Bug 170963 - Segfault in KIO::UDSEntry::numberValue
Summary: Segfault in KIO::UDSEntry::numberValue
Status: RESOLVED FIXED
Alias: None
Product: kio
Classification: Unmaintained
Component: general (show other bugs)
Version: unspecified
Platform: Compiled Sources Linux
: NOR crash
Target Milestone: ---
Assignee: Rafael Fernández López
URL:
Keywords:
: 171437 (view as bug list)
Depends on:
Blocks:
 
Reported: 2008-09-13 06:27 UTC by Daniel Richard G.
Modified: 2008-09-25 16:28 UTC (History)
2 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
possible fix (907 bytes, patch)
2008-09-24 01:05 UTC, David Faure 		Details
Possible fix 2 (920 bytes, patch)
2008-09-24 01:23 UTC, Rafael Fernández López 		Details
Show Obsolete (1) View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Richard G. 2008-09-13 06:27:51 UTC 
Version:            (using Devel)
OS:                Linux
Installed from:    Compiled sources

Encountered this during a particularly heavy Konqueror Web-browsing session, right after (quickly) closing a pop-up "Save as..." window for what I believe was an inline Flash object:

Program received signal SIGSEGV, Segmentation fault.
KIO::UDSEntry::numberValue (this=0xe0, field=33554445, defaultValue=0)
    at /opt/kde4/include/QtCore/qhash.h:833
833         return const_iterator(*findNode(akey));

BT:

