Bug 362895 - Crash on clicking item in ER diagram
Summary: Crash on clicking item in ER diagram
Status: RESOLVED FIXED
Alias: None
Product: umbrello
Classification: Applications
Component: general (show other bugs)
Version: unspecified
Platform: Fedora RPMs Linux
: NOR crash
Target Milestone: ---
Assignee: Lays Rodrigues
URL:
Keywords: drkonqi
Depends on:
Blocks:
 
Reported: 2016-05-10 14:59 UTC by Mark Stanton
Modified: 2016-05-23 19:47 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In: 2.19.2 (KDE Applications 16.04.2)


Attachments
Print of test case (73.83 KB, image/png)
2016-05-12 19:01 UTC, Lays Rodrigues
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Stanton 2016-05-10 14:59:50 UTC
Application: umbrello (2.16.0)
KDE Platform Version: 4.14.17
Qt Version: 4.8.7
Operating System: Linux 4.4.8-200.fc22.x86_64 x86_64
Distribution: "Fedora release 22 (Twenty Two)"

-- Information about the crash:
Clicking on a category in the ER diagram caused Umbrello to crash.

Prior to this I had been editing a class diagram and had tried to paste the whole class diagram into the ER view (seems to me that all these views are entirely separate, which seems of much less value than if they were not separate, which is surely the whole idea, isn't it?)

