Bug 311246 - Dolphin crashes when pasting files
Summary: Dolphin crashes when pasting files
Status: RESOLVED FIXED
Alias: None
Product: dolphin
Classification: Applications
Component: general (show other bugs)
Version: 2.1.85
Platform: Fedora RPMs Linux
: NOR crash
Target Milestone: ---
Assignee: Dolphin Bug Assignee
URL:
Keywords: regression, reproducible
: 311254 311428 311774 311809 311908 (view as bug list)
Depends on:
Blocks:
 
Reported: 2012-12-06 10:06 UTC by Sandro Mani
Modified: 2012-12-18 22:15 UTC (History)
6 users (show)

See Also:
Latest Commit: http://commits.kde.org/kde-baseapps/6d0f9ada0198f6e73a8fca1e709676d0ac83a67b
Version Fixed In: 4.9.5

Attachments
Archive containing the folder and file which cause the crash when pasted (221.24 KB, application/x-gzip)
2012-12-06 10:07 UTC, Sandro Mani 		Details
Proposed fix (828 bytes, patch)
2012-12-06 14:32 UTC, Frank Reininghaus 		Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Sandro Mani 2012-12-06 10:06:34 UTC 
Application: dolphin (2.1.85)
KDE Platform Version: 4.9.90
Qt Version: 4.8.4
Operating System: Linux 3.7.0-0.rc8.git0.2.fc19.x86_64 x86_64
Distribution (Platform): Fedora RPMs

-- Information about the crash:
- What I was doing when the application crashed:

Copy the folder and the file in the attached archive (ctypesgencore, ctypesgen.py) and paste them in any other folder

The crash can be reproduced every time.

-- Backtrace:
Application: Dolphin (kdeinit4), signal: Segmentation fault
Using host libthread_db library "/lib64/libthread_db.so.1".
81	T_PSEUDO (SYSCALL_SYMBOL, SYSCALL_NAME, SYSCALL_NARGS)
[Current thread is 1 (Thread 0x7f7b30c87880 (LWP 24994))]

Thread 2 (Thread 0x7f7b0bf66700 (LWP 24996)):
#0  0x00007f7b2f2c06ed in read () at ../sysdeps/unix/syscall-template.S:81
#1  0x00007f7b2a04348f in read (__nbytes=16, __buf=0x7f7b0bf65ae0, __fd=<optimized out>) at /usr/include/bits/unistd.h:44
#2  g_wakeup_acknowledge (wakeup=0xf65ac0) at gwakeup.c:212
#3  0x00007f7b2a0068e4 in g_main_context_check (context=context@entry=0x7f7b040009a0, max_priority=2147483647, fds=fds@entry=0x7f7b04002bb0, n_fds=n_fds@entry=1) at gmain.c:3198
#4  0x00007f7b2a006cf5 in g_main_context_iterate (context=context@entry=0x7f7b040009a0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3356
#5  0x00007f7b2a006e84 in g_main_context_iteration (context=0x7f7b040009a0, may_block=1) at gmain.c:3420
#6  0x00007f7b2f673ed6 in QEventDispatcherGlib::processEvents (this=0x7f7b040008c0, flags=...) at kernel/qeventdispatcher_glib.cpp:426
#7  0x00007f7b2f6445bf in QEventLoop::processEvents (this=this@entry=0x7f7b0bf65cd0, flags=...) at kernel/qeventloop.cpp:149
#8  0x00007f7b2f644848 in QEventLoop::exec (this=0x7f7b0bf65cd0, flags=...) at kernel/qeventloop.cpp:204
#9  0x00007f7b2f546730 in QThread::exec (this=<optimized out>) at thread/qthread.cpp:542
#10 0x00007f7b2f624def in QInotifyFileSystemWatcherEngine::run (this=0x124c830) at io/qfilesystemwatcher_inotify.cpp:256
#11 0x00007f7b2f54970c in QThreadPrivate::start (arg=0x124c830) at thread/qthread_unix.cpp:338
#12 0x00007f7b2f2b9ef5 in start_thread (arg=0x7f7b0bf66700) at pthread_create.c:308
#13 0x00007f7b2d8cf18d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

