Bug 390878 - K3b crashes when a theme from kde store is uninstalled
Summary: K3b crashes when a theme from kde store is uninstalled
Status: RESOLVED FIXED
Alias: None
Product: k3b
Classification: Applications
Component: general (show other bugs)
Version: unspecified
Platform: openSUSE Linux
: NOR crash
Target Milestone: ---
Assignee: k3b developers
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-02-22 01:56 UTC by Patrick Silva
Modified: 2018-03-30 14:29 UTC (History)
4 users (show)

See Also:
Latest Commit: https://commits.kde.org/k3b/166c2d8897d66348f46572d19ea8ee3100e726a4
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Patrick Silva 2018-02-22 01:56:52 UTC 
Crash is reproducible on Arch Linux, neon dev unstable and OpenSuse Tumbleweed.

open k3b settings (ctrl+shift+,)
click themes section on left side
click ~get new themes~ button and install a theme
when theme installation is completed, click ~close~ button
in k3b settings window, select the just installed theme
click ~remove theme~ button, click ~delete~ button in dialog
K3b crashes

below is the backtrace generated on OpenSuse Tumbleweed running K3b 17.12.2.

(gdb) thread apply all bt

Thread 19 (Thread 0x7fff891a6700 (LWP 2816)):
#0  0x00007ffff1da3039 in syscall () from /lib64/libc.so.6
#1  0x00007fffea8839aa in g_cond_wait_until (
    cond=cond@entry=0x5555562427b8, 
    mutex=mutex@entry=0x5555562427b0, 
    end_time=end_time@entry=356514004) at gthread-posix.c:1442
#2  0x00007fffea8120e1 in g_async_queue_pop_intern_unlocked (
    queue=queue@entry=0x5555562427b0, wait=wait@entry=1, 
    end_time=end_time@entry=356514004) at gasyncqueue.c:422
#3  0x00007fffea81269c in g_async_queue_timeout_pop (
    queue=0x5555562427b0, timeout=timeout@entry=15000000)
    at gasyncqueue.c:543
#4  0x00007fffea86629e in g_thread_pool_wait_for_new_pool ()
---Type <return> to continue, or q <return> to quit---
    at gthreadpool.c:167
#5  g_thread_pool_thread_proxy (data=<optimized out>)
    at gthreadpool.c:364
#6  0x00007fffea8657f5 in g_thread_proxy (data=0x7fff70003c50)
    at gthread.c:784
#7  0x00007fffec3d4558 in start_thread ()
   from /lib64/libpthread.so.0
#8  0x00007ffff1da872f in clone () from /lib64/libc.so.6

Thread 18 (Thread 0x7fff899a7700 (LWP 2815)):
#0  0x00007ffff1da3039 in syscall () from /lib64/libc.so.6
#1  0x00007fffea8839aa in g_cond_wait_until (
    cond=cond@entry=0x555556209aa8, 
    mutex=mutex@entry=0x555556209aa0, 
---Type <return> to continue, or q <return> to quit---
    end_time=end_time@entry=342641809) at gthread-posix.c:1442
#2  0x00007fffea8120e1 in g_async_queue_pop_intern_unlocked (
    queue=0x555556209aa0, wait=wait@entry=1, end_time=342641809)
    at gasyncqueue.c:422
#3  0x00007fffea8126d8 in g_async_queue_timeout_pop_unlocked (
    queue=<optimized out>, timeout=timeout@entry=500000)
    at gasyncqueue.c:570
#4  0x00007fffea866194 in g_thread_pool_wait_for_new_task (
    pool=<optimized out>) at gthreadpool.c:262
#5  g_thread_pool_thread_proxy (data=<optimized out>)
    at gthreadpool.c:296
#6  0x00007fffea8657f5 in g_thread_proxy (data=0x7fff6c003d90)
    at gthread.c:784
#7  0x00007fffec3d4558 in start_thread ()
---Type <return> to continue, or q <return> to quit---
   from /lib64/libpthread.so.0
#8  0x00007ffff1da872f in clone () from /lib64/libc.so.6

