Bug 356855 - Crash in scriptengine (MetaTypeExporter)
Summary: Crash in scriptengine (MetaTypeExporter)
Status: RESOLVED WORKSFORME
Alias: None
Product: amarok
Classification: Applications
Component: Tools/Script Manager (show other bugs)
Version: kf5
Platform: Gentoo Packages Linux
: NOR crash
Target Milestone: 2.9
Assignee: Amarok Developers
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-12-18 00:02 UTC by Gustaw Smolarczyk
Modified: 2022-12-18 05:15 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Gustaw Smolarczyk 2015-12-18 00:02:08 UTC 
Hello,

In amarok 2.8 beta, I have found a problem with the MetaTrackPrototype class after investigating a SIGSEGV due to one of the custom amarok scripts I use (to be more precise it's amarokontrol). Since my understanding of amarok codebase as well as my time is limited, I wanted to just point out an obvious mistake without any patch that could fix it.

The mentioned class has a private QScriptEngine* m_engine field. However, it is never assigned. It is then read in imagePixmap() method and then the SIGSEGV occurs.

The problem doesn't occur in amarok 2.8, but if I understand correctly this class has been introduced after 2.8.

Reproducible: Always

Steps to Reproduce:
1. Install amarokontrol script (http://kde-apps.org/content/show.php?content=161189) along with an associated android client application
2. Configure the android application
3. Poke inside the android application, change the song a few times, etc.

Actual Results:  
Crash in AmarokScript::MetaTrackPrototype::imagePixmap().

