337606 – Segmentation fault when opening a file that contains an "alternative" combined fragment

Bug 337606 - Segmentation fault when opening a file that contains an "alternative" combined fragment

Summary: Segmentation fault when opening a file that contains an "alternative" combine...

Status:	RESOLVED FIXED

Alias:	None

Product:	umbrello
Classification:	Applications
Component:	general (show other bugs)
Version:	2.13.2
Platform:	Ubuntu Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Umbrello Development Group

URL:
Keywords:

Depends on:
Blocks:

Reported:	2014-07-19 14:27 UTC by Philipp Harms
Modified:	2014-08-08 17:06 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:	http://commits.kde.org/umbrello/01e684f18108a7a80671669b63ddc4b09e087e9f
Version Fixed In:	4.13.97

Attachments
Example project that crashes umbrello when opening. (8.22 KB, text/x-xmi) 2014-07-19 14:27 UTC, Philipp Harms	Details
proposed patch (930 bytes, patch) 2014-07-19 18:41 UTC, Philipp Harms	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Philipp Harms 2014-07-19 14:27:23 UTC

Created attachment 87816 [details]
Example project that crashes umbrello when opening.

Operating System: Linux 3.13.0-32-generic x86_64
Distribution: Ubuntu 14.04 LTS

Hey everyone,

I encountered the problem in one of my own files when I created an alternative combined fragment in one of the sequence diagrams, but I was able to reproduce it multiple times.
I attached a minimal .xmi-file that causes umbrello to crash immediately on my system when I try to open it.

All KDE packages I use are from Ubuntu's standard repositories.

Please let me know if you need additional information.

Best wishes,
Philipp Harms

Backtrace:
#0  QGraphicsView::scene (this=0x0) at graphicsview/qgraphicsview.cpp:1592
#1  0x00000000006cf7f5 in UMLView::umlScene (this=<optimized out>) at ../../umbrello/umlview.cpp:60
#2  0x00000000005da386 in Uml::CmdBaseWidgetCommand::scene (this=this@entry=0x1353c70) at ../../umbrello/cmds/widget/cmd_baseWidgetCommand.cpp:49
#3  0x00000000005da47a in Uml::CmdBaseWidgetCommand::addWidgetToScene (this=this@entry=0x1353c70, umlWidget=umlWidget@entry=0x138b800) at ../../umbrello/cmds/widget/cmd_baseWidgetCommand.cpp:73
#4  0x00000000005dbf42 in Uml::CmdCreateWidget::CmdCreateWidget (this=0x1353c70, widget=0x138b800) at ../../umbrello/cmds/widget/cmd_createWidget.cpp:31
#5  0x00000000006bdcb1 in UMLScene::setupNewWidget (this=0x139e5b0, w=0x138b800) at ../../umbrello/umlscene.cpp:542
#6  0x00000000005fb750 in CombinedFragmentWidget::loadFromXMI (this=0x137c320, qElement=...) at ../../umbrello/widgets/combinedfragmentwidget.cpp:346
#7  0x00000000006c8b11 in UMLScene::loadWidgetFromXMI (this=this@entry=0x139e5b0, widgetElement=...) at ../../umbrello/umlscene.cpp:3764
#8  0x00000000006c8bfd in UMLScene::loadWidgetsFromXMI (this=this@entry=0x139e5b0, qElement=...) at ../../umbrello/umlscene.cpp:3731
#9  0x00000000006cc8d8 in UMLScene::loadFromXMI (this=0x139e5b0, qElement=...) at ../../umbrello/umlscene.cpp:3701
#10 0x000000000064e278 in UMLFolder::loadDiagramsFromXMI (this=this@entry=0xd44580, diagrams=...) at ../../umbrello/folder.cpp:383
#11 0x000000000064fc72 in UMLFolder::load (this=0xd44580, element=...) at ../../umbrello/folder.cpp:475
#12 0x00000000006b799f in UMLObject::loadFromXMI (this=0xd44580, element=...) at ../../umbrello/umlobject.cpp:1074
#13 0x000000000069be32 in UMLDoc::loadUMLObjectsFromXMI (this=this@entry=0xcb8090, element=...) at ../../umbrello/umldoc.cpp:2200
#14 0x000000000069bc67 in UMLDoc::loadUMLObjectsFromXMI (this=this@entry=0xcb8090, element=...) at ../../umbrello/umldoc.cpp:2219
#15 0x000000000069fe9a in UMLDoc::loadFromXMI (this=0xcb8090, file=..., encode=<optimized out>) at ../../umbrello/umldoc.cpp:2002
#16 0x00000000006a0fff in UMLDoc::openDocument (this=0xcb8090, url=..., format=format@entry=0x0) at ../../umbrello/umldoc.cpp:549
#17 0x0000000000684c19 in UMLApp::openDocumentFile (this=0xc7eed0, url=...) at ../../umbrello/uml.cpp:891
#18 0x00000000006670b1 in initDocument (args=args@entry=0x9eb3a0) at ../../umbrello/main.cpp:137
#19 0x000000000043885b in main (argc=2, argv=<optimized out>) at ../../umbrello/main.cpp:114

