Bug 293863 - Crash while dragging files over navigator
Summary: Crash while dragging files over navigator
Status: RESOLVED FIXED
Alias: None
Product: kfile
Classification: Applications
Component: kurlnavigator (show other bugs)
Version: 4.10.5
Platform: Ubuntu Linux
: NOR crash
Target Milestone: ---
Assignee: kdelibs bugs
URL:
Keywords: investigated
: 299759 306530 311386 313122 313438 316347 324379 326533 333667 336517 (view as bug list)
Depends on:
Blocks:
 
Reported: 2012-02-11 21:33 UTC by martydaido
Modified: 2014-07-16 13:53 UTC (History)
11 users (show)

See Also:
Latest Commit:
Version Fixed In: 4.13.3


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description martydaido 2012-02-11 21:33:22 UTC
Application: dolphin (1.7)
KDE Platform Version: 4.7.4 (4.7.4)
Qt Version: 4.7.4
Operating System: Linux 3.0.0-15-generic x86_64
Distribution: Ubuntu 11.10

-- Information about the crash:
- What I was doing when the application crashed:
Ho fatto un copia e incolla, poi si รจ chiusa inaspettatamente la finestra!

-- Backtrace:
Application: Dolphin (dolphin), signal: Segmentation fault
[Current thread is 1 (Thread 0x7feee8071780 (LWP 10252))]

Thread 3 (Thread 0x7feed56be700 (LWP 10253)):
#0  0x00007feee7945773 in __GI___poll (fds=<optimized out>, nfds=<optimized out>, timeout=<optimized out>) at ../sysdeps/unix/sysv/linux/poll.c:87
#1  0x00007feee0071f68 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007feee0072429 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007feee3d89f3e in QEventDispatcherGlib::processEvents (this=0x11a72a0, flags=<optimized out>) at kernel/qeventdispatcher_glib.cpp:424
#4  0x00007feee3d5dcf2 in QEventLoop::processEvents (this=<optimized out>, flags=...) at kernel/qeventloop.cpp:149
#5  0x00007feee3d5def7 in QEventLoop::exec (this=0x7feed56bddd0, flags=...) at kernel/qeventloop.cpp:201
#6  0x00007feee3c7527f in QThread::exec (this=<optimized out>) at thread/qthread.cpp:498
#7  0x00007feee3d40cbf in QInotifyFileSystemWatcherEngine::run (this=0x11af0c0) at io/qfilesystemwatcher_inotify.cpp:248
#8  0x00007feee3c77d05 in QThreadPrivate::start (arg=0x11af0c0) at thread/qthread_unix.cpp:331
#9  0x00007feee0543efc in start_thread (arg=0x7feed56be700) at pthread_create.c:304
#10 0x00007feee795189d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#11 0x0000000000000000 in ?? ()

Thread 2 (Thread 0x7feece32a700 (LWP 10257)):
#0  0x00007feee05471fd in __pthread_mutex_unlock_usercnt (mutex=<optimized out>, decr=<optimized out>) at pthread_mutex_unlock.c:52
#1  __pthread_mutex_unlock (mutex=0x13b1aa8) at pthread_mutex_unlock.c:290
#2  0x00007feee0070f3f in g_main_context_prepare () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007feee0071dfd in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#4  0x00007feee0072429 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#5  0x00007feee3d89f3e in QEventDispatcherGlib::processEvents (this=0x12c3850, flags=<optimized out>) at kernel/qeventdispatcher_glib.cpp:424
#6  0x00007feee3d5dcf2 in QEventLoop::processEvents (this=<optimized out>, flags=...) at kernel/qeventloop.cpp:149
#7  0x00007feee3d5def7 in QEventLoop::exec (this=0x7feece329dd0, flags=...) at kernel/qeventloop.cpp:201
#8  0x00007feee3c7527f in QThread::exec (this=<optimized out>) at thread/qthread.cpp:498
#9  0x00007feee3d40cbf in QInotifyFileSystemWatcherEngine::run (this=0x13ec600) at io/qfilesystemwatcher_inotify.cpp:248
#10 0x00007feee3c77d05 in QThreadPrivate::start (arg=0x13ec600) at thread/qthread_unix.cpp:331
#11 0x00007feee0543efc in start_thread (arg=0x7feece32a700) at pthread_create.c:304
#12 0x00007feee795189d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#13 0x0000000000000000 in ?? ()