Thread 17 (Thread 0x7fff8a1a8700 (LWP 2814)):
#0  0x00007ffff1da3039 in syscall () from /lib64/libc.so.6
#1  0x00007fffea8839aa in g_cond_wait_until (
    cond=cond@entry=0x555556209aa8, 
    mutex=mutex@entry=0x555556209aa0, 
    end_time=end_time@entry=342641547) at gthread-posix.c:1442
#2  0x00007fffea8120e1 in g_async_queue_pop_intern_unlocked (
    queue=0x555556209aa0, wait=wait@entry=1, end_time=342641547)
    at gasyncqueue.c:422
#3  0x00007fffea8126d8 in g_async_queue_timeout_pop_unlocked (
    queue=<optimized out>, timeout=timeout@entry=500000)
---Type <return> to continue, or q <return> to quit---
    at gasyncqueue.c:570
#4  0x00007fffea866194 in g_thread_pool_wait_for_new_task (
    pool=<optimized out>) at gthreadpool.c:262
#5  g_thread_pool_thread_proxy (data=<optimized out>)
    at gthreadpool.c:296
#6  0x00007fffea8657f5 in g_thread_proxy (data=0x7fff6c003590)
    at gthread.c:784
#7  0x00007fffec3d4558 in start_thread ()
   from /lib64/libpthread.so.0
#8  0x00007ffff1da872f in clone () from /lib64/libc.so.6

Thread 16 (Thread 0x7fff8a9a9700 (LWP 2813)):
#0  0x00007ffff1da3039 in syscall () from /lib64/libc.so.6
#1  0x00007fffea8839aa in g_cond_wait_until (
---Type <return> to continue, or q <return> to quit---
    cond=cond@entry=0x555556209aa8, 
    mutex=mutex@entry=0x555556209aa0, 
    end_time=end_time@entry=342641420) at gthread-posix.c:1442
#2  0x00007fffea8120e1 in g_async_queue_pop_intern_unlocked (
    queue=0x555556209aa0, wait=wait@entry=1, end_time=342641420)
    at gasyncqueue.c:422
#3  0x00007fffea8126d8 in g_async_queue_timeout_pop_unlocked (
    queue=<optimized out>, timeout=timeout@entry=500000)
    at gasyncqueue.c:570
#4  0x00007fffea866194 in g_thread_pool_wait_for_new_task (
    pool=<optimized out>) at gthreadpool.c:262
#5  g_thread_pool_thread_proxy (data=<optimized out>)
    at gthreadpool.c:296
#6  0x00007fffea8657f5 in g_thread_proxy (data=0x7fff6c003ca0)
---Type <return> to continue, or q <return> to quit---
    at gthread.c:784
#7  0x00007fffec3d4558 in start_thread ()
   from /lib64/libpthread.so.0
#8  0x00007ffff1da872f in clone () from /lib64/libc.so.6

Thread 15 (Thread 0x7fff8b3b7700 (LWP 2812)):
#0  0x00007ffff1da3039 in syscall () from /lib64/libc.so.6
#1  0x00007fffea8839aa in g_cond_wait_until (
    cond=cond@entry=0x555556209aa8, 
    mutex=mutex@entry=0x555556209aa0, 
    end_time=end_time@entry=342643409) at gthread-posix.c:1442
#2  0x00007fffea8120e1 in g_async_queue_pop_intern_unlocked (
    queue=0x555556209aa0, wait=wait@entry=1, end_time=342643409)
    at gasyncqueue.c:422
---Type <return> to continue, or q <return> to quit---
#3  0x00007fffea8126d8 in g_async_queue_timeout_pop_unlocked (
    queue=<optimized out>, timeout=timeout@entry=500000)
    at gasyncqueue.c:570
#4  0x00007fffea866194 in g_thread_pool_wait_for_new_task (
    pool=<optimized out>) at gthreadpool.c:262
#5  g_thread_pool_thread_proxy (data=<optimized out>)
    at gthreadpool.c:296
#6  0x00007fffea8657f5 in g_thread_proxy (data=0x7fff74003630)
    at gthread.c:784
#7  0x00007fffec3d4558 in start_thread ()
   from /lib64/libpthread.so.0
#8  0x00007ffff1da872f in clone () from /lib64/libc.so.6

