118706 – KGhostView crashes when opening file from the recent file list

Bug 118706 - KGhostView crashes when opening file from the recent file list

Summary: KGhostView crashes when opening file from the recent file list

Status:	RESOLVED FIXED

Alias:	None

Product:	kdelibs
Classification:	Unmaintained
Component:	general (other bugs)
Version First Reported In:	unspecified
Platform:	Fedora RPMs Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Thiago Macieira

URL:
Keywords:

Depends on:
Blocks:

Reported:	2005-12-20 12:14 UTC by Dan
Modified:	2005-12-20 14:51 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed/Implemented In:
Sentry Crash Report:

Attachments
Core dump (3.39 KB, text/plain) 2005-12-20 12:15 UTC, Dan	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Dan 2005-12-20 12:14:03 UTC

Version:           0.20 (Using KDE 3.5.0-1.7.fc4.kde) (using KDE KDE 3.5.0)
Installed from:    Fedora RPMs
OS:                Linux

How to reproduce:

* open the file http://www.net-security.org/dl/articles/Attacking_the_DNS_Protocol.pdf
(either directly from the URL, or download and save it to disk first)
* quit KGhostView (the file is now on top of the recent file list)
* start again and open the file through the recent file list - KGhostView crashes.

Comment 1 Dan 2005-12-20 12:15:24 UTC

Created attachment 13991 [details]
Core dump

Comment 2 Thiago Macieira 2005-12-20 13:01:10 UTC

Pasting the reporter's backtrace:

#4  0x071018df in KURL::hasSubURL () from /usr/lib/libkdecore.so.4
#5  0x071921df in KURL::fileName () from /usr/lib/libkdecore.so.4
#6  0x074aeb87 in KRecentFilesAction::addURL () from /usr/lib/libkdeui.so.4
#7  0x00434c7c in KGVShell::openURL () from /usr/lib/libkghostviewlib.so.0
#8  0x0044b88e in KGVShell::qt_invoke () from /usr/lib/libkghostviewlib.so.0
#9  0x069458d4 in QObject::activate_signal ()
   from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#10 0x073e472a in KRecentFilesAction::urlSelected ()
   from /usr/lib/libkdeui.so.4
#11 0x074139fb in KRecentFilesAction::itemSelected ()
   from /usr/lib/libkdeui.so.4
#12 0x074bb42f in KRecentFilesAction::qt_invoke () from /usr/lib/libkdeui.so.4
#13 0x069458d4 in QObject::activate_signal ()
   from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#14 0x0694629e in QObject::activate_signal ()
   from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#15 0x07414755 in KSelectAction::activated () from /usr/lib/libkdeui.so.4
#16 0x07414981 in KRecentFilesAction::slotActivated ()
   from /usr/lib/libkdeui.so.4
#17 0x074bb4d1 in KRecentFilesAction::qt_invoke () from /usr/lib/libkdeui.so.4
#18 0x069458d4 in QObject::activate_signal ()
   from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#19 0x06cbf876 in QSignal::signal () from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#20 0x06962ec3 in QSignal::activate () from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#21 0x0696b785 in QSingleShotTimer::event ()
   from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#22 0x068e054d in QApplication::internalNotify ()
   from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#23 0x068e0ecc in QApplication::notify ()
   from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#24 0x07182c7d in KApplication::notify () from /usr/lib/libkdecore.so.4
#25 0x068d4e12 in QEventLoop::activateTimers ()
   from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#26 0x06888fba in QEventLoop::processEvents ()
   from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#27 0x068f8c82 in QEventLoop::enterLoop ()
   from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#28 0x068f8ba6 in QEventLoop::exec () from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#29 0x068dff19 in QApplication::exec () from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#30 0x080491cc in ?? ()
#31 0x00bd3d5f in __libc_start_main () from /lib/libc.so.6
#32 0x08048fb5 in ?? ()

Comment 3 Thiago Macieira 2005-12-20 13:02:22 UTC

I can reproduce this. My backtrace is slightly different, though:

Using host libthread_db library "/lib/tls/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread -1235183936 (LWP 21803)]
[KCrash handler]
#7  0xb723e73c in QString::length (this=0x82177f8) at qstring.h:880
#8  0xb769999e in QString::findRev (this=0x82177f8, c=
      {static null = {static null = <same as static member of an already seen type>, static replacement = {static null = <same as static member of an already seen type>, static replacement = <same as static member of an already seen type>, static byteOrderMark = {static null = <same as static member of an already seen type>, static replacement = <same as static member of an already seen type>, static byteOrderMark = <same as static member of an already seen type>, static byteOrderSwapped = {static null = <same as static member of an already seen type>, static replacement = <same as static member of an already seen type>, static byteOrderMark = <same as static member of an already seen type>, static byteOrderSwapped = <same as static member of an already seen type>, static nbsp = {static null = <same as static member of an already seen type>, static replacement = <same as static member of an already seen type>, static byteOrderMark = <same as static member of an already seen type>, static byteOrderSwapped = <same as static member of an already seen type>, static nbsp = <same as static member of an already seen type>, ucs = 160}, ucs = 65534}, static nbsp = <same as static member of an already seen type>, ucs = 65279}, static byteOrderSwapped = <same as static member of an already seen type>, static nbsp = <same as static member of an already seen type>, ucs = 65533}, static byteOrderMark = <same as static member of an already seen type>, static byteOrderSwapped = <same as static member of an already seen type>, static nbsp = <same as static member of an already seen type>, ucs = 0}, static replacement = <same as static member of an already seen type>, static byteOrderMark = <same as static member of an already seen type>, static byteOrderSwapped = <same as static member of an already seen type>, static nbsp = <same as static member of an already seen type>, ucs = 47}, index=42, cs=true)
    at tools/qstring.cpp:3028
#9  0xb7b00fee in KURL::fileName (this=0x82177e8, _strip_trailing_slash=true)
    at qstring.h:256
#10 0xb7d636e7 in KRecentFilesAction::addURL (this=0x81b0ff0, url=@0x82177e8)
    at qstring.h:1044
#11 0xb7fa16e9 in KGVShell::openURL ()
   from /usr/local/kde3-r487700/lib/libkghostviewlib.so.0
#12 0xb7fa23ed in KGVShell::qt_invoke ()
   from /usr/local/kde3-r487700/lib/libkghostviewlib.so.0
#13 0xb732ca23 in QObject::activate_signal (this=0x81b0ff0, clist=0x81b1b40, 
    o=0xbfffecc0) at kernel/qobject.cpp:2356
#14 0xb7d553bd in KRecentFilesAction::urlSelected (this=0xbfffece8, 
    t0=@0x5f0053) at kactionclasses.moc:660
#15 0xb7d61cbb in KRecentFilesAction::itemSelected (this=0x81b0ff0, 
    text=@0x5f0053)
    at /home/thiago/programs/src/kde3/KDE/kdelibs/kdeui/kactionclasses.cpp:1276
#16 0xb7d6401d in KRecentFilesAction::qt_invoke (this=0x81b0ff0, _id=36, 
    _o=0xbfffee20) at qucom_p.h:453
#17 0xb732ca23 in QObject::activate_signal (this=0x81b0ff0, clist=0x81b1b78, 
    o=0xbfffee20) at kernel/qobject.cpp:2356
#18 0xb732d2b5 in QObject::activate_signal (this=0x81b0ff0, signal=6, param=
      {static null = {static null = <same as static member of an already seen type>, d = 0x804d070, static shared_null = 0x804d070}, d = 0x8217f20, static shared_null = 0x804d070}) at kernel/qobject.cpp:2451
#19 0xb7d54ac1 in KSelectAction::activated (this=0x5f0053, t0=@0x5f0053)
    at qmetaobject.h:261
#20 0xb7d54b45 in KRecentFilesAction::slotActivated (this=0x81b0ff0)
    at /home/thiago/programs/src/kde3/KDE/kdelibs/kdeui/kactionclasses.cpp:1353
#21 0xb7d63f7f in KRecentFilesAction::qt_invoke (this=0x81b0ff0, _id=42, 
    _o=0xbfffefb0) at kactionclasses.moc:681
#22 0xb732ca23 in QObject::activate_signal (this=0x81db7c0, clist=0x8140b60, 
    o=0xbfffefb0) at kernel/qobject.cpp:2356
#23 0xb770c060 in QSignal::signal (this=0x81db7c0, t0=@0x81db7e8)
    at .moc/debug-shared-mt/moc_qsignal.cpp:100
#24 0xb734f272 in QSignal::activate (this=0x81db7c0) at kernel/qsignal.cpp:212
#25 0xb7359317 in QSingleShotTimer::event (this=0x81db798)
    at kernel/qtimer.cpp:286
#26 0xb72bb725 in QApplication::internalNotify (this=0xbffff5e0, 
    receiver=0x81db798, e=0xbffff2e0) at kernel/qapplication.cpp:2635
#27 0xb72bab43 in QApplication::notify (this=0xbffff5e0, receiver=0x81db798, 
    e=0xbffff2e0) at kernel/qapplication.cpp:2358
#28 0xb7a3fc96 in KApplication::notify (this=0xbffff5e0, receiver=0x81db798, 
    event=0xbffff2e0)
    at /home/thiago/programs/src/kde3/KDE/kdelibs/kdecore/kapplication.cpp:550
#29 0xb723f9af in QApplication::sendEvent (receiver=0x81db798, 
    event=0xbffff2e0) at qapplication.h:496
#30 0xb72a669e in QEventLoop::activateTimers (this=0x8089828)
    at kernel/qeventloop_unix.cpp:556
#31 0xb72558d3 in QEventLoop::processEvents (this=0x8089828, flags=4)
    at kernel/qeventloop_x11.cpp:389
#32 0xb72d36a6 in QEventLoop::enterLoop (this=0x8089828)
    at kernel/qeventloop.cpp:198
#33 0xb72d35c4 in QEventLoop::exec (this=0x8089828)
    at kernel/qeventloop.cpp:145
#34 0xb72bb8c9 in QApplication::exec (this=0xbffff5e0)
    at kernel/qapplication.cpp:2758
#35 0x08049260 in main ()