#0  KIO::UDSEntry::numberValue (this=0xe0, field=33554445, defaultValue=0)
    at /opt/kde4/include/QtCore/qhash.h:833
#1  0x00002b2985cc8e70 in KIO::UDSEntry::isDir (this=0xe0)
    at /scratch/kdesvn/kdelibs/kio/kio/udsentry.cpp:86
#2  0x00002aaab61d3ad1 in KFileWidget (this=0x13d45c70,
    startDir=<value optimized out>, parent=<value optimized out>)
    at /scratch/kdesvn/kdelibs/kfile/kfilewidget.cpp:464
#3  0x00002aaab5e6ade4 in KFileModule::createFileWidget (
    this=<value optimized out>, startDir=@0x7fff254f6bd0,
    parent=0x7fff254f6b60) at /scratch/kdesvn/kdelibs/kfile/kfilemodule.cpp:36
#4  0x00002b2985d007fc in KFileDialog (this=0x7fff254f6b60,
    startDir=@0x7fff254f6bd0, filter=@0x7fff254f6f40,
    parent=<value optimized out>, customWidget=0x0)
    at /scratch/kdesvn/kdelibs/kio/kfile/kfiledialog.cpp:221
#5  0x00002b2985d02abb in KFileDialog::getSaveUrl (dir=@0x7fff254f6d70,
    filter=@0x7fff254f6f40, parent=0x1285d940, caption=@0x7fff254f6f50)
    at /scratch/kdesvn/kdelibs/kio/kfile/kfiledialog.cpp:682
#6  0x00002aaaacc20bb3 in KHTMLPopupGUIClient::saveURL (parent=0x1285d940,
    caption=@0x7fff254f6f50, url=@0x7fff254f7000, metadata=@0x13b639b8,
    filter=@0x7fff254f6f40, cacheId=0, suggestedFilename=@0x7fff254f70c0)
    at /scratch/kdesvn/kdelibs/khtml/khtml_ext.cpp:922
#7  0x00002aaaacc06c27 in KHTMLRun::save (this=0x13b65760,
    url=@0x7fff254f7000, suggestedFilename=@0x7fff254f70c0)
    at /scratch/kdesvn/kdelibs/khtml/khtml_run.cpp:97
#8  0x00002b2987cf0673 in KParts::BrowserRun::handleNonEmbeddable (
    this=0x13b65760, _mimeType=<value optimized out>)
    at /scratch/kdesvn/kdelibs/kparts/browserrun.cpp:241
#9  0x00002aaaacc06f1f in KHTMLRun::foundMimeType (this=0x13b65760,
    _type=<value optimized out>)
    at /scratch/kdesvn/kdelibs/khtml/khtml_run.cpp:63
#10 0x00002b2985c6f35a in KRun::mimeTypeDetermined (this=0x13b65760,
    mimeType=@0x7fff254f7330) at /scratch/kdesvn/kdelibs/kio/kio/krun.cpp:1120
#11 0x00002b2987cf11b7 in KParts::BrowserRun::slotBrowserMimetype (
    this=0x13b65760, _job=<value optimized out>, type=@0x7fff254f78d0)
    at /scratch/kdesvn/kdelibs/kparts/browserrun.cpp:222
#12 0x00002b2987cf27bd in KParts::BrowserRun::qt_metacall (this=0x13b65760,
    _c=QMetaObject::InvokeMetaMethod, _id=-3, _a=0x7fff254f75b0)
    at /scratch/kdesvn/build/kdelibs/kparts/browserrun.moc:73
#13 0x00002b2986a1d62d in QMetaObject::activate (sender=0x13b61210,
    from_signal_index=44, to_signal_index=44, argv=0x7fff254f75b0)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qobject.cpp:3013
#14 0x00002b2986a1da83 in QMetaObject::activate (sender=0x13b61210,
    m=0x2b2985ecc140, local_signal_index=4, argv=0x7fff254f75b0)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qobject.cpp:3086
#15 0x00002b2985bf9587 in KIO::TransferJob::mimetype (this=0xe0,
    _t1=0x13b61210, _t2=<value optimized out>)
    at /scratch/kdesvn/build/kdelibs/kio/jobclasses.moc:384
#16 0x00002b2985c0aa3e in KIO::TransferJob::qt_metacall (this=0x13b61210,
    _c=QMetaObject::InvokeMetaMethod, _id=10, _a=0x7fff254f7740)
    at /scratch/kdesvn/build/kdelibs/kio/jobclasses.moc:339
#17 0x00002b2986a1d62d in QMetaObject::activate (sender=0x13b16310,
    from_signal_index=23, to_signal_index=23, argv=0x7fff254f7740)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qobject.cpp:3013
#18 0x00002b2986a1da83 in QMetaObject::activate (sender=0x13b16310,
    m=0x2b2985ed1540, local_signal_index=19, argv=0x7fff254f7740)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qobject.cpp:3086
#19 0x00002b2985cbeaa5 in KIO::SlaveInterface::mimeType (this=0xe0,
    _t1=<value optimized out>)
    at /scratch/kdesvn/build/kdelibs/kio/slaveinterface.moc:265
#20 0x00002b2985cc2edf in KIO::SlaveInterface::dispatch (this=0x13b16310,
    _cmd=21, rawdata=<value optimized out>)
    at /scratch/kdesvn/kdelibs/kio/kio/slaveinterface.cpp:285
#21 0x00002b2985cbf157 in KIO::SlaveInterface::dispatch (this=0x13b16310)
    at /scratch/kdesvn/kdelibs/kio/kio/slaveinterface.cpp:91
#22 0x00002b2985cae8c3 in KIO::Slave::gotInput (this=0x13b16310)
    at /scratch/kdesvn/kdelibs/kio/kio/slave.cpp:319
#23 0x00002b2985caf4fa in KIO::Slave::qt_metacall (this=0x13b16310,
    _c=QMetaObject::InvokeMetaMethod, _id=224, _a=0x7fff254f7b50)
    at /scratch/kdesvn/build/kdelibs/kio/slave.moc:75
#24 0x00002b2986a1d62d in QMetaObject::activate (sender=0x13b847a0,
    from_signal_index=4, to_signal_index=4, argv=0x0)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qobject.cpp:3013
#25 0x00002b2986a1da83 in QMetaObject::activate (sender=0x13b847a0,
    m=0x2b2985ecae40, local_signal_index=0, argv=0x0)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qobject.cpp:3086
#26 0x00002b2985bc9677 in KIO::ConnectionPrivate::dequeue (this=0x13b84cd0)
    at /scratch/kdesvn/kdelibs/kio/kio/connection.cpp:82
#27 0x00002b2985bc99c2 in KIO::Connection::qt_metacall (this=0x13b847a0,
    _c=QMetaObject::InvokeMetaMethod, _id=224, _a=0x12ef4400)
    at /scratch/kdesvn/build/kdelibs/kio/connection.moc:72
#28 0x00002b2986a17cad in QMetaCallEvent::placeMetaCall (this=0xc5c3760,
    object=0x13b847a0)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qobject.cpp:535
#29 0x00002b2986a1c834 in QObject::event (this=0x13b847a0, e=0xc5c3760)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qobject.cpp:1137
#30 0x00002b298739b5c5 in QApplicationPrivate::notify_helper (this=0x5196b0,
    receiver=0x13b847a0, e=0xc5c3760)
    at /scratch/kdesvn/qt-copy/src/gui/kernel/qapplication.cpp:3800
#31 0x00002b298739b8e7 in QApplication::notify (this=0x7fff254fb0d0,