Thread 14 (Thread 0x7fff8bbb8700 (LWP 2811)):
---Type <return> to continue, or q <return> to quit---
#0  0x00007ffff1da3039 in syscall () from /lib64/libc.so.6
#1  0x00007fffea8839aa in g_cond_wait_until (
    cond=cond@entry=0x555556209aa8, 
    mutex=mutex@entry=0x555556209aa0, 
    end_time=end_time@entry=342644526) at gthread-posix.c:1442
#2  0x00007fffea8120e1 in g_async_queue_pop_intern_unlocked (
    queue=0x555556209aa0, wait=wait@entry=1, end_time=342644526)
    at gasyncqueue.c:422
#3  0x00007fffea8126d8 in g_async_queue_timeout_pop_unlocked (
    queue=<optimized out>, timeout=timeout@entry=500000)
    at gasyncqueue.c:570
#4  0x00007fffea866194 in g_thread_pool_wait_for_new_task (
    pool=<optimized out>) at gthreadpool.c:262
#5  g_thread_pool_thread_proxy (data=<optimized out>)
---Type <return> to continue, or q <return> to quit---
    at gthreadpool.c:296
#6  0x00007fffea8657f5 in g_thread_proxy (data=0x7fff84046400)
    at gthread.c:784
#7  0x00007fffec3d4558 in start_thread ()
   from /lib64/libpthread.so.0
#8  0x00007ffff1da872f in clone () from /lib64/libc.so.6

Thread 13 (Thread 0x7fffa8ba2700 (LWP 2810)):
#0  0x00007ffff1da3039 in syscall () from /lib64/libc.so.6
#1  0x00007fffea8839aa in g_cond_wait_until (
    cond=cond@entry=0x555556209aa8, 
    mutex=mutex@entry=0x555556209aa0, 
    end_time=end_time@entry=342643508) at gthread-posix.c:1442
#2  0x00007fffea8120e1 in g_async_queue_pop_intern_unlocked (
---Type <return> to continue, or q <return> to quit---
    queue=0x555556209aa0, wait=wait@entry=1, end_time=342643508)
    at gasyncqueue.c:422
#3  0x00007fffea8126d8 in g_async_queue_timeout_pop_unlocked (
    queue=<optimized out>, timeout=timeout@entry=500000)
    at gasyncqueue.c:570
#4  0x00007fffea866194 in g_thread_pool_wait_for_new_task (
    pool=<optimized out>) at gthreadpool.c:262
#5  g_thread_pool_thread_proxy (data=<optimized out>)
    at gthreadpool.c:296
#6  0x00007fffea8657f5 in g_thread_proxy (data=0x555556497990)
    at gthread.c:784
#7  0x00007fffec3d4558 in start_thread ()
   from /lib64/libpthread.so.0
#8  0x00007ffff1da872f in clone () from /lib64/libc.so.6
---Type <return> to continue, or q <return> to quit---

Thread 9 (Thread 0x7fffbd7c9700 (LWP 2800)):
#0  0x00007ffff1d9df8b in poll () from /lib64/libc.so.6
#1  0x00007fffea83e109 in g_main_context_poll (
    priority=<optimized out>, n_fds=1, fds=0x7fffa4002de0, 
    timeout=<optimized out>, context=0x7fffa4000be0)
    at gmain.c:4169
#2  g_main_context_iterate (context=context@entry=0x7fffa4000be0, 
    block=block@entry=1, dispatch=dispatch@entry=1, 
    self=<optimized out>) at gmain.c:3863
#3  0x00007fffea83e21c in g_main_context_iteration (
    context=0x7fffa4000be0, may_block=may_block@entry=1)
    at gmain.c:3929
#4  0x00007ffff26d87cf in QEventDispatcherGlib::processEvents (
---Type <return> to continue, or q <return> to quit---
    this=0x7fffa4000b10, flags=...)
    at kernel/qeventdispatcher_glib.cpp:423
#5  0x00007ffff267f71a in QEventLoop::exec (
    this=this@entry=0x7fffbd7c8cd0, flags=..., flags@entry=...)
    at kernel/qeventloop.cpp:212
#6  0x00007ffff24a693a in QThread::exec (this=<optimized out>)
    at thread/qthread.cpp:522
#7  0x00007ffff24ab930 in QThreadPrivate::start (
    arg=0x5555561c7820) at thread/qthread_unix.cpp:376
#8  0x00007fffec3d4558 in start_thread ()
   from /lib64/libpthread.so.0
#9  0x00007ffff1da872f in clone () from /lib64/libc.so.6