Thread 1 (Thread 0x7feee8071780 (LWP 10252)):
[KCrash Handler]
#6  deref (this=0x70) at /usr/include/qt4/QtCore/qatomic_x86_64.h:133
#7  operator= (l=..., this=0x13763e0) at /usr/include/qt4/QtCore/qlist.h:429
#8  QList<QPair<QString, QString> >::clear (this=0x13763e0) at /usr/include/qt4/QtCore/qlist.h:754
#9  0x00007feee7646652 in KDEPrivate::KUrlNavigatorButton::openSubDirsMenu (this=0x1376380, job=<optimized out>) at ../../kfile/kurlnavigatorbutton.cpp:514
#10 0x00007feee7646c4c in KDEPrivate::KUrlNavigatorButton::qt_metacall (this=0x1376380, _c=QMetaObject::InvokeMetaMethod, _id=<optimized out>, _a=0x7fffddf49fa0) at ./kurlnavigatorbutton_p.moc:103
#11 0x00007feee3d71eba in QMetaObject::activate (sender=0x165da00, m=<optimized out>, local_signal_index=<optimized out>, argv=0x7fffddf49fa0) at kernel/qobject.cpp:3278
#12 0x00007feee41c4622 in KJob::result (this=<optimized out>, _t1=0x165da00) at ./kjob.moc:194
#13 0x00007feee41c4660 in KJob::emitResult (this=0x165da00) at ../../kdecore/jobs/kjob.cpp:312
#14 0x00007feee5990d94 in KIO::SimpleJob::slotFinished (this=0x165da00) at ../../kio/kio/job.cpp:494
#15 0x00007feee5995c95 in KIO::ListJob::slotFinished (this=0x165da00) at ../../kio/kio/job.cpp:2670
#16 0x00007feee599af59 in KIO::ListJob::qt_metacall (this=0x165da00, _c=QMetaObject::InvokeMetaMethod, _id=<optimized out>, _a=0x7fffddf4a260) at ./jobclasses.moc:821
#17 0x00007feee3d71eba in QMetaObject::activate (sender=0x129c430, m=<optimized out>, local_signal_index=<optimized out>, argv=0x0) at kernel/qobject.cpp:3278
#18 0x00007feee5a3f081 in KIO::SlaveInterface::dispatch (this=<optimized out>, _cmd=104, rawdata=...) at ../../kio/kio/slaveinterface.cpp:172
#19 0x00007feee5a3bf35 in KIO::SlaveInterface::dispatch (this=0x129c430) at ../../kio/kio/slaveinterface.cpp:88
#20 0x00007feee5a2f0fe in KIO::Slave::gotInput (this=0x129c430) at ../../kio/kio/slave.cpp:344
#21 0x00007feee5a2f85c in KIO::Slave::qt_metacall (this=0x129c430, _c=QMetaObject::InvokeMetaMethod, _id=<optimized out>, _a=0x7fffddf4a690) at ./slave.moc:82
#22 0x00007feee3d71eba in QMetaObject::activate (sender=0x1278710, m=<optimized out>, local_signal_index=<optimized out>, argv=0x0) at kernel/qobject.cpp:3278
#23 0x00007feee5961827 in dequeue (this=<optimized out>) at ../../kio/kio/connection.cpp:82
#24 KIO::ConnectionPrivate::dequeue (this=0x13e6250) at ../../kio/kio/connection.cpp:71
#25 0x00007feee59618cd in KIO::Connection::qt_metacall (this=0x1278710, _c=QMetaObject::InvokeMetaMethod, _id=<optimized out>, _a=0x1861260) at ./connection.moc:79
#26 0x00007feee3d75a5e in QObject::event (this=0x1278710, e=<optimized out>) at kernel/qobject.cpp:1217
#27 0x00007feee475f474 in notify_helper (e=0x13b2f40, receiver=0x1278710, this=0xfb2d60) at kernel/qapplication.cpp:4486
#28 QApplicationPrivate::notify_helper (this=0xfb2d60, receiver=0x1278710, e=0x13b2f40) at kernel/qapplication.cpp:4458
#29 0x00007feee47642e1 in QApplication::notify (this=0x7fffddf4ce40, receiver=0x1278710, e=0x13b2f40) at kernel/qapplication.cpp:4365
#30 0x00007feee5474466 in KApplication::notify (this=0x7fffddf4ce40, receiver=0x1278710, event=0x13b2f40) at ../../kdeui/kernel/kapplication.cpp:311
#31 0x00007feee3d5eafc in QCoreApplication::notifyInternal (this=0x7fffddf4ce40, receiver=0x1278710, event=0x13b2f40) at kernel/qcoreapplication.cpp:787
#32 0x00007feee3d6251f in sendEvent (event=0x13b2f40, receiver=0x1278710) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215
#33 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0xf94350) at kernel/qcoreapplication.cpp:1428
#34 0x00007feee3d89a73 in sendPostedEvents () at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:220
#35 postEventSourceDispatch (s=<optimized out>) at kernel/qeventdispatcher_glib.cpp:277
#36 0x00007feee0071a5d in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#37 0x00007feee0072258 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#38 0x00007feee0072429 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#39 0x00007feee3d89ed6 in QEventDispatcherGlib::processEvents (this=0xf95a00, flags=<optimized out>) at kernel/qeventdispatcher_glib.cpp:422
#40 0x00007feee480710e in QGuiEventDispatcherGlib::processEvents (this=<optimized out>, flags=<optimized out>) at kernel/qguieventdispatcher_glib.cpp:204