-- Backtrace:
Application: Umbrello UML Modeller (umbrello), signal: Segmentation fault
Using host libthread_db library "/lib64/libthread_db.so.1".
81	T_PSEUDO (SYSCALL_SYMBOL, SYSCALL_NAME, SYSCALL_NARGS)
[KCrash Handler]
#6  0x000000316de8c2e0 in __cxxabiv1::__dynamic_cast(void const*, __cxxabiv1::__class_type_info const*, __cxxabiv1::__class_type_info const*, ptrdiff_t) (src_ptr=0x3609c30, src_type=0x7bf530 <typeinfo for UMLWidget>, dst_type=0x7bbbe8 <typeinfo for ObjectWidget>, src2dst=0) at ../../../../libstdc++-v3/libsupc++/dyncast.cc:72
#7  0x000000000074e925 in UMLScene::onWidgetDestructionBox(QPointF const&) const (this=<optimized out>, point=...) at ../../umbrello/umlscene.cpp:978
#8  0x00000000006f4804 in ToolBarState::setCurrentElement() (this=0x34b0df0) at ../../umbrello/toolbarstate.cpp:296
#9  0x00000000006f3d21 in ToolBarState::mousePress(QGraphicsSceneMouseEvent*) (this=0x34b0df0, ome=<optimized out>) at ../../umbrello/toolbarstate.cpp:90
#10 0x000000000074e098 in UMLScene::mousePressEvent(QGraphicsSceneMouseEvent*) (this=0x34b05e0, event=0x7ffcd4368300) at ../../umbrello/umlscene.cpp:886
#11 0x00000030e5033f9f in QGraphicsScene::event(QEvent*) (this=0x34b05e0, event=0x7ffcd4368300) at graphicsview/qgraphicsscene.cpp:3455
#12 0x00000030e4a0293c in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=0x2b8ea50, receiver=0x34b05e0, e=0x7ffcd4368300) at kernel/qapplication.cpp:4565
#13 0x00000030e4a09796 in QApplication::notify(QObject*, QEvent*) (this=this@entry=0x7ffcd43691a0, receiver=receiver@entry=0x34b05e0, e=e@entry=0x7ffcd4368300) at kernel/qapplication.cpp:4351
#14 0x00000030e645559a in KApplication::notify(QObject*, QEvent*) (this=0x7ffcd43691a0, receiver=0x34b05e0, event=0x7ffcd4368300) at ../../kdeui/kernel/kapplication.cpp:311
#15 0x000000316e39b8bd in QCoreApplication::notifyInternal(QObject*, QEvent*) (this=0x7ffcd43691a0, receiver=0x34b05e0, event=event@entry=0x7ffcd4368300) at kernel/qcoreapplication.cpp:955
#16 0x00000030e4a012e6 in qt_sendSpontaneousEvent(QObject*, QEvent*) (event=event@entry=0x7ffcd4368300, receiver=<optimized out>) at ../../src/corelib/kernel/qcoreapplication.h:234
#17 0x00000030e4a012e6 in qt_sendSpontaneousEvent(QObject*, QEvent*) (receiver=<optimized out>, event=event@entry=0x7ffcd4368300) at kernel/qapplication.cpp:5563
#18 0x00000030e504bc3f in QGraphicsView::mousePressEvent(QMouseEvent*) (this=this@entry=0x3499a90, event=event@entry=0x7ffcd4368980) at graphicsview/qgraphicsview.cpp:3164
#19 0x0000000000756237 in UMLView::mousePressEvent(QMouseEvent*) (this=0x3499a90, event=0x7ffcd4368980) at ../../umbrello/umlview.cpp:237
#20 0x00000030e4a59cf0 in QWidget::event(QEvent*) (this=this@entry=0x3499a90, event=event@entry=0x7ffcd4368980) at kernel/qwidget.cpp:8385
#21 0x00000030e4e1e11e in QFrame::event(QEvent*) (this=0x3499a90, e=0x7ffcd4368980) at widgets/qframe.cpp:557
#22 0x00000030e504ca8f in QGraphicsView::viewportEvent(QEvent*) (this=0x3499a90, event=0x7ffcd4368980) at graphicsview/qgraphicsview.cpp:2866
#23 0x000000316e39ba26 in QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) (this=this@entry=0x2b8ea50, receiver=receiver@entry=0x34afea0, event=event@entry=0x7ffcd4368980) at kernel/qcoreapplication.cpp:1065
#24 0x00000030e4a0291c in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=0x2b8ea50, receiver=0x34afea0, e=0x7ffcd4368980) at kernel/qapplication.cpp:4561
#25 0x00000030e4a09956 in QApplication::notify(QObject*, QEvent*) (this=this@entry=0x7ffcd43691a0, receiver=receiver@entry=0x34afea0, e=e@entry=0x7ffcd4368980) at kernel/qapplication.cpp:4108
#26 0x00000030e645559a in KApplication::notify(QObject*, QEvent*) (this=0x7ffcd43691a0, receiver=0x34afea0, event=0x7ffcd4368980) at ../../kdeui/kernel/kapplication.cpp:311
#27 0x000000316e39b8bd in QCoreApplication::notifyInternal(QObject*, QEvent*) (this=0x7ffcd43691a0, receiver=0x34afea0, event=0x7ffcd4368980) at kernel/qcoreapplication.cpp:955
#28 0x00000030e4a08f5d in QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool) (receiver=0x34afea0, event=0x7ffcd4368980, alienWidget=0x34afea0, nativeWidget=0x3499a90, buttonDown=<optimized out>, lastMouseReceiver=..., spontaneous=true) at ../../src/corelib/kernel/qcoreapplication.h:231
#29 0x00000030e4a83852 in QETWidget::translateMouseEvent(_XEvent const*) (this=0x3499a90, event=<optimized out>) at kernel/qapplication_x11.cpp:4546
#30 0x00000030e4a8221d in QApplication::x11ProcessEvent(_XEvent*) (this=0x7ffcd43691a0, event=event@entry=0x7ffcd4368ce0) at kernel/qapplication_x11.cpp:3663
#31 0x00000030e4aab299 in x11EventSourceDispatch(GSource*, GSourceFunc, gpointer) (s=0x2b9cf20, callback=0x0, user_data=0x0) at kernel/qguieventdispatcher_glib.cpp:148
#32 0x0000003e71649a8a in g_main_context_dispatch () at /lib64/libglib-2.0.so.0
#33 0x0000003e71649e20 in g_main_context_iterate.isra () at /lib64/libglib-2.0.so.0
#34 0x0000003e71649ecc in g_main_context_iteration () at /lib64/libglib-2.0.so.0
#35 0x000000316e3cbe5e in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x2b50720, flags=...) at kernel/qeventdispatcher_glib.cpp:450
#36 0x00000030e4aab436 in QGuiEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=<optimized out>, flags=...) at kernel/qguieventdispatcher_glib.cpp:207
#37 0x000000316e39a131 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7ffcd43690c0, flags=...) at kernel/qeventloop.cpp:149
#38 0x000000316e39a4a5 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7ffcd43690c0, flags=...) at kernel/qeventloop.cpp:204
#39 0x000000316e3a0039 in QCoreApplication::exec() () at kernel/qcoreapplication.cpp:1227
#40 0x00000030e4a010cc in QApplication::exec() () at kernel/qapplication.cpp:3823
#41 0x000000000043dfdd in main(int, char**) (argc=<optimized out>, argv=<optimized out>) at ../../umbrello/main.cpp:123

Reported using DrKonqi
Comment 1 Ralf Habacker 2016-05-11 19:49:05 UTC
@Lays: Please check if this could be reproduced with a build from Applications/16.04.
Comment 2 Lays Rodrigues 2016-05-12 19:01:33 UTC
Created attachment 98936 [details]
Print of test case