Thread 8 (Thread 0x7fffbe3f5700 (LWP 2795)):
---Type <return> to continue, or q <return> to quit---
#0  0x00007fffec3dab5c in pthread_cond_timedwait@@GLIBC_2.3.2 ()
   from /lib64/libpthread.so.0
#1  0x00007ffff24acb58 in QWaitConditionPrivate::wait_relative (
    time=30000, this=0x7fffb40064e0)
    at thread/qwaitcondition_unix.cpp:133
#2  QWaitConditionPrivate::wait (time=30000, this=0x7fffb40064e0)
    at thread/qwaitcondition_unix.cpp:141
#3  QWaitCondition::wait (this=this@entry=0x7fffb40061f0, 
    mutex=mutex@entry=0x7fffb40034b0, time=30000)
    at thread/qwaitcondition_unix.cpp:215
#4  0x00007ffff24a8dee in QThreadPoolThread::run (
    this=0x7fffb40061e0) at thread/qthreadpool.cpp:146
#5  0x00007ffff24ab930 in QThreadPrivate::start (
    arg=0x7fffb40061e0) at thread/qthread_unix.cpp:376
---Type <return> to continue, or q <return> to quit---
#6  0x00007fffec3d4558 in start_thread ()
   from /lib64/libpthread.so.0
#7  0x00007ffff1da872f in clone () from /lib64/libc.so.6

Thread 7 (Thread 0x7fffbf004700 (LWP 2788)):
#0  0x00007fffec3da82d in pthread_cond_wait@@GLIBC_2.3.2 ()
   from /lib64/libpthread.so.0
#1  0x00007ffff24acc8b in QWaitConditionPrivate::wait (
    time=18446744073709551615, this=0x555556210140)
    at thread/qwaitcondition_unix.cpp:143
#2  QWaitCondition::wait (this=this@entry=0x7fffd800d778, 
    mutex=mutex@entry=0x7fffd800d770, 
    time=time@entry=18446744073709551615)
    at thread/qwaitcondition_unix.cpp:215
---Type <return> to continue, or q <return> to quit---
#3  0x00007ffff24a546b in QSemaphore::acquire (
    this=this@entry=0x7ffff1501e60 <(anonymous namespace)::Q_QGS_libProxyWrapper::innerFunction()::holder+32>, n=n@entry=1)
    at thread/qsemaphore.cpp:143
#4  0x00007ffff1258114 in QLibProxyWrapper::run (
    this=0x7ffff1501e40 <(anonymous namespace)::Q_QGS_libProxyWrapper::innerFunction()::holder>)
    at kernel/qnetworkproxy_libproxy.cpp:179
#5  0x00007ffff24ab930 in QThreadPrivate::start (
    arg=0x7ffff1501e40 <(anonymous namespace)::Q_QGS_libProxyWrapper::innerFunction()::holder>) at thread/qthread_unix.cpp:376
#6  0x00007fffec3d4558 in start_thread ()
   from /lib64/libpthread.so.0
#7  0x00007ffff1da872f in clone () from /lib64/libc.so.6
---Type <return> to continue, or q <return> to quit---