    receiver=0x13b847a0, e=0xc5c3760)
    at /scratch/kdesvn/qt-copy/src/gui/kernel/qapplication.cpp:3392
#32 0x00002b29860ea51b in KApplication::notify (this=0x7fff254fb0d0,
    receiver=0x13b847a0, event=0xc5c3760)
    at /scratch/kdesvn/kdelibs/kdeui/kernel/kapplication.cpp:311
#33 0x00002b2986a098e4 in QCoreApplication::notifyInternal (
    this=0x7fff254fb0d0, receiver=0x13b847a0, event=0xc5c3760)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qcoreapplication.cpp:587
#34 0x00002b2986a0d1b3 in QCoreApplication::sendEvent (receiver=0x13b847a0,
    event=0xc5c3760)
    at ../../include/QtCore/../../../../qt-copy/src/corelib/kernel/qcoreapplication.h:215
#35 0x00002b2986a09e99 in QCoreApplicationPrivate::sendPostedEvents (
    receiver=0x0, event_type=0, data=0x502de0)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qcoreapplication.cpp:1199
#36 0x00002b2986a0a062 in QCoreApplication::sendPostedEvents (receiver=0x0,
    event_type=0)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qcoreapplication.cpp:1095
#37 0x00002b2986a381c9 in QCoreApplication::sendPostedEvents ()
    at ../../include/QtCore/../../../../qt-copy/src/corelib/kernel/qcoreapplication.h:220
#38 0x00002b2986a37201 in postEventSourceDispatch (s=0x51ccf0)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qeventdispatcher_glib.cpp:211
#39 0x00002b2989e4e913 in g_main_context_dispatch ()
   from /usr/lib/libglib-2.0.so.0
#40 0x00002b2989e5175d in g_main_context_check ()
   from /usr/lib/libglib-2.0.so.0
#41 0x00002b2989e51c7e in g_main_context_iteration ()
   from /usr/lib/libglib-2.0.so.0
#42 0x00002b2986a36852 in QEventDispatcherGlib::processEvents (this=0x514510,
    flags=@0x7fff254f8710)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qeventdispatcher_glib.cpp:325
#43 0x00002b298743a6e7 in QGuiEventDispatcherGlib::processEvents (
    this=0x514510, flags=@0x7fff254f8770)
    at /scratch/kdesvn/qt-copy/src/gui/kernel/qguieventdispatcher_glib.cpp:204
#44 0x00002b2986a06878 in QEventLoop::processEvents (this=0x7fff254f8810,
    flags=@0x7fff254f87d0)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qeventloop.cpp:149
#45 0x00002b2986a06a73 in QEventLoop::exec (this=0x7fff254f8810,
    flags=@0x7fff254f8820)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qeventloop.cpp:196
#46 0x00002b2985c937cc in KIO::NetAccess::enter_loop (this=0x7fff254f8890)
    at /scratch/kdesvn/kdelibs/kio/kio/netaccess.cpp:494
#47 0x00002b2985c93f1f in KIO::NetAccess::synchronousRunInternal (
    this=0x7fff254f8890, job=0x13d3e6f0, window=0x0, data=0x0, finalURL=0x0,
    metaData=<value optimized out>)
    at /scratch/kdesvn/kdelibs/kio/kio/netaccess.cpp:479
#48 0x00002b2985c942a0 in KIO::NetAccess::synchronousRun (job=0x13d3e6f0,
    window=0x0, data=0x0, finalURL=0x0, metaData=0x0)
    at /scratch/kdesvn/kdelibs/kio/kio/netaccess.cpp:273
#49 0x00002aaab61d3ab7 in KFileWidget (this=0xe914de0,
    startDir=<value optimized out>, parent=<value optimized out>)
    at /scratch/kdesvn/kdelibs/kfile/kfilewidget.cpp:461
#50 0x00002aaab5e6ade4 in KFileModule::createFileWidget (
    this=<value optimized out>, startDir=@0x7fff254f9240,
    parent=0x7fff254f91d0) at /scratch/kdesvn/kdelibs/kfile/kfilemodule.cpp:36
#51 0x00002b2985d007fc in KFileDialog (this=0x7fff254f91d0,
    startDir=@0x7fff254f9240, filter=@0x7fff254f95b0,
    parent=<value optimized out>, customWidget=0x0)
    at /scratch/kdesvn/kdelibs/kio/kfile/kfiledialog.cpp:221
#52 0x00002b2985d02abb in KFileDialog::getSaveUrl (dir=@0x7fff254f93e0,
    filter=@0x7fff254f95b0, parent=0x1285d940, caption=@0x7fff254f95c0)
    at /scratch/kdesvn/kdelibs/kio/kfile/kfiledialog.cpp:682
#53 0x00002aaaacc20bb3 in KHTMLPopupGUIClient::saveURL (parent=0x1285d940,
    caption=@0x7fff254f95c0, url=@0x7fff254f9670, metadata=@0x13b60828,
    filter=@0x7fff254f95b0, cacheId=0, suggestedFilename=@0x7fff254f9730)
    at /scratch/kdesvn/kdelibs/khtml/khtml_ext.cpp:922
#54 0x00002aaaacc06c27 in KHTMLRun::save (this=0x13b625d0,
    url=@0x7fff254f9670, suggestedFilename=@0x7fff254f9730)
    at /scratch/kdesvn/kdelibs/khtml/khtml_run.cpp:97
#55 0x00002b2987cf0673 in KParts::BrowserRun::handleNonEmbeddable (
    this=0x13b625d0, _mimeType=<value optimized out>)
    at /scratch/kdesvn/kdelibs/kparts/browserrun.cpp:241
#56 0x00002aaaacc06f1f in KHTMLRun::foundMimeType (this=0x13b625d0,
    _type=<value optimized out>)
    at /scratch/kdesvn/kdelibs/khtml/khtml_run.cpp:63
#57 0x00002b2985c6f35a in KRun::mimeTypeDetermined (this=0x13b625d0,
    mimeType=@0x7fff254f99a0) at /scratch/kdesvn/kdelibs/kio/kio/krun.cpp:1120
#58 0x00002b2987cf11b7 in KParts::BrowserRun::slotBrowserMimetype (
    this=0x13b625d0, _job=<value optimized out>, type=@0x7fff254f9f40)
    at /scratch/kdesvn/kdelibs/kparts/browserrun.cpp:222
#59 0x00002b2987cf27bd in KParts::BrowserRun::qt_metacall (this=0x13b625d0,
    _c=QMetaObject::InvokeMetaMethod, _id=-3, _a=0x7fff254f9c20)
    at /scratch/kdesvn/build/kdelibs/kparts/browserrun.moc:73
#60 0x00002b2986a1d62d in QMetaObject::activate (sender=0xd17f8e0,
    from_signal_index=44, to_signal_index=44, argv=0x7fff254f9c20)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qobject.cpp:3013
#61 0x00002b2986a1da83 in QMetaObject::activate (sender=0xd17f8e0,
    m=0x2b2985ecc140, local_signal_index=4, argv=0x7fff254f9c20)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qobject.cpp:3086
#62 0x00002b2985bf9587 in KIO::TransferJob::mimetype (this=0xe0,
    _t1=0xd17f8e0, _t2=<value optimized out>)
    at /scratch/kdesvn/build/kdelibs/kio/jobclasses.moc:384