#41 0x00007feee3d5dcf2 in QEventLoop::processEvents (this=<optimized out>, flags=...) at kernel/qeventloop.cpp:149
#42 0x00007feee3d5def7 in QEventLoop::exec (this=0x1637f90, flags=...) at kernel/qeventloop.cpp:201
#43 0x00007feee47edc95 in QDragManager::drag (this=0x16ef300, o=<optimized out>) at kernel/qdnd_x11.cpp:1981
#44 0x00007feee4770f88 in QDrag::exec (this=0x136e5a0, supportedActions=..., defaultDropAction=Qt::IgnoreAction) at kernel/qdrag.cpp:284
#45 0x00007feee6cd7d7e in DragAndDropHelper::startDrag(QAbstractItemView*, QFlags<Qt::DropAction>, DolphinViewController*) () from /usr/lib/libdolphinprivate.so.4
#46 0x00007feee6cc62b0 in DolphinIconsView::startDrag(QFlags<Qt::DropAction>) () from /usr/lib/libdolphinprivate.so.4
#47 0x00007feee4c71aae in QAbstractItemView::mouseMoveEvent (this=0x1245840, event=<optimized out>) at itemviews/qabstractitemview.cpp:1709
#48 0x00007feee4c88291 in QListView::mouseMoveEvent (this=0x1245840, e=0x7fffddf4c1e0) at itemviews/qlistview.cpp:778
#49 0x00007feee544881e in KCategorizedView::mouseMoveEvent (this=0x1245840, event=0x7fffddf4c1e0) at ../../kdeui/itemviews/kcategorizedview.cpp:947
#50 0x00007feee47afd1e in QWidget::event (this=0x1245840, event=0x7fffddf4c1e0) at kernel/qwidget.cpp:8280
#51 0x00007feee4b585b6 in QFrame::event (this=0x1245840, e=0x7fffddf4c1e0) at widgets/qframe.cpp:557
#52 0x00007feee4c6925b in QAbstractItemView::viewportEvent (this=0x1245840, event=0x7fffddf4c1e0) at itemviews/qabstractitemview.cpp:1628
#53 0x00007feee3d5ec88 in QCoreApplicationPrivate::sendThroughObjectEventFilters (this=<optimized out>, receiver=0x1240e70, event=0x7fffddf4c1e0) at kernel/qcoreapplication.cpp:902
#54 0x00007feee475f43f in notify_helper (e=0x7fffddf4c1e0, receiver=0x1240e70, this=0xfb2d60) at kernel/qapplication.cpp:4482
#55 QApplicationPrivate::notify_helper (this=0xfb2d60, receiver=0x1240e70, e=0x7fffddf4c1e0) at kernel/qapplication.cpp:4458
#56 0x00007feee4764cbb in QApplication::notify (this=<optimized out>, receiver=0x1240e70, e=0x7fffddf4c1e0) at kernel/qapplication.cpp:4047
#57 0x00007feee5474466 in KApplication::notify (this=0x7fffddf4ce40, receiver=0x1240e70, event=0x7fffddf4c1e0) at ../../kdeui/kernel/kapplication.cpp:311
#58 0x00007feee3d5eafc in QCoreApplication::notifyInternal (this=0x7fffddf4ce40, receiver=0x1240e70, event=0x7fffddf4c1e0) at kernel/qcoreapplication.cpp:787
#59 0x00007feee4760442 in sendEvent (event=<optimized out>, receiver=<optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215
#60 QApplicationPrivate::sendMouseEvent (receiver=0x1240e70, event=0x7fffddf4c1e0, alienWidget=0x1240e70, nativeWidget=0x12931f0, buttonDown=0x1240e70, lastMouseReceiver=..., spontaneous=true) at kernel/qapplication.cpp:3146
#61 0x00007feee47df9d5 in QETWidget::translateMouseEvent (this=0x12931f0, event=<optimized out>) at kernel/qapplication_x11.cpp:4571
#62 0x00007feee47de94e in QApplication::x11ProcessEvent (this=0x7fffddf4ce40, event=0x7fffddf4ca00) at kernel/qapplication_x11.cpp:3693
#63 0x00007feee48074a2 in x11EventSourceDispatch (s=0xfb8d00, callback=0, user_data=0x0) at kernel/qguieventdispatcher_glib.cpp:146
#64 0x00007feee0071a5d in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#65 0x00007feee0072258 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#66 0x00007feee0072429 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#67 0x00007feee3d89ed6 in QEventDispatcherGlib::processEvents (this=0xf95a00, flags=<optimized out>) at kernel/qeventdispatcher_glib.cpp:422
#68 0x00007feee480710e in QGuiEventDispatcherGlib::processEvents (this=<optimized out>, flags=<optimized out>) at kernel/qguieventdispatcher_glib.cpp:204
#69 0x00007feee3d5dcf2 in QEventLoop::processEvents (this=<optimized out>, flags=...) at kernel/qeventloop.cpp:149
#70 0x00007feee3d5def7 in QEventLoop::exec (this=0x7fffddf4cdd0, flags=...) at kernel/qeventloop.cpp:201
#71 0x00007feee3d62789 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1064
#72 0x00007feee7c5a289 in kdemain () from /usr/lib/kde4/libkdeinit/libkdeinit4_dolphin.so
#73 0x00007feee789130d in __libc_start_main (main=0x400640, argc=6, ubp_av=0x7fffddf4d328, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffddf4d318) at libc-start.c:226
#74 0x0000000000400671 in _start ()