Thread 6 (Thread 0x7fffbf805700 (LWP 2787)):
#0  0x00007ffff1d9df8b in poll () from /lib64/libc.so.6
#1  0x00007fffea83e109 in g_main_context_poll (
    priority=<optimized out>, n_fds=1, fds=0x7fffb4002de0, 
    timeout=<optimized out>, context=0x7fffb4000be0)
    at gmain.c:4169
#2  g_main_context_iterate (context=context@entry=0x7fffb4000be0, 
    block=block@entry=1, dispatch=dispatch@entry=1, 
    self=<optimized out>) at gmain.c:3863
#3  0x00007fffea83e21c in g_main_context_iteration (
    context=0x7fffb4000be0, may_block=may_block@entry=1)
    at gmain.c:3929
#4  0x00007ffff26d87cf in QEventDispatcherGlib::processEvents (
---Type <return> to continue, or q <return> to quit---
    this=0x7fffb4000b10, flags=...)
    at kernel/qeventdispatcher_glib.cpp:423
#5  0x00007ffff267f71a in QEventLoop::exec (
    this=this@entry=0x7fffbf804cd0, flags=..., flags@entry=...)
    at kernel/qeventloop.cpp:212
#6  0x00007ffff24a693a in QThread::exec (this=<optimized out>)
    at thread/qthread.cpp:522
#7  0x00007ffff24ab930 in QThreadPrivate::start (
    arg=0x7fffd800d870) at thread/qthread_unix.cpp:376
#8  0x00007fffec3d4558 in start_thread ()
   from /lib64/libpthread.so.0
#9  0x00007ffff1da872f in clone () from /lib64/libc.so.6

Thread 5 (Thread 0x7fffc4823700 (LWP 2786)):
---Type <return> to continue, or q <return> to quit---
#0  0x00007ffff1d9df8b in poll () from /lib64/libc.so.6
#1  0x00007fffea83e109 in g_main_context_poll (
    priority=<optimized out>, n_fds=1, fds=0x7fffb8002de0, 
    timeout=<optimized out>, context=0x7fffb8000be0)
    at gmain.c:4169
#2  g_main_context_iterate (context=context@entry=0x7fffb8000be0, 
    block=block@entry=1, dispatch=dispatch@entry=1, 
    self=<optimized out>) at gmain.c:3863
#3  0x00007fffea83e21c in g_main_context_iteration (
    context=0x7fffb8000be0, may_block=may_block@entry=1)
    at gmain.c:3929
#4  0x00007ffff26d87cf in QEventDispatcherGlib::processEvents (
    this=0x7fffb8000b10, flags=...)
    at kernel/qeventdispatcher_glib.cpp:423
---Type <return> to continue, or q <return> to quit---
#5  0x00007ffff267f71a in QEventLoop::exec (
    this=this@entry=0x7fffc4822cd0, flags=..., flags@entry=...)
    at kernel/qeventloop.cpp:212
#6  0x00007ffff24a693a in QThread::exec (this=<optimized out>)
    at thread/qthread.cpp:522
#7  0x00007ffff24ab930 in QThreadPrivate::start (
    arg=0x5555561e2940) at thread/qthread_unix.cpp:376
#8  0x00007fffec3d4558 in start_thread ()
   from /lib64/libpthread.so.0
#9  0x00007ffff1da872f in clone () from /lib64/libc.so.6

Thread 4 (Thread 0x7fffc5524700 (LWP 2756)):
#0  0x00007ffff1d75f50 in nanosleep () from /lib64/libc.so.6
#1  0x00007ffff26d823d in qt_nanosleep (amount=...)
---Type <return> to continue, or q <return> to quit---
    at kernel/qelapsedtimer_unix.cpp:195
#2  0x00007ffff24aad07 in QThread::sleep (secs=secs@entry=2)
    at thread/qthread_unix.cpp:544
#3  0x00007ffff7a855fa in K3b::MediaCache::PollThread::run (
    this=0x55555600f310)
    at /usr/src/debug/k3b-17.12.2-1.1.x86_64/libk3b/tools/k3bmediacache.cpp:103
#4  0x00007ffff24ab930 in QThreadPrivate::start (
    arg=0x55555600f310) at thread/qthread_unix.cpp:376
#5  0x00007fffec3d4558 in start_thread ()
   from /lib64/libpthread.so.0
#6  0x00007ffff1da872f in clone () from /lib64/libc.so.6