#63 0x00002b2985c0aa3e in KIO::TransferJob::qt_metacall (this=0xd17f8e0,
    _c=QMetaObject::InvokeMetaMethod, _id=10, _a=0x7fff254f9db0)
    at /scratch/kdesvn/build/kdelibs/kio/jobclasses.moc:339
#64 0x00002b2986a1d62d in QMetaObject::activate (sender=0x13b64d90,
    from_signal_index=23, to_signal_index=23, argv=0x7fff254f9db0)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qobject.cpp:3013
#65 0x00002b2986a1da83 in QMetaObject::activate (sender=0x13b64d90,
    m=0x2b2985ed1540, local_signal_index=19, argv=0x7fff254f9db0)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qobject.cpp:3086
#66 0x00002b2985cbeaa5 in KIO::SlaveInterface::mimeType (this=0xe0,
    _t1=<value optimized out>)
    at /scratch/kdesvn/build/kdelibs/kio/slaveinterface.moc:265
#67 0x00002b2985cc2edf in KIO::SlaveInterface::dispatch (this=0x13b64d90,
    _cmd=21, rawdata=<value optimized out>)
    at /scratch/kdesvn/kdelibs/kio/kio/slaveinterface.cpp:285
#68 0x00002b2985cbf157 in KIO::SlaveInterface::dispatch (this=0x13b64d90)
    at /scratch/kdesvn/kdelibs/kio/kio/slaveinterface.cpp:91
#69 0x00002b2985cae8c3 in KIO::Slave::gotInput (this=0x13b64d90)
    at /scratch/kdesvn/kdelibs/kio/kio/slave.cpp:319
#70 0x00002b2985caf4fa in KIO::Slave::qt_metacall (this=0x13b64d90,
    _c=QMetaObject::InvokeMetaMethod, _id=224, _a=0x7fff254fa1c0)
    at /scratch/kdesvn/build/kdelibs/kio/slave.moc:75
#71 0x00002b2986a1d62d in QMetaObject::activate (sender=0x13b14850,
    from_signal_index=4, to_signal_index=4, argv=0x0)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qobject.cpp:3013
#72 0x00002b2986a1da83 in QMetaObject::activate (sender=0x13b14850,
    m=0x2b2985ecae40, local_signal_index=0, argv=0x0)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qobject.cpp:3086
#73 0x00002b2985bc9677 in KIO::ConnectionPrivate::dequeue (this=0x13b14f20)
    at /scratch/kdesvn/kdelibs/kio/kio/connection.cpp:82
#74 0x00002b2985bc99c2 in KIO::Connection::qt_metacall (this=0x13b14850,
    _c=QMetaObject::InvokeMetaMethod, _id=224, _a=0xc0dab60)
    at /scratch/kdesvn/build/kdelibs/kio/connection.moc:72
#75 0x00002b2986a17cad in QMetaCallEvent::placeMetaCall (this=0x1259c700,
    object=0x13b14850)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qobject.cpp:535
#76 0x00002b2986a1c834 in QObject::event (this=0x13b14850, e=0x1259c700)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qobject.cpp:1137
#77 0x00002b298739b5c5 in QApplicationPrivate::notify_helper (this=0x5196b0,
    receiver=0x13b14850, e=0x1259c700)
    at /scratch/kdesvn/qt-copy/src/gui/kernel/qapplication.cpp:3800
#78 0x00002b298739b8e7 in QApplication::notify (this=0x7fff254fb0d0,
    receiver=0x13b14850, e=0x1259c700)
    at /scratch/kdesvn/qt-copy/src/gui/kernel/qapplication.cpp:3392
#79 0x00002b29860ea51b in KApplication::notify (this=0x7fff254fb0d0,
    receiver=0x13b14850, event=0x1259c700)
    at /scratch/kdesvn/kdelibs/kdeui/kernel/kapplication.cpp:311
#80 0x00002b2986a098e4 in QCoreApplication::notifyInternal (
    this=0x7fff254fb0d0, receiver=0x13b14850, event=0x1259c700)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qcoreapplication.cpp:587
#81 0x00002b2986a0d1b3 in QCoreApplication::sendEvent (receiver=0x13b14850,
    event=0x1259c700)
    at ../../include/QtCore/../../../../qt-copy/src/corelib/kernel/qcoreapplication.h:215
#82 0x00002b2986a09e99 in QCoreApplicationPrivate::sendPostedEvents (
    receiver=0x0, event_type=0, data=0x502de0)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qcoreapplication.cpp:1199
#83 0x00002b2986a0a062 in QCoreApplication::sendPostedEvents (receiver=0x0,
    event_type=0)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qcoreapplication.cpp:1095
#84 0x00002b2986a381c9 in QCoreApplication::sendPostedEvents ()
    at ../../include/QtCore/../../../../qt-copy/src/corelib/kernel/qcoreapplication.h:220
#85 0x00002b2986a37201 in postEventSourceDispatch (s=0x51ccf0)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qeventdispatcher_glib.cpp:211
#86 0x00002b2989e4e913 in g_main_context_dispatch ()
   from /usr/lib/libglib-2.0.so.0
#87 0x00002b2989e5175d in g_main_context_check ()
   from /usr/lib/libglib-2.0.so.0
#88 0x00002b2989e51c7e in g_main_context_iteration ()
   from /usr/lib/libglib-2.0.so.0
#89 0x00002b2986a36852 in QEventDispatcherGlib::processEvents (this=0x514510,
    flags=@0x7fff254fad80)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qeventdispatcher_glib.cpp:325
#90 0x00002b298743a6e7 in QGuiEventDispatcherGlib::processEvents (
    this=0x514510, flags=@0x7fff254fade0)
    at /scratch/kdesvn/qt-copy/src/gui/kernel/qguieventdispatcher_glib.cpp:204
#91 0x00002b2986a06878 in QEventLoop::processEvents (this=0x7fff254fae90,
    flags=@0x7fff254fae40)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qeventloop.cpp:149
#92 0x00002b2986a06a73 in QEventLoop::exec (this=0x7fff254fae90,
    flags=@0x7fff254faea0)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qeventloop.cpp:196
#93 0x00002b2986a0a16e in QCoreApplication::exec ()
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qcoreapplication.cpp:849
#94 0x00002b298739b326 in QApplication::exec ()
    at /scratch/kdesvn/qt-copy/src/gui/kernel/qapplication.cpp:3330
#95 0x00002b29857952bf in kdemain (argc=<value optimized out>,
    argv=<value optimized out>)
    at /scratch/kdesvn/kdebase/apps/konqueror/src/konqmain.cpp:227
#96 0x00002b2988d6a4ca in __libc_start_main () from /lib/libc.so.6
#97 0x000000000040075a in _start () at ../sysdeps/x86_64/elf/start.S:113
Comment 1 Daniel Richard G. 2008-09-13 07:35:09 UTC 
I've found a way to reproduce this bug.