Comment 1 Philipp Harms 2014-07-19 18:41:00 UTC

Created attachment 87821 [details]
proposed patch

Comment 2 Philipp Harms 2014-07-19 18:42:02 UTC

Hi again,

sorry for answering to my own post. I checked out the current code from git.

The problem seems to be calling the UMLScene::setupNewWidget(...) method to add the dashed line of the alternative to the viewer. It sets up a CmdCreateWidget object that is meant for being placed on the stack of undoable actions. The segfault finally occurs when this object looks in the global UMLDoc for the UMLView that is currently being constructed (which fails and returns an invalid pointer).

Can somebody confirm my interpretation, please?

I created a patch to add the dashed line just in the same way as all other widgets in UMLScene::loadWidgetsFromXMI(...) (umlscene.cpp line 3717).

Cheers,
Philipp Harms

Comment 3 Oliver Kellogg 2014-07-20 06:22:58 UTC

Git commit 01e684f18108a7a80671669b63ddc4b09e087e9f by Oliver Kellogg.
Committed on 20/07/2014 at 06:23.
Pushed by okellogg into branch 'master'.

(In reply to Philipp Harms from comment #2)
> [...]
> The problem seems to be calling the UMLScene::setupNewWidget(...) method
> to add the dashed line of the alternative to the viewer. It sets up a
> CmdCreateWidget object that is meant for being placed on the stack of
> undoable actions. The segfault finally occurs when this object looks in
> the global UMLDoc for the UMLView that is currently being constructed
> (which fails and returns an invalid pointer).
>
> Can somebody confirm my interpretation, please?

Yes, that's right.  At the time of loading the widget from XMI, the view
has not yet been added to the document (UMLDoc.) Therefore, the call to
CmdBaseWidgetCommand::scene() from CmdBaseWidgetCommand::addWidgetToScene()
fails at Q_ASSERT(umlView).
Thanks for your analysis and patch.

umbrello/widgets/combinedfragmentwidget.cpp
- In function loadFromXMI(), avoid calling m_scene->setupNewWidget() after
  fdlwidget->loadFromXMI(). Reason: In UMLScene::setupNewWidget(),
    UMLApp::app()->executeCommand(new CmdCreateWidget(w))
  leads to call of
    CmdBaseWidgetCommand::addWidgetToScene()
  and then
    CmdBaseWidgetCommand::scene()
  but this call fails during load at Q_ASSERT(umlView).

umbrello/umlscene.cpp
- In function setupNewWidget(), do not call
    UMLApp::app()->executeCommand(new CmdCreateWidget(w));
  when m_doc->loading() returns true.
  Instead, call m_WidgetList.append(w) directly.
  This should prevent crashes in similar situations as the one above.

M  +6    -1    umbrello/umlscene.cpp
M  +2    -1    umbrello/widgets/combinedfragmentwidget.cpp

http://commits.kde.org/umbrello/01e684f18108a7a80671669b63ddc4b09e087e9f