Thread 3 (Thread 0x7fffdd101700 (LWP 2732)):
---Type <return> to continue, or q <return> to quit---
#0  0x00007ffff1d9df8b in poll () from /lib64/libc.so.6
#1  0x00007fffea83e109 in g_main_context_poll (
    priority=<optimized out>, n_fds=3, fds=0x7fffd0002de0, 
    timeout=<optimized out>, context=0x7fffd0000be0)
    at gmain.c:4169
#2  g_main_context_iterate (context=context@entry=0x7fffd0000be0, 
    block=block@entry=1, dispatch=dispatch@entry=1, 
    self=<optimized out>) at gmain.c:3863
#3  0x00007fffea83e21c in g_main_context_iteration (
    context=0x7fffd0000be0, may_block=may_block@entry=1)
    at gmain.c:3929
#4  0x00007ffff26d87cf in QEventDispatcherGlib::processEvents (
    this=0x7fffd0000b10, flags=...)
    at kernel/qeventdispatcher_glib.cpp:423
---Type <return> to continue, or q <return> to quit---
#5  0x00007ffff267f71a in QEventLoop::exec (
    this=this@entry=0x7fffdd100ca0, flags=..., flags@entry=...)
    at kernel/qeventloop.cpp:212
#6  0x00007ffff24a693a in QThread::exec (
    this=this@entry=0x7ffff2d6cd60 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at thread/qthread.cpp:522
#7  0x00007ffff2afca35 in QDBusConnectionManager::run (
    this=0x7ffff2d6cd60 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at qdbusconnection.cpp:178
#8  0x00007ffff24ab930 in QThreadPrivate::start (
    arg=0x7ffff2d6cd60 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at thread/qthread_unix.cpp:376
#9  0x00007fffec3d4558 in start_thread ()
   from /lib64/libpthread.so.0
---Type <return> to continue, or q <return> to quit---
#10 0x00007ffff1da872f in clone () from /lib64/libc.so.6

Thread 2 (Thread 0x7fffdf674700 (LWP 2731)):
#0  0x00007ffff1d9df8b in poll () from /lib64/libc.so.6
#1  0x00007fffe8b59387 in poll (__timeout=-1, __nfds=1, 
    __fds=0x7fffdf673bc8) at /usr/include/bits/poll2.h:46
#2  _xcb_conn_wait (c=c@entry=0x5555559f9960, 
    cond=cond@entry=0x5555559f99a0, vector=vector@entry=0x0, 
    count=count@entry=0x0) at xcb_conn.c:479
#3  0x00007fffe8b5b17a in xcb_wait_for_event (c=0x5555559f9960)
    at xcb_in.c:693
#4  0x00007fffe240e0a9 in QXcbEventReader::run (
    this=0x5555559c4000) at qxcbconnection.cpp:1370
#5  0x00007ffff24ab930 in QThreadPrivate::start (
---Type <return> to continue, or q <return> to quit---
    arg=0x5555559c4000) at thread/qthread_unix.cpp:376
#6  0x00007fffec3d4558 in start_thread ()
   from /lib64/libpthread.so.0
#7  0x00007ffff1da872f in clone () from /lib64/libc.so.6