Expected Results:  
No crash

More complete backtrace:
(gdb) bt
#0  QScriptEngine::create (this=0x40, type=type@entry=70, ptr=ptr@entry=0x7ffd4b680480) at /var/tmp/portage/dev-qt/qtscript-4.8.7/work/qt-everywhere-opensource-src-4.8.7/src/script/api/qscriptengine.cpp:3000
#1  0x00007fe67ef58166 in qScriptValueFromValue_helper (ptr=0x7ffd4b680480, type=70, engine=<optimized out>) at /usr/include/qt4/QtScript/qscriptengine.h:323
#2  qScriptValueFromValue<QImage> (t=..., engine=<optimized out>) at /usr/include/qt4/QtScript/qscriptengine.h:329
#3  QScriptEngine::toScriptValue<QImage> (value=..., this=<optimized out>) at /usr/include/qt4/QtScript/qscriptengine.h:215
#4  AmarokScript::MetaTrackPrototype::imagePixmap (this=this@entry=0x41e9aa0, size=1) at /var/tmp/portage/media-sound/amarok-2.8.90/work/amarok-2.8.90/src/scripting/scriptengine/exporters/MetaTypeExporter.cpp:267
#5  0x00007fe67ef583f6 in AmarokScript::MetaTrackPrototype::qt_static_metacall (_o=_o@entry=0x41e9aa0, _id=_id@entry=2, _a=_a@entry=0x7ffd4b680ba0, _c=QMetaObject::InvokeMetaMethod)
    at /var/tmp/portage/media-sound/amarok-2.8.90/work/amarok-2.8.90_build/src/MetaTypeExporter.moc:101
#6  0x00007fe67ef586e3 in AmarokScript::MetaTrackPrototype::qt_static_metacall (_a=0x7ffd4b680ba0, _id=2, _c=QMetaObject::InvokeMetaMethod, _o=0x41e9aa0)
    at /var/tmp/portage/media-sound/amarok-2.8.90/work/amarok-2.8.90_build/src/MetaTypeExporter.moc:144
#7  AmarokScript::MetaTrackPrototype::qt_metacall (this=0x41e9aa0, _c=QMetaObject::InvokeMetaMethod, _id=2, _a=0x7ffd4b680ba0) at /var/tmp/portage/media-sound/amarok-2.8.90/work/amarok-2.8.90_build/src/MetaTypeExporter.moc:145
#8  0x00007fe67b22a63d in QScript::callQtMethod (exec=0x7fe5dcd401f0, callType=QMetaMethod::Method, thisQObject=0x41e9aa0, scriptArgs=..., meta=0x7fe67f421940 <AmarokScript::MetaTrackPrototype::staticMetaObject>, initialIndex=6, 
    maybeOverloaded=true) at /var/tmp/portage/dev-qt/qtscript-4.8.7/work/qt-everywhere-opensource-src-4.8.7/src/script/bridge/qscriptqobject.cpp:960
#9  0x00007fe67b22b8d7 in QScript::QtFunction::execute (this=0x7ffd4b6804e0, this@entry=0x7fe5dc9bf000, exec=0x40, thisValue=..., thisValue@entry=..., scriptArgs=...)
    at /var/tmp/portage/dev-qt/qtscript-4.8.7/work/qt-everywhere-opensource-src-4.8.7/src/script/bridge/qscriptqobject.cpp:1015
#10 0x00007fe67b22baea in QScript::QtFunction::call (exec=0x7fe5dcd401f0, callee=0x7fe5dc9bf000, thisValue=..., args=...)
    at /var/tmp/portage/dev-qt/qtscript-4.8.7/work/qt-everywhere-opensource-src-4.8.7/src/script/bridge/qscriptqobject.cpp:1030
#11 0x00007fe67b12a648 in QTJSC::NativeFuncWrapper::operator() (this=this@entry=0x7ffd4b680db0, exec=0x7fe5dcd401f0, jsobj=jsobj@entry=0x7fe5dc9bf000, thisValue=..., argList=...)
    at /var/tmp/portage/dev-qt/qtscript-4.8.7/work/qt-everywhere-opensource-src-4.8.7/src/3rdparty/javascriptcore/JavaScriptCore/runtime/CallData.cpp:46
#12 0x00007fe67b105790 in QTJSC::cti_op_call_NotJSFunction (args=0x7ffd4b680e00) at /var/tmp/portage/dev-qt/qtscript-4.8.7/work/qt-everywhere-opensource-src-4.8.7/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITStubs.cpp:1780
#13 0x00007fe55803c516 in ?? ()
#14 0x000000f600000000 in ?? ()
#15 0x00007fe5dc9bf000 in ?? ()
#16 0x00007fe60000000f in ?? ()
#17 0xffff000000000001 in ?? ()
#18 0x00007fe500000003 in ?? ()
#19 0x00007ffd00000010 in ?? ()
#20 0x0000000000000010 in ?? ()
#21 0x00007fe67d438b1f in QAbstractItemView::update (this=<optimized out>, index=...) at /var/tmp/portage/dev-qt/qtgui-4.8.7/work/qt-everywhere-opensource-src-4.8.7/src/gui/itemviews/qabstractitemview.cpp:3167
#22 0x00007fe5dcd40000 in ?? ()
#23 0x00007fe5dd65d800 in ?? ()
#24 0x00007fe67b4c1dc8 in QTJSC::ExecutableAllocator::pageSize () from /usr/lib64/qt4/libQtScript.so.4
#25 0x00000000037e3298 in ?? ()
#26 0x00007fe5dcd40048 in ?? ()
#27 0x00007fe5dd632d10 in ?? ()
#28 0x00007fe67b0bc7a5 in QTJSC::JITCode::execute (exception=0x7fe5dd65ea88, globalData=0xffff000000000002, callFrame=0x1ff, registerFile=0x7fe5dd65d818, this=0x7fe5dc8e3b00)
    at /var/tmp/portage/dev-qt/qtscript-4.8.7/work/qt-everywhere-opensource-src-4.8.7/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITCode.h:79
#29 QTJSC::Interpreter::execute (this=0x7fe5dd65d800, functionExecutable=0x7fe5dc8e3af0, callFrame=0x7fe5dcd40178, callFrame@entry=0x37e3298, function=function@entry=0x7fe5dc962240, thisObj=<optimized out>, args=..., 
    scopeChain=0x7fe5dc8fb8d0, exception=0x7fe5dd65ea88) at /var/tmp/portage/dev-qt/qtscript-4.8.7/work/qt-everywhere-opensource-src-4.8.7/src/3rdparty/javascriptcore/JavaScriptCore/interpreter/Interpreter.cpp:716
#30 0x00007fe67b157e01 in QTJSC::JSFunction::call (this=0x7fe5dc962240, exec=exec@entry=0x37e3298, thisValue=..., args=...)
    at /var/tmp/portage/dev-qt/qtscript-4.8.7/work/qt-everywhere-opensource-src-4.8.7/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSFunction.cpp:122