Comment 4 Thiago Macieira 2005-12-20 13:42:06 UTC

Valgrind excerpts:

first entry:
==21944== Invalid read of size 4
==21944==    at 0x45726FD: KURL::hasSubURL() const (qstring.h:880)
==21944==    by 0x4578F39: KURL::fileName(bool) const (kurl.cpp:1677)
==21944==    by 0x41EF6E6: KRecentFilesAction::addURL(KURL const&) (qstring.h:1044)
==21944==    by 0x404C6E8: KGVShell::openURL(KURL const&) (in /usr/local/kde3-r487700/lib/libkghostviewlib.so.0.0.0)
==21944==    by 0x404D3EC: KGVShell::qt_invoke(int, QUObject*) (in /usr/local/kde3-r487700/lib/libkghostviewlib.so.0.0.0)
==21944==    by 0x4994A22: QObject::activate_signal(QConnectionList*, QUObject*) (qobject.cpp:2356)
==21944==    by 0x41E13BC: KRecentFilesAction::urlSelected(KURL const&) (kactionclasses.moc:660)
==21944==    by 0x41EDCBA: KRecentFilesAction::itemSelected(QString const&) (kactionclasses.cpp:1276)
==21944==    by 0x41F001C: KRecentFilesAction::qt_invoke(int, QUObject*) (qucom_p.h:453)
==21944==    by 0x4994A22: QObject::activate_signal(QConnectionList*, QUObject*) (qobject.cpp:2356)
==21944==    by 0x49952B4: QObject::activate_signal(int, QString) (qobject.cpp:2451)
==21944==    by 0x41E0AC0: KSelectAction::activated(QString const&) (qmetaobject.h:261)
==21944==  Address 0x5AFA560 is 16 bytes inside a block of size 60 free'd
==21944==    at 0x40201CE: operator delete(void*) (vg_replace_malloc.c:246)
==21944==    by 0x41F2132: QMap<QString, KURL>::erase(QString const&) (qstring.h:848)
==21944==    by 0x41EFC53: KRecentFilesAction::addURL(KURL const&) (kactionclasses.cpp:1114)
==21944==    by 0x404C6E8: KGVShell::openURL(KURL const&) (in /usr/local/kde3-r487700/lib/libkghostviewlib.so.0.0.0)
==21944==    by 0x404D3EC: KGVShell::qt_invoke(int, QUObject*) (in /usr/local/kde3-r487700/lib/libkghostviewlib.so.0.0.0)
==21944==    by 0x4994A22: QObject::activate_signal(QConnectionList*, QUObject*) (qobject.cpp:2356)
==21944==    by 0x41E13BC: KRecentFilesAction::urlSelected(KURL const&) (kactionclasses.moc:660)
==21944==    by 0x41EDCBA: KRecentFilesAction::itemSelected(QString const&) (kactionclasses.cpp:1276)
==21944==    by 0x41F001C: KRecentFilesAction::qt_invoke(int, QUObject*) (qucom_p.h:453)
==21944==    by 0x4994A22: QObject::activate_signal(QConnectionList*, QUObject*) (qobject.cpp:2356)
==21944==    by 0x49952B4: QObject::activate_signal(int, QString) (qobject.cpp:2451)
==21944==    by 0x41E0AC0: KSelectAction::activated(QString const&) (qmetaobject.h:261)

