To reproduce, send a file to a user. A new "DCC status" tab will open with the related information. If you right click on the tab and click Close, konversation segfaults. The regular log only shows a description of the content of the tab and then Segmentation fault. The tab itself works fine, this happens regardless of other operations I do there (e.g. aborting a send). Reproducible: Always Steps to Reproduce: 1. Send a file to a user. 2. Close the "DCC status" tab. Actual Results: Segmentation fault. Expected Results: The tab closes and konversation keeps going.
Created attachment 97952 [details] Backtrace The above backtrace was captured when the bug occurred. The issue is that m_popupViewIndex is 2, but m_tabWidget->count() is 1. Therefore, ChatWindow* view = static_cast<ChatWindow*>(m_tabWidget->widget(index)); will return a nullptr. The nullptr is then dereferenced in if (view->isTopLevelView() && index > 0) leading to a segfault.
Created attachment 98777 [details] Quick patch to circumvent crashes
The discrepancy originates at one of the calls to removeTab (likely the one inside closeDccPanel) and m_popupViewIndex is never updated, so it becomes out of bounds. I attached a patch that works both as a quick fix for this crash and as a "safe default" in the general case: canMoveView{Left,Right} detect the invalid pointer and return "false", causing the view to shift to the first tab in the list rather than to the adjacent one. A minor annoyance compared to the crash. It is not the "proper" fix to this issue though, so I'll leave to the owners the decision on what to do with it.
Git commit 6130f4f0501f4e9db56619317f07e2f637160505 by Eike Hein. Committed on 09/05/2016 at 08:42. Pushed by hein into branch '1.6'. Don't crash when closing the DCC Status tab. M +8 -1 src/viewer/viewcontainer.cpp http://commits.kde.org/konversation/6130f4f0501f4e9db56619317f07e2f637160505