#31 0x00007fe67b12a68f in QTJSC::call (exec=exec@entry=0x37e3298, functionObject=..., callType=<optimized out>, callData=..., thisValue=..., thisValue@entry=..., args=...)
    at /var/tmp/portage/dev-qt/qtscript-4.8.7/work/qt-everywhere-opensource-src-4.8.7/src/3rdparty/javascriptcore/JavaScriptCore/runtime/CallData.cpp:62
#32 0x00007fe67b22d56f in QScript::QObjectConnectionManager::execute (this=this@entry=0x42e8750, slotIndex=slotIndex@entry=0, argv=argv@entry=0x7ffd4b681170)
    at /var/tmp/portage/dev-qt/qtscript-4.8.7/work/qt-everywhere-opensource-src-4.8.7/src/script/bridge/qscriptqobject.cpp:2163
#33 0x00007fe67b2310c1 in QScript::QObjectConnectionManager::qt_metacall (this=0x42e8750, _c=QMetaObject::InvokeMetaMethod, _id=0, _a=0x7ffd4b681170)
    at /var/tmp/portage/dev-qt/qtscript-4.8.7/work/qt-everywhere-opensource-src-4.8.7/src/script/bridge/qscriptqobject.cpp:2066
#34 0x00007fe67ca36d30 in QMetaObject::activate (sender=sender@entry=0x42e7d60, m=m@entry=0x7fe67cd877c0 <QIODevice::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x0)
    at /var/tmp/portage/dev-qt/qtcore-4.8.7-r1/work/qt-everywhere-opensource-src-4.8.7/src/corelib/kernel/qobject.cpp:3597
#35 0x00007fe67ca80360 in QIODevice::readyRead (this=this@entry=0x42e7d60) at .moc/release-shared/moc_qiodevice.cpp:104
#36 0x00007fe678a8ffae in QAbstractSocketPrivate::canReadNotification (this=0x42e7d80) at /var/tmp/portage/dev-qt/qtcore-4.8.7-r1/work/qt-everywhere-opensource-src-4.8.7/src/network/socket/qabstractsocket.cpp:654
#37 0x00007fe678a9a7fd in QReadNotifier::event (this=<optimized out>, e=<optimized out>) at /var/tmp/portage/dev-qt/qtcore-4.8.7-r1/work/qt-everywhere-opensource-src-4.8.7/src/network/socket/qnativesocketengine.cpp:1151
#38 0x00007fe67cf51acc in QApplicationPrivate::notify_helper (this=this@entry=0x20cfbf0, receiver=receiver@entry=0x42e82a0, e=e@entry=0x7ffd4b681460)
    at /var/tmp/portage/dev-qt/qtgui-4.8.7/work/qt-everywhere-opensource-src-4.8.7/src/gui/kernel/qapplication.cpp:4565
#39 0x00007fe67cf58340 in QApplication::notify (this=0x7ffd4b6817a0, receiver=0x42e82a0, e=0x7ffd4b681460) at /var/tmp/portage/dev-qt/qtgui-4.8.7/work/qt-everywhere-opensource-src-4.8.7/src/gui/kernel/qapplication.cpp:4351
#40 0x00007fe67e147a1a in KApplication::notify(QObject*, QEvent*) () from /usr/lib64/libkdeui.so.5
#41 0x00007fe67ca2288d in QCoreApplication::notifyInternal (this=0x7ffd4b6817a0, receiver=0x42e82a0, event=event@entry=0x7ffd4b681460)
    at /var/tmp/portage/dev-qt/qtcore-4.8.7-r1/work/qt-everywhere-opensource-src-4.8.7/src/corelib/kernel/qcoreapplication.cpp:955
#42 0x00007fe67ca50c66 in QCoreApplication::sendEvent (event=0x7ffd4b681460, receiver=<optimized out>) at /var/tmp/portage/dev-qt/qtcore-4.8.7-r1/work/qt-everywhere-opensource-src-4.8.7/src/corelib/kernel/qcoreapplication.h:231
#43 socketNotifierSourceDispatch (source=0x20c57f0) at /var/tmp/portage/dev-qt/qtcore-4.8.7-r1/work/qt-everywhere-opensource-src-4.8.7/src/corelib/kernel/qeventdispatcher_glib.cpp:117
#44 0x00007fe6765cbc8d in g_main_context_dispatch () from /usr/lib64/libglib-2.0.so.0
#45 0x00007fe6765cbf38 in ?? () from /usr/lib64/libglib-2.0.so.0
#46 0x00007fe6765cbfdc in g_main_context_iteration () from /usr/lib64/libglib-2.0.so.0
#47 0x00007fe67ca5068e in QEventDispatcherGlib::processEvents (this=0x20c5480, flags=...) at /var/tmp/portage/dev-qt/qtcore-4.8.7-r1/work/qt-everywhere-opensource-src-4.8.7/src/corelib/kernel/qeventdispatcher_glib.cpp:452
#48 0x00007fe67cff3c06 in QGuiEventDispatcherGlib::processEvents (this=<optimized out>, flags=...) at /var/tmp/portage/dev-qt/qtgui-4.8.7/work/qt-everywhere-opensource-src-4.8.7/src/gui/kernel/qguieventdispatcher_glib.cpp:204
#49 0x00007fe67ca214e1 in QEventLoop::processEvents (this=this@entry=0x7ffd4b6816a0, flags=...) at /var/tmp/portage/dev-qt/qtcore-4.8.7-r1/work/qt-everywhere-opensource-src-4.8.7/src/corelib/kernel/qeventloop.cpp:149
#50 0x00007fe67ca217f5 in QEventLoop::exec (this=this@entry=0x7ffd4b6816a0, flags=...) at /var/tmp/portage/dev-qt/qtcore-4.8.7-r1/work/qt-everywhere-opensource-src-4.8.7/src/corelib/kernel/qeventloop.cpp:204
#51 0x00007fe67ca26ca9 in QCoreApplication::exec () at /var/tmp/portage/dev-qt/qtcore-4.8.7-r1/work/qt-everywhere-opensource-src-4.8.7/src/corelib/kernel/qcoreapplication.cpp:1227
---Type <return> to continue, or q <return> to quit---
#52 0x00007fe67cf500dc in QApplication::exec () at /var/tmp/portage/dev-qt/qtgui-4.8.7/work/qt-everywhere-opensource-src-4.8.7/src/gui/kernel/qapplication.cpp:3823
#53 0x0000000000407e72 in main (argc=<optimized out>, argv=0x7ffd4b681918) at /var/tmp/portage/media-sound/amarok-2.8.90/work/amarok-2.8.90/src/main.cpp:329
Comment 1 Anmol Ahuja 2015-12-24 13:40:00 UTC 
Hey, sorry about the delayed response, I've been busy with grad school. I'm back home for the holidays, I'll fix this in the next few days. Maybe the scripting interface could use some tests? I forgot why we decided against it.
Comment 2 Andrew Crouthamel 2018-11-01 13:55:40 UTC 
Dear Bug Submitter,

