constructors(!)
CCBUG: 104454


 M  +5 -6      ktar.cpp  


--- trunk/KDE/kdelibs/kio/kio/ktar.cpp #426555:426556
@@ -45,7 +45,7 @@
 class KTar::KTarPrivate
 {
 public:
-    KTarPrivate() : tarEnd( 0 ) {}
+    KTarPrivate() : tarEnd( 0 ), tmpFile( 0 ) {}
     QStringList dirList;
     int tarEnd;
     KTempFile* tmpFile;
@@ -57,12 +57,10 @@
 };
 
 KTar::KTar( const QString& filename, const QString & _mimetype )
-    : KArchive( 0L )
+    : KArchive( 0 )
 {
     m_filename = filename;
     d = new KTarPrivate;
-    d->tmpFile = 0L;
-    d->mimetype = _mimetype;
     QString mimetype( _mimetype );
     bool forced = true;
     if ( mimetype.isEmpty() ) // Find out mimetype manually
@@ -107,8 +105,8 @@
             file.close();
         }
         forced = false;
-        d->mimetype = mimetype;
-    } // END mimetype.isEmpty()
+    }
+    d->mimetype = mimetype;
 
     prepareDevice( filename, mimetype, forced );
 }
@@ -144,6 +142,7 @@
 KTar::KTar( QIODevice * dev )
     : KArchive( dev )
 {
+    Q_ASSERT( dev );
     d = new KTarPrivate;
 }

Comment 15 David Faure 2005-06-17 19:29:30 UTC

SVN commit 426558 by dfaure:

Fix KTar crash, e.g. when displaying the tooltip for a .deb file.
tmpFile wasn't initialized to 0 in both constructors(!)

CCBUG: 104454
In fact this fixes the initial report in 104454, but the valgrind trace
there is very interesting for debugging #96405...


 M  +4 -5      ktar.cpp  


--- branches/KDE/3.4/kdelibs/kio/kio/ktar.cpp #426557:426558
@@ -45,7 +45,7 @@
 class KTar::KTarPrivate
 {
 public:
-    KTarPrivate() : tarEnd( 0 ) {}
+    KTarPrivate() : tarEnd( 0 ), tmpFile( 0 ) {}
     QStringList dirList;
     int tarEnd;
     KTempFile* tmpFile;
@@ -57,12 +57,10 @@
 };
 
 KTar::KTar( const QString& filename, const QString & _mimetype )
-    : KArchive( 0L )
+    : KArchive( 0 )
 {
     m_filename = filename;
     d = new KTarPrivate;
-    d->tmpFile = 0L;
-    d->mimetype = _mimetype;
     QString mimetype( _mimetype );
     bool forced = true;
     if ( mimetype.isEmpty() ) // Find out mimetype manually
@@ -107,8 +105,8 @@
             file.close();
         }
         forced = false;
+    }
         d->mimetype = mimetype;
-    } // END mimetype.isEmpty()
 
     prepareDevice( filename, mimetype, forced );
 }
@@ -144,6 +142,7 @@
 KTar::KTar( QIODevice * dev )
     : KArchive( dev )
 {
+    Q_ASSERT( dev );
     d = new KTarPrivate;
 }

Comment 16 David Faure 2005-06-17 19:59:59 UTC

OK the valgrind log means "konqlistview doesn't call KonqFileTip::setItem(0) on reload", which I just fixed (#96405/#100800). Thanks for the investigation!

Comment 17 Andreas Leuner 2005-06-20 09:53:19 UTC

I can no longer make Konqi crash following my description in comment 1.

Thanks for fixing this !