first entry where KRecentFilesAction::addURL is not in qstring.h:
==21944== Invalid read of size 4
==21944==    at 0x45726FD: KURL::hasSubURL() const (qstring.h:880)
==21944==    by 0x4578F39: KURL::fileName(bool) const (kurl.cpp:1677)
==21944==    by 0x41EF860: KRecentFilesAction::addURL(KURL const&) (kactionclasses.cpp:1132)
==21944==    by 0x404C6E8: KGVShell::openURL(KURL const&) (in /usr/local/kde3-r487700/lib/libkghostviewlib.so.0.0.0)
==21944==    by 0x404D3EC: KGVShell::qt_invoke(int, QUObject*) (in /usr/local/kde3-r487700/lib/libkghostviewlib.so.0.0.0)
==21944==    by 0x4994A22: QObject::activate_signal(QConnectionList*, QUObject*) (qobject.cpp:2356)
==21944==    by 0x41E13BC: KRecentFilesAction::urlSelected(KURL const&) (kactionclasses.moc:660)
==21944==    by 0x41EDCBA: KRecentFilesAction::itemSelected(QString const&) (kactionclasses.cpp:1276)
==21944==    by 0x41F001C: KRecentFilesAction::qt_invoke(int, QUObject*) (qucom_p.h:453)
==21944==    by 0x4994A22: QObject::activate_signal(QConnectionList*, QUObject*) (qobject.cpp:2356)
==21944==    by 0x49952B4: QObject::activate_signal(int, QString) (qobject.cpp:2451)
==21944==    by 0x41E0AC0: KSelectAction::activated(QString const&) (qmetaobject.h:261)
==21944==  Address 0x5AFA560 is 16 bytes inside a block of size 60 free'd
==21944==    at 0x40201CE: operator delete(void*) (vg_replace_malloc.c:246)
==21944==    by 0x41F2132: QMap<QString, KURL>::erase(QString const&) (qstring.h:848)
==21944==    by 0x41EFC53: KRecentFilesAction::addURL(KURL const&) (kactionclasses.cpp:1114)
==21944==    by 0x404C6E8: KGVShell::openURL(KURL const&) (in /usr/local/kde3-r487700/lib/libkghostviewlib.so.0.0.0)
==21944==    by 0x404D3EC: KGVShell::qt_invoke(int, QUObject*) (in /usr/local/kde3-r487700/lib/libkghostviewlib.so.0.0.0)
==21944==    by 0x4994A22: QObject::activate_signal(QConnectionList*, QUObject*) (qobject.cpp:2356)
==21944==    by 0x41E13BC: KRecentFilesAction::urlSelected(KURL const&) (kactionclasses.moc:660)
==21944==    by 0x41EDCBA: KRecentFilesAction::itemSelected(QString const&) (kactionclasses.cpp:1276)
==21944==    by 0x41F001C: KRecentFilesAction::qt_invoke(int, QUObject*) (qucom_p.h:453)
==21944==    by 0x4994A22: QObject::activate_signal(QConnectionList*, QUObject*) (qobject.cpp:2356)
==21944==    by 0x49952B4: QObject::activate_signal(int, QString) (qobject.cpp:2451)
==21944==    by 0x41E0AC0: KSelectAction::activated(QString const&) (qmetaobject.h:261)

Comment 5 Thiago Macieira 2005-12-20 14:35:22 UTC

The bug is in kdelibs.

Comment 6 Thiago Macieira 2005-12-20 14:51:38 UTC

David fixed this bug a week ago.

SVN commits 488107 and 488112.