Thread 1 (Thread 0x7f7b30c87880 (LWP 24994)):
[KCrash Handler]
#6  QUrl::QUrl (this=0x7fff5c6499c0, other=...) at io/qurl.cpp:4260
#7  0x00007f7b2fd46339 in KUrl::KUrl (this=0x7fff5c6499c0, _u=...) at /usr/src/debug/kdelibs-4.9.90/kdecore/io/kurl.cpp:490
#8  0x00007f7b119f5670 in KFileItemModel::index (this=0x1347310, url=...) at /usr/src/debug/kde-baseapps-4.9.90/dolphin/src/kitemviews/kfileitemmodel.cpp:355
#9  0x00007f7b11a40efc in DolphinView::updateViewState (this=0x1346b30) at /usr/src/debug/kde-baseapps-4.9.90/dolphin/src/views/dolphinview.cpp:1240
#10 0x00007f7b11a4346f in qt_static_metacall (_c=QMetaObject::InvokeMetaMethod, _a=<optimized out>, _id=<optimized out>, _o=<optimized out>) at /usr/src/debug/kde-baseapps-4.9.90/x86_64-redhat-linux-gnu/dolphin/src/dolphinview.moc:268
#11 DolphinView::qt_static_metacall (_o=<optimized out>, _c=<optimized out>, _id=<optimized out>, _a=<optimized out>) at /usr/src/debug/kde-baseapps-4.9.90/x86_64-redhat-linux-gnu/dolphin/src/dolphinview.moc:188
#12 0x00007f7b2f65a17e in QObject::event (this=0x1346b30, e=<optimized out>) at kernel/qobject.cpp:1194
#13 0x00007f7b2e8294aa in QWidget::event (this=0x1346b30, event=0x18c96b0) at kernel/qwidget.cpp:8845
#14 0x00007f7b2e7da3ec in QApplicationPrivate::notify_helper (this=this@entry=0x10624a0, receiver=receiver@entry=0x1346b30, e=e@entry=0x18c96b0) at kernel/qapplication.cpp:4562
#15 0x00007f7b2e7de86a in QApplication::notify (this=0x7fff5c64a6a0, receiver=0x1346b30, e=0x18c96b0) at kernel/qapplication.cpp:4423
#16 0x00007f7b30671ac6 in KApplication::notify (this=0x7fff5c64a6a0, receiver=0x1346b30, event=0x18c96b0) at /usr/src/debug/kdelibs-4.9.90/kdeui/kernel/kapplication.cpp:311
#17 0x00007f7b2f64586e in QCoreApplication::notifyInternal (this=0x7fff5c64a6a0, receiver=receiver@entry=0x1346b30, event=event@entry=0x18c96b0) at kernel/qcoreapplication.cpp:946
#18 0x00007f7b2f649321 in sendEvent (event=0x18c96b0, receiver=0x1346b30) at kernel/qcoreapplication.h:231
#19 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0xf681d0) at kernel/qcoreapplication.cpp:1570
#20 0x00007f7b2f673d23 in sendPostedEvents () at kernel/qcoreapplication.h:236
#21 postEventSourceDispatch (s=s@entry=0x1062970) at kernel/qeventdispatcher_glib.cpp:279
#22 0x00007f7b2a006a85 in g_main_dispatch (context=0x1062880) at gmain.c:2784
#23 g_main_context_dispatch (context=context@entry=0x1062880) at gmain.c:3288
#24 0x00007f7b2a006dc8 in g_main_context_iterate (context=context@entry=0x1062880, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3359
#25 0x00007f7b2a006e84 in g_main_context_iteration (context=0x1062880, may_block=1) at gmain.c:3420
#26 0x00007f7b2f673eb6 in QEventDispatcherGlib::processEvents (this=0xf6a4c0, flags=...) at kernel/qeventdispatcher_glib.cpp:424
#27 0x00007f7b2e87a55e in QGuiEventDispatcherGlib::processEvents (this=<optimized out>, flags=...) at kernel/qguieventdispatcher_glib.cpp:207
#28 0x00007f7b2f6445bf in QEventLoop::processEvents (this=this@entry=0x7fff5c64a560, flags=...) at kernel/qeventloop.cpp:149
#29 0x00007f7b2f644848 in QEventLoop::exec (this=0x7fff5c64a560, flags=...) at kernel/qeventloop.cpp:204
#30 0x00007f7b2f649638 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1218
#31 0x00007f7b121b7337 in kdemain (argc=5, argv=0xfdc530) at /usr/src/debug/kde-baseapps-4.9.90/dolphin/src/main.cpp:89
#32 0x000000000040822a in launch (argc=argc@entry=5, _name=_name@entry=0x101a4a8 "/usr/bin/dolphin", args=0x101a4e5 "\001", args@entry=0x101a4b9 "--icon", cwd=cwd@entry=0x0, envc=envc@entry=1, envs=<optimized out>, envs@entry=0x101a4ed "DISPLAY=:0", reset_env=false, tty=tty@entry=0x0, avoid_loops=false, startup_id_str=startup_id_str@entry=0x101a500 "PC4;1354784035;405526;1222_TIME2974215") at /usr/src/debug/kdelibs-4.9.90/kinit/kinit.cpp:726
#33 0x00000000004090bb in handle_launcher_request (sock=8, who=<optimized out>) at /usr/src/debug/kdelibs-4.9.90/kinit/kinit.cpp:1218
#34 0x0000000000409700 in handle_requests (waitForPid=waitForPid@entry=0) at /usr/src/debug/kdelibs-4.9.90/kinit/kinit.cpp:1411
#35 0x0000000000405307 in main (argc=4, argv=<optimized out>, envp=0x7fff5c64b490) at /usr/src/debug/kdelibs-4.9.90/kinit/kinit.cpp:1899

