336090 – KeepMailboxOpenTask::slotTaskDeleted migth access already deleted model

Bug 336090 - KeepMailboxOpenTask::slotTaskDeleted migth access already deleted model

Summary: KeepMailboxOpenTask::slotTaskDeleted migth access already deleted model

Status:	RESOLVED FIXED

Alias:	None

Product:	trojita
Classification:	Unmaintained
Component:	Core (show other bugs)
Version:	git
Platform:	unspecified Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	Trojita default assignee

URL:
Keywords:

Depends on:
Blocks:

Reported:	2014-06-11 18:06 UTC by Jan Kundrát
Modified:	2014-06-13 21:52 UTC (History)
CC List:	0 users

See Also:
Latest Commit:	http://commits.kde.org/trojita/edbaa8b5934882a542f7428e487f7c8e4b42f412
Version Fixed In:
Sentry Crash Report:

Attachments
Patch which adds the debugging output (3.20 KB, text/plain) 2014-06-11 18:06 UTC, Jan Kundrát	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Jan Kundrát 2014-06-11 18:06:54 UTC

Created attachment 87136 [details]
Patch which adds the debugging output

When I add a very simple and deliberate failure to the second mailbox sync in a test case, the following happens:

********* Start testing of ImapModelObtainSynchronizedMailboxTest *********
Config: Using QtTest library 5.2.1, Qt 5.2.1
PASS   : ImapModelObtainSynchronizedMailboxTest::initTestCase()
QDEBUG : ImapModelObtainSynchronizedMailboxTest::testQresyncNoClosed() CONNECTED Imap::Mailbox::Fake_OpenConnectionTask(0xd22fb20) to Imap::Mailbox::KeepMailboxOpenTask(0xd24eaa0) 
QDEBUG : ImapModelObtainSynchronizedMailboxTest::testQresyncNoClosed() CONNECTED Imap::Mailbox::GetAnyConnectionTask(0xd22c2e0) to Imap::Mailbox::KeepMailboxOpenTask(0xd24eaa0) 
QDEBUG : ImapModelObtainSynchronizedMailboxTest::testQresyncNoClosed() CONNECTED Imap::Mailbox::Fake_ListChildMailboxesTask(0xd22b960) to Imap::Mailbox::KeepMailboxOpenTask(0xd24eaa0) 
QDEBUG : ImapModelObtainSynchronizedMailboxTest::testQresyncNoClosed() CONNECTED Imap::Mailbox::ObtainSynchronizedMailboxTask(0xd24f580) to Imap::Mailbox::KeepMailboxOpenTask(0xd24eaa0) 
QDEBUG : ImapModelObtainSynchronizedMailboxTest::testQresyncNoClosed() ~ImapTask 0xd22fb20 
QDEBUG : ImapModelObtainSynchronizedMailboxTest::testQresyncNoClosed() void Imap::Mailbox::KeepMailboxOpenTask::slotTaskDeleted(QObject*) Imap::Mailbox::KeepMailboxOpenTask(0xd24eaa0) QObject(0xd22fb20) 
QDEBUG : ImapModelObtainSynchronizedMailboxTest::testQresyncNoClosed() ~ImapTask 0xd22c2e0 
QDEBUG : ImapModelObtainSynchronizedMailboxTest::testQresyncNoClosed() void Imap::Mailbox::KeepMailboxOpenTask::slotTaskDeleted(QObject*) Imap::Mailbox::KeepMailboxOpenTask(0xd24eaa0) QObject(0xd22c2e0) 
QDEBUG : ImapModelObtainSynchronizedMailboxTest::testQresyncNoClosed() ~ImapTask 0xd22b960 
QDEBUG : ImapModelObtainSynchronizedMailboxTest::testQresyncNoClosed() void Imap::Mailbox::KeepMailboxOpenTask::slotTaskDeleted(QObject*) Imap::Mailbox::KeepMailboxOpenTask(0xd24eaa0) QObject(0xd22b960) 
QDEBUG : ImapModelObtainSynchronizedMailboxTest::testQresyncNoClosed() ~ImapTask 0xd24f580 
QDEBUG : ImapModelObtainSynchronizedMailboxTest::testQresyncNoClosed() void Imap::Mailbox::KeepMailboxOpenTask::slotTaskDeleted(QObject*) Imap::Mailbox::KeepMailboxOpenTask(0xd24eaa0) QObject(0xd24f580) 
QDEBUG : ImapModelObtainSynchronizedMailboxTest::testQresyncNoClosed() void Imap::Mailbox::KeepMailboxOpenTask::slotTaskDeleted(QObject*) Imap::Mailbox::KeepMailboxOpenTask(0xd24eaa0) QObject(0xd24f580) 
QDEBUG : ImapModelObtainSynchronizedMailboxTest::testQresyncNoClosed() CONNECTED Imap::Mailbox::FetchMsgMetadataTask(0xd296660) to Imap::Mailbox::KeepMailboxOpenTask(0xd24eaa0) 
QDEBUG : ImapModelObtainSynchronizedMailboxTest::testQresyncNoClosed() ~ImapTask 0xd296660 
QDEBUG : ImapModelObtainSynchronizedMailboxTest::testQresyncNoClosed() void Imap::Mailbox::KeepMailboxOpenTask::slotTaskDeleted(QObject*) Imap::Mailbox::KeepMailboxOpenTask(0xd24eaa0) QObject(0xd296660) 
QDEBUG : ImapModelObtainSynchronizedMailboxTest::testQresyncNoClosed() void Imap::Mailbox::KeepMailboxOpenTask::slotTaskDeleted(QObject*) Imap::Mailbox::KeepMailboxOpenTask(0xd24eaa0) QObject(0xd296660) 
QDEBUG : ImapModelObtainSynchronizedMailboxTest::testQresyncNoClosed() CONNECTED Imap::Mailbox::KeepMailboxOpenTask(0xd24eaa0) to Imap::Mailbox::KeepMailboxOpenTask(0xd2c1040) 
QDEBUG : ImapModelObtainSynchronizedMailboxTest::testQresyncNoClosed() CONNECTED Imap::Mailbox::ObtainSynchronizedMailboxTask(0xd2c1b20) to Imap::Mailbox::KeepMailboxOpenTask(0xd2c1040) 
FAIL!  : ImapModelObtainSynchronizedMailboxTest::testQresyncNoClosed() Compared values are not the same
   Actual   (QString::fromUtf8(SOCK->writtenStuff())) : y2 SELECT b?