It occurs with a page on LinuxGazette.net that has inline Flash objects referenced in such a way that triggers Konqueror's "Save as..." dialog (whereas most Flash objects are correctly ignored, as this is an x86-64 system and no Flash plug-in is installed). When the dialog goes away---whether you hit Cancel, or actually saved the object---Konqueror crashes.

Here's the kicker, however: the bug occurs only when the page is opened as a Google Images search result, inside a frame. If you open the page directly, three "Save as..." dialogs come up, and otherwise work as they should.

Loading this URL will do the trick:

http://images.google.com/imgres?imgurl=http://linuxgazette.net/122/misc/sreejith/pport.png&imgrefurl=http://linuxgazette.net/122/TWDT.html&start=3&h=288&w=451&sz=5&tbnid=F_GN_4-ALQk5hM:&tbnh=81&tbnw=127&hl=en&prev=/images%3Fq%3Dparallel%2Btimeline%2Blinux%2Bpostscript%26um%3D1%26hl%3Den%26sa%3DG&um=1&usg=__WUsJ8WSZCw7tooRObOI_7v1LObM=
Comment 2 David Faure 2008-09-15 18:16:45 UTC 
Where in that huge webpage should I click to trigger the bug?
ereslibre just merged in a number of changes to the file dialog (where this crash is), can you retest to see if the bug is there?
Comment 3 Daniel Richard G. 2008-09-16 05:11:11 UTC 
There is no need to click within the page; just loading it should trigger the "Save as" dialogs as the browser encounters the respective Flash objects. (That's what I meant by the objects being embedded in an unusual manner---perhaps the server is sending them with an application/octet-stream MIME type?)

Will try out the new code and report back ASAP.
Comment 4 Daniel Richard G. 2008-09-16 07:30:44 UTC 
I've confirmed that the segfault behavior is still present, and still reproducible in the same way. This is with kdelibs at r861398.