Thread 1 (Thread 0x7ffff7fa6900 (LWP 2726)):
#0  0x00007ffff1ce60d0 in raise () from /lib64/libc.so.6
#1  0x00007ffff1ce76b1 in abort () from /lib64/libc.so.6
#2  0x00007ffff1d29417 in __libc_message () from /lib64/libc.so.6
#3  0x00007ffff1d2fb73 in malloc_printerr () from /lib64/libc.so.6
#4  0x00007ffff1d31479 in _int_free () from /lib64/libc.so.6
#5  0x00007ffff259591f in QStringList::~QStringList (
    this=0x7fffd800eef8, __in_chrg=<optimized out>)
    at ../../include/QtCore/../../src/corelib/tools/qstringlist.h:1---Type <return> to continue, or q <return> to quit---
01
#6  QDirPrivate::~QDirPrivate (this=0x7fffd800eee0, 
    __in_chrg=<optimized out>) at io/qdir_p.h:59
#7  QSharedDataPointer<QDirPrivate>::~QSharedDataPointer (
    this=<optimized out>, __in_chrg=<optimized out>)
    at ../../include/QtCore/../../src/corelib/tools/qshareddata.h:89
#8  0x00007ffff25cc203 in existsAsSpecified (options=..., 
    path=...) at io/qstandardpaths.cpp:385
#9  QStandardPaths::locateAll (
    type=type@entry=QStandardPaths::GenericDataLocation, 
    fileName=..., options=..., options@entry=...)
    at io/qstandardpaths.cpp:421
#10 0x000055555560c92d in K3b::ThemeManager::loadThemes (
---Type <return> to continue, or q <return> to quit---
    this=0x555555aab970)
    at /usr/src/debug/k3b-17.12.2-1.1.x86_64/src/k3bthememanager.cpp:280
#11 0x0000555555656072 in K3b::ThemeModel::reload (
    this=0x5555562da120)
    at /usr/src/debug/k3b-17.12.2-1.1.x86_64/src/option/k3bthememodel.cpp:41
#12 0x0000555555653fda in K3b::ThemeOptionTab::readSettings (
    this=this@entry=0x5555562e2e10)
    at /usr/src/debug/k3b-17.12.2-1.1.x86_64/src/option/k3bthemeoptiontab.cpp:71
#13 0x00005555556542ef in K3b::ThemeOptionTab::slotRemoveTheme (
    this=0x5555562e2e10)
    at /usr/src/debug/k3b-17.12.2-1.1.x86_64/src/option/k3bthemeopt---Type <return> to continue, or q <return> to quit---
iontab.cpp:218
#14 0x00007ffff26af02a in QMetaObject::activate (
    sender=sender@entry=0x555556330aa0, 
    signalOffset=<optimized out>, 
    local_signal_index=local_signal_index@entry=2, 
    argv=argv@entry=0x7fffffffc480) at kernel/qobject.cpp:3766
#15 0x00007ffff26af737 in QMetaObject::activate (
    sender=sender@entry=0x555556330aa0, 
    m=m@entry=0x7ffff3d3b380 <QAbstractButton::staticMetaObject>, 
    local_signal_index=local_signal_index@entry=2, 
    argv=argv@entry=0x7fffffffc480) at kernel/qobject.cpp:3628
#16 0x00007ffff377cec2 in QAbstractButton::clicked (
    this=this@entry=0x555556330aa0, _t1=<optimized out>)
    at .moc/moc_qabstractbutton.cpp:308
---Type <return> to continue, or q <return> to quit---
#17 0x00007ffff377d0aa in QAbstractButtonPrivate::emitClicked (
    this=0x555556330ae0) at widgets/qabstractbutton.cpp:414
#18 0x00007ffff377e3ca in QAbstractButtonPrivate::click (
    this=0x555556330ae0) at widgets/qabstractbutton.cpp:407
#19 0x00007ffff377e595 in QAbstractButton::mouseReleaseEvent (
    this=0x555556330aa0, e=0x7fffffffc8f0)
    at widgets/qabstractbutton.cpp:1011
#20 0x00007ffff36ce338 in QWidget::event (this=0x555556330aa0, 
    event=0x7fffffffc8f0) at kernel/qwidget.cpp:9197
#21 0x00007ffff369201c in QApplicationPrivate::notify_helper (
    this=<optimized out>, receiver=0x555556330aa0, 
    e=0x7fffffffc8f0) at kernel/qapplication.cpp:3733
#22 0x00007ffff369986f in QApplication::notify (