   Expected (QString::fromUtf8(t.mk("SELECT bX\r\n"))): y2 SELECT bX?

   Loc: [/home/jkt/work/prog/trojita/tests/Imap/test_Imap_Tasks_ObtainSynchronizedMailbox.cpp(2551)]
QDEBUG : ImapModelObtainSynchronizedMailboxTest::testQresyncNoClosed() ~ImapTask 0xd24eaa0 
QDEBUG : ImapModelObtainSynchronizedMailboxTest::testQresyncNoClosed() void Imap::Mailbox::KeepMailboxOpenTask::slotTaskDeleted(QObject*) Imap::Mailbox::KeepMailboxOpenTask(0xd2c1040) QObject(0xd24eaa0) 
==662152== Invalid read of size 8
==662152==    at 0x1DF418: Imap::Mailbox::KeepMailboxOpenTask::slotTaskDeleted(QObject*) (KeepMailboxOpenTask.cpp:1025)
==662152==    by 0x6C152DA: QMetaObject::activate(QObject*, int, int, void**) (in /opt/qt5.2/lib/libQt5Core.so.5.2.1)
==662152==    by 0x6C15E2E: QObject::destroyed(QObject*) (in /opt/qt5.2/lib/libQt5Core.so.5.2.1)
==662152==    by 0x6C1EB71: QObject::~QObject() (in /opt/qt5.2/lib/libQt5Core.so.5.2.1)
==662152==    by 0x1D9870: Imap::Mailbox::ImapTask::~ImapTask() (ImapTask.cpp:41)
==662152==    by 0x20116C: Imap::Mailbox::KeepMailboxOpenTask::~KeepMailboxOpenTask() (KeepMailboxOpenTask.h:110)
==662152==    by 0x6C1C2A0: QObjectPrivate::deleteChildren() (in /opt/qt5.2/lib/libQt5Core.so.5.2.1)
==662152==    by 0x6C1EA58: QObject::~QObject() (in /opt/qt5.2/lib/libQt5Core.so.5.2.1)
==662152==    by 0x1B451C: Imap::Mailbox::Model::~Model() (Model.cpp:146)
==662152==    by 0x282EA6: LibMailboxSync::cleanup() (LibMailboxSync.cpp:147)
==662152==    by 0x6BF35AC: QMetaMethod::invoke(QObject*, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) const (in /opt/qt5.2/lib/libQt5Core.so.5.2.1)
==662152==    by 0x53E9660: ??? (in /opt/qt5.2/lib/libQt5Test.so.5.2.1)
==662152==  Address 0xd22ca40 is 16 bytes inside a block of size 40 free'd
==662152==    at 0x4C2AE0C: operator delete(void*) (vg_replace_malloc.c:480)
==662152==    by 0x1B43C4: Imap::Mailbox::Model::~Model() (qmap.h:344)
==662152==    by 0x1B451C: Imap::Mailbox::Model::~Model() (Model.cpp:146)
==662152==    by 0x282EA6: LibMailboxSync::cleanup() (LibMailboxSync.cpp:147)
==662152==    by 0x6BF35AC: QMetaMethod::invoke(QObject*, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) const (in /opt/qt5.2/lib/libQt5Core.so.5.2.1)
==662152==    by 0x53E9660: ??? (in /opt/qt5.2/lib/libQt5Test.so.5.2.1)
==662152==    by 0x53EF1EC: ??? (in /opt/qt5.2/lib/libQt5Test.so.5.2.1)
==662152==    by 0x53EFB84: QTest::qExec(QObject*, int, char**) (in /opt/qt5.2/lib/libQt5Test.so.5.2.1)
==662152==    by 0x135E13: main (test_Imap_Tasks_ObtainSynchronizedMailbox.cpp:2590)

Comment 1 Jan Kundrát 2014-06-13 21:52:26 UTC

Git commit edbaa8b5934882a542f7428e487f7c8e4b42f412 by Jan Kundrát.
Committed on 11/06/2014 at 18:20.
Pushed by jkt into branch 'master'.

Prevent crash when Model gets deleted while a KeepMailboxOpenTask is still alive

The switch to a QPointer seems rather big, but let's hope that the overhead of
this is more than compensated for by a reduced potential of memory corruption.
REVIEW: 118671

M  +1    -1    src/Imap/Tasks/ImapTask.h
M  +6    -0    src/Imap/Tasks/KeepMailboxOpenTask.cpp
M  +12   -0    tests/Imap/test_Imap_Tasks_ObtainSynchronizedMailbox.cpp
M  +2    -0    tests/Imap/test_Imap_Tasks_ObtainSynchronizedMailbox.h

http://commits.kde.org/trojita/edbaa8b5934882a542f7428e487f7c8e4b42f412