Build a version of stable branch against Qt5.6
If I did right, following the example of use of category in Umbrello Doc. Didn't had any crash.
Comment 3 Ralf Habacker 2016-05-15 22:12:18 UTC
(In reply to Mark Stanton from comment #0)
> Application: umbrello (2.16.0)
> KDE Platform Version: 4.14.17
> Qt Version: 4.8.7
> Operating System: Linux 4.4.8-200.fc22.x86_64 x86_64
> Distribution: "Fedora release 22 (Twenty Two)"
> 
> -- Information about the crash:
> Clicking on a category in the ER diagram caused Umbrello to crash.
It looks hard to reproduce this issue without detailed information of the performed steps from umbrello startup on.

Without any further information only the stacktrace can be used to be able to create a fix:
> #6  0x000000316de8c2e0 in __cxxabiv1::__dynamic_cast(void const*,
> __cxxabiv1::__class_type_info const*, __cxxabiv1::__class_type_info const*,
> ptrdiff_t) (src_ptr=0x3609c30, src_type=0x7bf530 <typeinfo for UMLWidget>,
> dst_type=0x7bbbe8 <typeinfo for ObjectWidget>, src2dst=0) at
> ../../../../libstdc++-v3/libsupc++/dyncast.cc:72
> #7  0x000000000074e925 in UMLScene::onWidgetDestructionBox(QPointF const&)
looking at the related source:
ObjectWidget * UMLScene::onWidgetDestructionBox(const QPointF &point) const
{
    foreach(UMLWidget* obj,  m_WidgetList) {
        ObjectWidget *ow = dynamic_cast<ObjectWidget*>(obj);

According to http://stackoverflow.com/questions/14243854/c-dynamic-cast-causes-a-segfault-even-when-the-object-that-is-casted-is-not-n it looks that m_WidgetList contains an already free'd (dangled) pointer, which fails on the dynamic_cast. 
There are two solutions for this issue: 
1. Find the reason why there is a free'd pointer. This requires detailed informations how to reproduce the crash.
2. Guard m_WidgetList to not hold dangled pointers by using QPointer.
Comment 4 Lays Rodrigues 2016-05-19 19:26:56 UTC
Ralf,
After looking through and read the QPointer Documentation. I think that the change that I need to to is that:
umlwidgetlist.h
typedef QList<QPointer<UMLWidget>> UMLWidgetList;
typedef QListIterator<QPointer<UMLWidget>> UMLWidgetListIt;

But that implies in:
Alter all objects and methods that handle with UMLWidget in UMLScene file and others files if need it.
Is that the solution that you mean? 
I using with base the branch with the stable version.
Comment 5 Ralf Habacker 2016-05-19 21:23:20 UTC
(In reply to Lays Rodrigues from comment #4)
> Ralf,
> After looking through and read the QPointer Documentation. I think that the
> change that I need to to is that:
> umlwidgetlist.h
> typedef QList<QPointer<UMLWidget>> UMLWidgetList;
> typedef QListIterator<QPointer<UMLWidget>> UMLWidgetListIt;
This is the required change

> But that implies in:
> Alter all objects and methods that handle with UMLWidget in UMLScene file and others files if need it.
> Is that the solution that you mean? 

You do not need to change every reference. See the following example from http://doc.qt.io/qt-4.8/qpointer.html

code without QPointer

   QLabel* label = new QLabel;
    label->setText("&Status:");
    ...
    if (label)
        label->show();

code with QPointer: 

   QPointer<QLabel> label = new QLabel;
    label->setText("&Status:");
    ...
    if (label)
        label->show();

It is only required to change the definition and mostly references should work out of the box.
Comment 6 Ralf Habacker 2016-05-23 19:47:27 UTC
Git commit 00f94155ef4ea57991ee56c5a3a83a44fe0e0139 by Ralf Habacker, on behalf of Lays Rodrigues.
Committed on 23/05/2016 at 19:47.
Pushed by habacker into branch 'Applications/16.04'.

Fix 'Crash on clicking item in ER diagram'.

The crash has been fixed by making sure that UMLWidgetList do not hold
 any dangled pointer.
REVIEW:127987
FIXED-IN:2.19.2 (KDE Applications 16.04.2)

Signed-off-by: Lays Rodrigues <laysrodriguessilva@gmail.com>

M  +3    -3    umbrello/umlwidgetlist.h

http://commits.kde.org/umbrello/00f94155ef4ea57991ee56c5a3a83a44fe0e0139