This bug has been stagnant for a long time. Could you help us out and re-test if the bug is valid in the latest version? I am setting the status to NEEDSINFO pending your response, please change the Status back to REPORTED when you respond.

Thank you for helping us make KDE software even better for everyone!
Comment 3 Andrew Crouthamel 2018-11-12 03:22:44 UTC 
Changing back to REPORTED per request of Myriam (Amarok dev).
Comment 4 Justin Zobel 2020-12-17 05:38:09 UTC 
Thank you for the crash report.

As it has been a while since this was reported, can you please test and confirm if this issue is still occurring or if this bug report can be marked as resolved.

I have set the bug status to "needsinfo" pending your response, please change back to "reported" or "resolved/worksforme" when you respond, thank you.
Comment 5 Gustaw Smolarczyk 2020-12-17 09:13:55 UTC 
Hi,

I am no longer using amarok for a few years already. The original setup with the amarokontrol script is also gone. However, looking at source code, the original problem still exists (MetaTrackPrototype::m_engine variable is not initialized and contains garbage [1][2]). The m_engine should be either initialized in MetaTrackPrototypeWrapper::trackCtor or MetaTrackPrototype::init (not sure, I am even less familiar with amarok codebase now than 5 years ago).

Feel free to close this issue if you want to, but I still think it is worth looking into.

[1] https://github.com/KDE/amarok/blob/master/src/scripting/scriptengine/exporters/MetaTypeExporter.h
[2] https://github.com/KDE/amarok/blob/master/src/scripting/scriptengine/exporters/MetaTypeExporter.cpp
Comment 6 Myriam Schweingruber 2020-12-17 15:25:12 UTC 
Thank you for the feedback. Moving to the newer branch
Comment 7 Justin Zobel 2022-11-18 03:40:52 UTC 
Thank you for reporting this issue in KDE software. As it has been a while since this issue was reported, can we please ask you to see if you can reproduce the issue with a recent software version?

If you can reproduce the issue, please change the status to "REPORTED" when replying. Thank you!
Comment 8 Gustaw Smolarczyk 2022-11-18 08:36:12 UTC 
Like 2 years ago, I am still not using amarok and are thus unable to reproduce this issue.

I could install it and check, but I forgot what I even did with it... From my messages, it seems I was using a script (amarokontrol), not sure if it still exists.

And again, the source code did not change so I doubt it is fixed. MetaTrackPrototype::m_engine is still never assigned and used in MetaTrackPrototype::imagePixmap().
Comment 9 Bug Janitor Service 2022-12-03 05:17:15 UTC 
Dear Bug Submitter,

This bug has been in NEEDSINFO status with no change for at least
15 days. Please provide the requested information as soon as
possible and set the bug status as REPORTED. Due to regular bug
tracker maintenance, if the bug is still in NEEDSINFO status with
no change in 30 days the bug will be closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

If you have already provided the requested information, please
mark the bug as REPORTED so that the KDE team knows that the bug is
ready to be confirmed.

Thank you for helping us make KDE software even better for everyone!
Comment 10 Bug Janitor Service 2022-12-18 05:15:22 UTC 
This bug has been in NEEDSINFO status with no change for at least
30 days. The bug is now closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

Thank you for helping us make KDE software even better for everyone!