Reported using DrKonqi
Comment 1 Peter Penz 2012-02-12 07:48:21 UTC
(internal note: KUrlNavigator drag & drop issue)
Comment 2 Peter Penz 2012-05-10 18:54:59 UTC
*** Bug 299759 has been marked as a duplicate of this bug. ***
Comment 3 Frank Reininghaus 2012-11-23 16:00:17 UTC
From bug 306530:

What I was doing when the application crashed: pasting a folder to picture frame gadet.
Comment 4 Frank Reininghaus 2012-11-23 16:00:22 UTC
*** Bug 306530 has been marked as a duplicate of this bug. ***
Comment 5 Frank Reininghaus 2012-12-09 09:18:11 UTC
*** Bug 311386 has been marked as a duplicate of this bug. ***
Comment 6 Frank Reininghaus 2013-01-12 09:28:17 UTC
*** Bug 313122 has been marked as a duplicate of this bug. ***
Comment 7 Frank Reininghaus 2013-01-18 08:59:18 UTC
*** Bug 313438 has been marked as a duplicate of this bug. ***
Comment 8 Frank Reininghaus 2013-03-08 09:12:15 UTC
*** Bug 316347 has been marked as a duplicate of this bug. ***
Comment 9 Christoph Feck 2013-09-02 12:00:02 UTC
*** Bug 324379 has been marked as a duplicate of this bug. ***
Comment 10 Christoph Feck 2013-10-24 06:09:17 UTC
*** Bug 326533 has been marked as a duplicate of this bug. ***
Comment 11 Christoph Feck 2014-04-20 22:30:17 UTC
*** Bug 333667 has been marked as a duplicate of this bug. ***
Comment 12 Jekyll Wu 2014-06-20 22:25:19 UTC
*** Bug 336517 has been marked as a duplicate of this bug. ***
Comment 13 Frank Reininghaus 2014-06-21 08:04:02 UTC
I can reproduce the crash with this backtrace using the following steps:

1. Make sure that only one Dolphin window is open.

2. In a Konsole, type

sleep 5; qdbus `qdbus | grep dolphin` /dolphin/Dolphin_1/actions/file_quit trigger

3. Click the arrow next to a directory name in the location bar, such that the "sub directories menu" is opened.

4. Wait until the window is closed, and the crash dialog appears.

A similar crash happens when clicking the very first arrow in the location bar in step 3. It crashes in

KUrlNavigator::Private::openPathSelectorMenu()

then.