(By the way, a clarification of my previous comment: When you load the LinuxGazette.net page directly, three file dialogs come up, and no crash occurs thereafter. When you load it in a frame, you get one file dialog, and an unavoidable crash when the dialog closes.)

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 47250077176080 (LWP 7133)]
QHash<unsigned int, KIO::UDSEntryPrivate::Field>::findNode (this=0xa,
    akey=@0x7fff6bf0c344, ahp=0x0) at /opt/kde4/include/QtCore/qhash.h:862
862         if (d->numBuckets) {
(gdb) print d
$1 = 0

Partial BT:

#0  QHash<unsigned int, KIO::UDSEntryPrivate::Field>::findNode (this=0xa,
    akey=@0x7fff6bf0c344, ahp=0x0) at /opt/kde4/include/QtCore/qhash.h:862
#1  0x00002af93f2b43fb in KIO::UDSEntry::numberValue (this=0x17fa180,
    field=33554445, defaultValue=0) at /opt/kde4/include/QtCore/qhash.h:833
#2  0x00002af93f2b4430 in KIO::UDSEntry::isDir (this=0xa)
    at /scratch/kdesvn/kdelibs/kio/kio/udsentry.cpp:86
#3  0x00002aaab058d138 in KFileWidget (this=0x1557740,
    startDir=<value optimized out>, parent=<value optimized out>)
    at /scratch/kdesvn/kdelibs/kfile/kfilewidget.cpp:486
#4  0x00002aaab0227de4 in KFileModule::createFileWidget (
    this=<value optimized out>, startDir=@0x7fff6bf0cd20,
    parent=0x7fff6bf0ccb0) at /scratch/kdesvn/kdelibs/kfile/kfilemodule.cpp:36
#5  0x00002af93f2ec02c in KFileDialog (this=0x7fff6bf0ccb0,
    startDir=@0x7fff6bf0cd20, filter=@0x7fff6bf0d090,
    parent=<value optimized out>, customWidget=0x0)
    at /scratch/kdesvn/kdelibs/kio/kfile/kfiledialog.cpp:221
#6  0x00002af93f2ee2eb in KFileDialog::getSaveUrl (dir=@0x7fff6bf0cec0,
    filter=@0x7fff6bf0d090, parent=0x553f90, caption=@0x7fff6bf0d0a0)
    at /scratch/kdesvn/kdelibs/kio/kfile/kfiledialog.cpp:682
#7  0x00002aaaaaf5e543 in KHTMLPopupGUIClient::saveURL (parent=0x553f90,
    caption=@0x7fff6bf0d0a0, url=@0x7fff6bf0d150, metadata=@0x17222c8,
    filter=@0x7fff6bf0d090, cacheId=0, suggestedFilename=@0x7fff6bf0d210)
    at /scratch/kdesvn/kdelibs/khtml/khtml_ext.cpp:922
#8  0x00002aaaaaf43a77 in KHTMLRun::save (this=0x1723df0, url=@0x7fff6bf0d150,
    suggestedFilename=@0x7fff6bf0d210)
    at /scratch/kdesvn/kdelibs/khtml/khtml_run.cpp:97
#9  0x00002af9412f0a53 in KParts::BrowserRun::handleNonEmbeddable (
    this=0x1723df0, _mimeType=<value optimized out>)
    at /scratch/kdesvn/kdelibs/kparts/browserrun.cpp:241
#10 0x00002aaaaaf43d6f in KHTMLRun::foundMimeType (this=0x1723df0,
    _type=<value optimized out>)
    at /scratch/kdesvn/kdelibs/khtml/khtml_run.cpp:63
...
Comment 5 David Faure 2008-09-16 10:53:04 UTC 
I don't get filedialogs here (not sure if this computer has flash set up or not), but anyway, from your backtrace I see what the problem is. Rafael didn't check the return value of synchronousRun so the statResult() being accessed is invalid. Fix committed in r861471 (kdelibs), please retest.
Comment 6 Rafael Fernández López 2008-09-16 11:10:45 UTC 
I see. I couldn't reproduce this one because nspluginviewer was crashing for me, so no download dialog for me.
Comment 7 Daniel Richard G. 2008-09-17 05:31:34 UTC 
I'm afraid the segfault is still occurring, as of kdelibs r861567. (I've double-checked that I'm not using an old build.)

This time, I loaded the URL various times, to see how consistent the crash behavior is. Here are my observations:

* Now, two "Save As" dialogs come up instead of one, one right after the other.

* When I start clicking away the two dialogs, behavior is varied. Sometimes it crashes after the first one, sometimes after the second one, and sometimes (rarely) the browser actually stays up after both dialogs are gone.

* Curiously enough, when there are two "Save As" dialogs, the second one modally "locks out" the first. (I wonder if this is something for which a separate bug should be filed.)

* When I get a segfault, it seems to happen in one of two places. Below are partial backtraces from each point. I seem to get the first one more frequently than the second.


If either of you would like me to do some state-peeking at the point of segfault, just tell me where to look. This crash is trivial to reproduce for me.