Reported using DrKonqi
Comment 1 Sandro Mani 2012-12-06 10:07:48 UTC 
Created attachment 75652 [details]
Archive containing the folder and file which cause the crash when pasted
Comment 2 Frank Reininghaus 2012-12-06 14:12:15 UTC 
*** Bug 311254 has been marked as a duplicate of this bug. ***
Comment 3 Frank Reininghaus 2012-12-06 14:25:03 UTC 
Thanks for the bug report! The line where it crashes in DolphinView::updateViewState() is 'const int index = m_model->index(*it)' in the block

        for (QList<KUrl>::iterator it = m_selectedUrls.begin(); it != m_selectedUrls.end(); ++it) {
            const int index = m_model->index(*it);
            if (index >= 0) {
                selectedItems.insert(index);
                m_selectedUrls.erase(it);
            }
        }

That looks indeed fishy - we erase an iterator from the list and then increment it. If the iterator pointed to the last list element before that, it now points out of the list :-(
Comment 4 Frank Reininghaus 2012-12-06 14:32:45 UTC 
Created attachment 75658 [details]
Proposed fix

This fixes it for me. Selecting pasted and dropped items still works fine. It would be nice if you could test it and confirm that it works and fixes the crash or report any problems caused by this patch.

What I really do not understand is why I never saw this crash before. I did test pasting and drag&drop a lot, actually. Maybe I was always lucky and the data that the invalid iterator pointed to still contained what was once a valid KUrl, so it always worked by chance.
Comment 5 Sandro Mani 2012-12-06 14:55:58 UTC 
Works great - Many thanks!
Comment 6 Frank Reininghaus 2012-12-06 18:59:29 UTC 
Git commit 6d0f9ada0198f6e73a8fca1e709676d0ac83a67b by Frank Reininghaus.
Committed on 06/12/2012 at 19:43.
Pushed by freininghaus into branch 'KDE/4.9'.

Fix incorrect usage of list iterators

The problem was that we erased an iterator from the list and then
incremented it. This can lead to problems (namely, random crashes) if
the iterator pointed to the last list element.

Thanks to Sandro Mani for testing the patch!
FIXED-IN: 4.9.5

M  +5    -2    dolphin/src/views/dolphinview.cpp

http://commits.kde.org/kde-baseapps/6d0f9ada0198f6e73a8fca1e709676d0ac83a67b
Comment 7 Hrvoje Senjan 2012-12-08 17:53:26 UTC 
Frank, is 4.9 merged to master? I'm still getting this with trunk.
Comment 8 Frank Reininghaus 2012-12-08 18:07:19 UTC 
(In reply to comment #7)
> Frank, is 4.9 merged to master? I'm still getting this with trunk.

I cannot reproduce in current master. I've merged the 4.9 branch last night:

https://projects.kde.org/projects/kde/kde-baseapps/repository/revisions/608dd2329cc567e6e4499aaef4ecf53e2ad15ea1

Which revision do you use? If it's the one I linked to above or a later one, I'd like to see the backtrace (unless it's the same as in comment 0, but I think that this is unlikely).
Comment 9 Hrvoje Senjan 2012-12-08 18:14:44 UTC 
OK, i have it from yesterday afternoon, will rebuild, and if it's still here gonna let you know :-)
Comment 10 Jekyll Wu 2012-12-09 20:47:46 UTC 
*** Bug 311428 has been marked as a duplicate of this bug. ***
Comment 11 Frank Reininghaus 2012-12-17 12:36:21 UTC 
*** Bug 311774 has been marked as a duplicate of this bug. ***
Comment 12 Frank Reininghaus 2012-12-17 12:36:48 UTC 
*** Bug 311809 has been marked as a duplicate of this bug. ***
Comment 13 Frank Reininghaus 2012-12-18 22:15:00 UTC 
*** Bug 311908 has been marked as a duplicate of this bug. ***