The root cause is the same in both cases: The object that opens the menu gets deleted in the menu's nested event loop, and any access to a local or member variable after that results in a crash.
Comment 14 Frank Reininghaus 2014-06-29 19:09:14 UTC
Git commit f1196e8e9a94993e4d748d283d869c4ad205ff02 by Frank Reininghaus.
Committed on 29/06/2014 at 19:04.
Pushed by freininghaus into branch 'KDE/4.13'.

Fix crashes in KUrlNavigator that are caused by nested event loops

KUrlNavigator opens menus with exec() in a few places, and accesses
member variables or pointers to children after that. This can cause
crashes if the object has been deleted inside the nested event loops.

This is fixed by using QPointers to detect if an object was deleted
already, and return immediately in that case.

I'll forward-port to KF5 in a few days.
REVIEW: 118858
FIXED-IN: 4.13.3

M  +20   -12   kfile/kurlnavigator.cpp
M  +9    -0    kfile/kurlnavigatorbutton.cpp

http://commits.kde.org/kdelibs/f1196e8e9a94993e4d748d283d869c4ad205ff02
Comment 15 Frank Reininghaus 2014-07-13 09:15:21 UTC
Git commit a16fffbdeac01527f7993747c369d5a688ac97f0 by Frank Reininghaus.
Committed on 13/07/2014 at 09:12.
Pushed by freininghaus into branch 'master'.

Fix crashes in KUrlNavigator that are caused by nested event loops

KUrlNavigator opens menus with exec() in a few places, and accesses
member variables or pointers to children after that. This can cause
crashes if the object has been deleted inside the nested event loops.
This is fixed by using QPointers to detect if an object was deleted
already, and return immediately in that case.

This is a forward-port of commit
f1196e8e9a94993e4d748d283d869c4ad205ff02 in kdelibs.

M  +20   -12   src/filewidgets/kurlnavigator.cpp
M  +9    -0    src/filewidgets/kurlnavigatorbutton.cpp

http://commits.kde.org/kio/a16fffbdeac01527f7993747c369d5a688ac97f0
Comment 16 Wolfgang Bauer 2014-07-16 13:21:36 UTC
Sorry to say, but this does not seem to be fixed in 4.13.3.
I can still reliably reproduce a crash by following the steps from comment#13.

I do not get a crash dialog/segmentation fault though, dolphin's window just disappears.
Comment 17 Frank Reininghaus 2014-07-16 13:28:25 UTC
(In reply to Wolfgang Bauer from comment #16)
> Sorry to say, but this does not seem to be fixed in 4.13.3.
> I can still reliably reproduce a crash by following the steps from
> comment#13.
> 
> I do not get a crash dialog/segmentation fault though

Then this is not a crash.

> dolphin's window just disappears.

In fact, it is the expected behavior. If you send a "trigger" signal to the "file_quit" action via D-Bus, then the application quits, as the name of the action suggests.

This is equivalent to pressing Ctrl+Q, but you cannot do that while a menu is open.

The reason for doing it via D-Bus with a delay from Konsole is that this is an elegant way to make the crash reproducible.
Comment 18 Wolfgang Bauer 2014-07-16 13:53:33 UTC
(In reply to Frank Reininghaus from comment #17)
> (In reply to Wolfgang Bauer from comment #16)
> > I do not get a crash dialog/segmentation fault though

> Then this is not a crash.
Yeah, right.
But if the application just quits unexpectedly, it's not much better than a crash either. ;)

> > dolphin's window just disappears.
> 
> In fact, it is the expected behavior. If you send a "trigger" signal to the
> "file_quit" action via D-Bus, then the application quits, as the name of the
> action suggests.

Ah, ok.
I have to admit I haven't really looked at the action's name or that command line, I just copy/pasted it to Konsole.

Sorry for the noise.