Segfault 1 of 2:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 46978835308816 (LWP 14053)]
KIO::UDSEntry::numberValue (this=0xe0, field=33554445, defaultValue=0)
    at /opt/kde4/include/QtCore/qhash.h:833
833         return const_iterator(*findNode(akey));
(gdb) bt
#0  KIO::UDSEntry::numberValue (this=0xe0, field=33554445, defaultValue=0)
    at /opt/kde4/include/QtCore/qhash.h:833
#1  0x00002aba17e4d4c0 in KIO::UDSEntry::isDir (this=0xe0)
    at /scratch/kdesvn/kdelibs/kio/kio/udsentry.cpp:86
#2  0x00002aaab08fe2a2 in KFileWidget (this=0x18c5f70,
    startDir=<value optimized out>, parent=<value optimized out>)
    at /scratch/kdesvn/kdelibs/kfile/kfilewidget.cpp:487
#3  0x00002aaab0598de4 in KFileModule::createFileWidget (
    this=<value optimized out>, startDir=@0x7fff93373380,
    parent=0x7fff93373310) at /scratch/kdesvn/kdelibs/kfile/kfilemodule.cpp:36
#4  0x00002aba17e850bc in KFileDialog (this=0x7fff93373310,
    startDir=@0x7fff93373380, filter=@0x7fff933736f0,
    parent=<value optimized out>, customWidget=0x0)
    at /scratch/kdesvn/kdelibs/kio/kfile/kfiledialog.cpp:221
#5  0x00002aba17e8737b in KFileDialog::getSaveUrl (dir=@0x7fff93373520,
    filter=@0x7fff933736f0, parent=0x9726a0, caption=@0x7fff93373700)
    at /scratch/kdesvn/kdelibs/kio/kfile/kfiledialog.cpp:682
#6  0x00002aaaacbab543 in KHTMLPopupGUIClient::saveURL (parent=0x9726a0,
    caption=@0x7fff93373700, url=@0x7fff933737b0, metadata=@0x16f7bd8,
    filter=@0x7fff933736f0, cacheId=0, suggestedFilename=@0x7fff93373870)
    at /scratch/kdesvn/kdelibs/khtml/khtml_ext.cpp:922
#7  0x00002aaaacb90a77 in KHTMLRun::save (this=0x16d4650, url=@0x7fff933737b0,
    suggestedFilename=@0x7fff93373870)
    at /scratch/kdesvn/kdelibs/khtml/khtml_run.cpp:97
...


Segfault 2 of 2:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 47105967178000 (LWP 13831)]
QHash<unsigned int, KIO::UDSEntryPrivate::Field>::findNode (this=0x116,
    akey=@0x7ffff990cf44, ahp=0x0) at /opt/kde4/include/QtCore/qhash.h:862
862         if (d->numBuckets) {
(gdb) print d
$1 = 0
(gdb) bt
#0  QHash<unsigned int, KIO::UDSEntryPrivate::Field>::findNode (this=0x116,
    akey=@0x7ffff990cf44, ahp=0x0) at /opt/kde4/include/QtCore/qhash.h:862
#1  0x00002ad7b18b348b in KIO::UDSEntry::numberValue (this=0x1929a0a,
    field=33554445, defaultValue=0) at /opt/kde4/include/QtCore/qhash.h:833
#2  0x00002ad7b18b34c0 in KIO::UDSEntry::isDir (this=0x116)
    at /scratch/kdesvn/kdelibs/kio/kio/udsentry.cpp:86
#3  0x00002aaab05fe2a2 in KFileWidget (this=0x1541990,
    startDir=<value optimized out>, parent=<value optimized out>)
    at /scratch/kdesvn/kdelibs/kfile/kfilewidget.cpp:487
#4  0x00002aaab0298de4 in KFileModule::createFileWidget (
    this=<value optimized out>, startDir=@0x7ffff990d920,
    parent=0x7ffff990d8b0) at /scratch/kdesvn/kdelibs/kfile/kfilemodule.cpp:36
#5  0x00002ad7b18eb0bc in KFileDialog (this=0x7ffff990d8b0,
    startDir=@0x7ffff990d920, filter=@0x7ffff990dc90,
    parent=<value optimized out>, customWidget=0x0)
    at /scratch/kdesvn/kdelibs/kio/kfile/kfiledialog.cpp:221
#6  0x00002ad7b18ed37b in KFileDialog::getSaveUrl (dir=@0x7ffff990dac0,
    filter=@0x7ffff990dc90, parent=0x919090, caption=@0x7ffff990dca0)
    at /scratch/kdesvn/kdelibs/kio/kfile/kfiledialog.cpp:682
#7  0x00002aaaaaf6c543 in KHTMLPopupGUIClient::saveURL (parent=0x919090,
    caption=@0x7ffff990dca0, url=@0x7ffff990dd50, metadata=@0x1700c38,
    filter=@0x7ffff990dc90, cacheId=0, suggestedFilename=@0x7ffff990de10)
    at /scratch/kdesvn/kdelibs/khtml/khtml_ext.cpp:922
...
Comment 8 David Faure 2008-09-23 20:39:41 UTC 
Nasty NetAccess event loop re-entrancy issue, according to the logs Daniel sent me:

konqueror(17187)/kio (KIOJob) KIO::stat: stat KUrl("file:///home/scratch/kde4-konqueror-debug")
konqueror(17187) KIO::StatJob::StatJob: KIO::StatJob(0x16d3e30)
konqueror(17187) KIO::NetAccess::enter_loop: Entering event loop 2
konqueror(17187)/kio (KIOJob) KIO::stat: stat KUrl("file:///home/scratch/kde4-konqueror-debug")
konqueror(17187) KIO::StatJob::StatJob: KIO::StatJob(0x1184300) << CREATED HERE, at level 2
konqueror(17187) KIO::NetAccess::enter_loop: Entering event loop 3
konqueror(17187)/kio (KIOJob) KIO::stat: stat KUrl("file:///home/scratch/kde4-konqueror-debug")
konqueror(17187) KIO::StatJob::StatJob: KIO::StatJob(0x197e2f0)
konqueror(17187) KIO::NetAccess::enter_loop: Entering event loop 4
konqueror(17187)/kio (KIOJob) KIO::StatJobPrivate::slotStatEntry:
konqueror(17187) KIO::StatJob::slotFinished: KIO::StatJob(0x16d3e30)
konqueror(17187) KIO::StatJob::~StatJob: KIO::StatJob(0x16d3e30)
konqueror(17187)/kio (KIOJob) KIO::StatJobPrivate::slotStatEntry:
konqueror(17187) KIO::StatJob::slotFinished: KIO::StatJob(0x1184300)
konqueror(17187) KIO::StatJob::~StatJob: KIO::StatJob(0x1184300)  << DELETED HERE, at level 4
konqueror(17187)/kio (KIOJob) KIO::StatJobPrivate::slotStatEntry:
konqueror(17187) KIO::StatJob::slotFinished: KIO::StatJob(0x197e2f0)
konqueror(17187) KIO::NetAccess::enter_loop: Exiting event loop 4
konqueror(17187) KFileWidget::KFileWidget: statJob= 0x197e2f0
konqueror(17187) KIO::StatJob::~StatJob: KIO::StatJob(0x197e2f0)
konqueror(17187) KIO::NetAccess::enter_loop: Exiting event loop 3
konqueror(17187) KFileWidget::KFileWidget: statJob= 0x1184300     << USED HERE, when back to level 2

Obviously, the statJob is deleted when it's accessed. NetAccess::stat doesn't have this issue because it connects to slotResult and copies the result there [but then the 3 jobs would overwrite each other anyway...]. One could connect to the job's slotResult (and cast, and call statResult(), like NetAccess does), using a private member in KFileDialog as temp location for the statresult... Not really convenient.

Ah, I know. setAutoDelete(false) and delete the job after calling statResult on it. Much easier! Rafael, what do you think?
Comment 9 Rafael Fernández López 2008-09-23 23:34:09 UTC 
Yes, that should work for sure. However, I think that this is a pretty bad behavior for synchronousRun. I wonder if we should actually always make this the default. I mean, this can get us into very similar problems, because we are doing a synchronous operation, we will probably read some information from the result that was returned, and we don't know actually at which point this will be automagically deleted (obviously, when we reach another loop event, but this is not enough information).

So yes, I will patch this code, but we do synchronousRun at other places and we don't have this in consideration.

I really wonder if we should always take care of the job deletion, since I know we don't want to connect to finish signals etc (that is done internally), but instead, we may want to use the result that was retrieved.

What do you think ? (and yes, I know... is offtopic to this bug report somehow)
Comment 10 David Faure 2008-09-24 01:05:29 UTC 
Created attachment 27538 [details]
possible fix

After discussing the matter with Rafael, I realized that this could be fixed by disabling autodeletion until we want it to happen again. Please test this patch for kio/kio/netaccess.cpp
Comment 11 Rafael Fernández López 2008-09-24 01:13:42 UTC 
Correct me if I am wrong, but I think this patch is leaking the job. Since you disable the auto delete, the job finishes, (check KJob::emitResult), it won't call deleteLater(), and after that, when you set the auto deletion back, there will be no reason for the job to be deleted, I mean, nothing will make it "auto delete".
Comment 12 David Faure 2008-09-24 01:16:19 UTC 
Good catch!
It should be
if (wasAutoDelete)
    job->deleteLater();
instead.
Comment 13 Rafael Fernández López 2008-09-24 01:23:21 UTC 
Created attachment 27539 [details]
Possible fix 2

Can you please confirm guys if this patch fixes the crash ?
Comment 14 Daniel Richard G. 2008-09-24 16:55:45 UTC 
David, Rafael,

With this patch applied, I am no longer able to reproduce the segfault with the Google/LinuxGazette combined page. The file dialogs can be clicked away without any ill effect. Looks like a fix to me!
Comment 15 Rafael Fernández López 2008-09-24 19:40:36 UTC 
Fixed on trunk and backported to 4.1
Comment 16 Rafael Fernández López 2008-09-25 16:28:33 UTC 
*** Bug 171437 has been marked as a duplicate of this bug. ***