    this=<optimized out>, receiver=0x555556330aa0, 
---Type <return> to continue, or q <return> to quit---
    e=0x7fffffffc8f0) at kernel/qapplication.cpp:3209
#23 0x00007ffff2680f08 in QCoreApplication::notifyInternal2 (
    receiver=0x555556330aa0, event=0x7fffffffc8f0)
    at kernel/qcoreapplication.cpp:1044
#24 0x00007ffff36988bf in QApplicationPrivate::sendMouseEvent (
    receiver=0x555556330aa0, event=0x7fffffffc8f0, 
    alienWidget=0x555556330aa0, nativeWidget=0x7fffffffcfa0, 
    buttonDown=<optimized out>, lastMouseReceiver=..., 
    spontaneous=true)
    at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:234
#25 0x00007ffff36e868b in QWidgetWindow::handleMouseEvent (
    this=0x5555560cbe30, event=0x7fffffffcce0)
    at kernel/qwidgetwindow.cpp:654
---Type <return> to continue, or q <return> to quit---
#26 0x00007ffff36eaab1 in QWidgetWindow::event (
    this=0x5555560cbe30, event=0x7fffffffcce0)
    at kernel/qwidgetwindow.cpp:273
#27 0x00007ffff369201c in QApplicationPrivate::notify_helper (
    this=<optimized out>, receiver=0x5555560cbe30, 
    e=0x7fffffffcce0) at kernel/qapplication.cpp:3733
#28 0x00007ffff3699314 in QApplication::notify (
    this=0x7fffffffded0, receiver=0x5555560cbe30, 
    e=0x7fffffffcce0) at kernel/qapplication.cpp:3492
#29 0x00007ffff2680f08 in QCoreApplication::notifyInternal2 (
    receiver=receiver@entry=0x5555560cbe30, 
    event=event@entry=0x7fffffffcce0)
    at kernel/qcoreapplication.cpp:1044
#30 0x00007ffff2e8a0dc in QCoreApplication::sendSpontaneousEvent (
---Type <return> to continue, or q <return> to quit---
    event=0x7fffffffcce0, receiver=0x5555560cbe30)
    at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:237
#31 QGuiApplicationPrivate::processMouseEvent (e=0x7fffb40165c0)
    at kernel/qguiapplication.cpp:1957
#32 0x00007ffff2e8ba25 in QGuiApplicationPrivate::processWindowSystemEvent (e=0x7fffb40165c0) at kernel/qguiapplication.cpp:1741
#33 0x00007ffff2e64eab in QWindowSystemInterface::sendWindowSystemEvents (flags=...) at kernel/qwindowsysteminterface.cpp:976
#34 0x00007fffe248f78b in QPAEventDispatcherGlib::processEvents (
    this=0x555555a3b8b0, flags=...)
    at qeventdispatcher_glib.cpp:70
#35 0x00007ffff267f71a in QEventLoop::exec (
    this=this@entry=0x7fffffffcf30, flags=..., flags@entry=...)
---Type <return> to continue, or q <return> to quit---
    at kernel/qeventloop.cpp:212
#36 0x00007ffff386b7b7 in QDialog::exec (
    this=this@entry=0x7fffffffcfa0) at dialogs/qdialog.cpp:546
#37 0x00005555555f0fde in K3b::MainWindow::slotSettingsConfigure (
    this=0x555555ce5450)
    at /usr/src/debug/k3b-17.12.2-1.1.x86_64/src/k3b.cpp:1118
#38 0x000055555572513a in K3b::MainWindow::qt_static_metacall (
    _o=<optimized out>, _c=<optimized out>, _id=<optimized out>, 
    _a=<optimized out>)
    at /usr/src/debug/k3b-17.12.2-1.1.x86_64/build/src/k3b_autogen/EWIEGA46WW/moc_k3b.cpp:302
#39 0x00007ffff26af02a in QMetaObject::activate (
    sender=sender@entry=0x555555cfb520, 
    signalOffset=<optimized out>, 
---Type <return> to continue, or q <return> to quit---
    local_signal_index=local_signal_index@entry=1, 
    argv=argv@entry=0x7fffffffd200) at kernel/qobject.cpp:3766
#40 0x00007ffff26af737 in QMetaObject::activate (
    sender=sender@entry=0x555555cfb520, 
    m=m@entry=0x7ffff3d35820 <QAction::staticMetaObject>, 
    local_signal_index=local_signal_index@entry=1, 
    argv=argv@entry=0x7fffffffd200) at kernel/qobject.cpp:3628
#41 0x00007ffff368bd52 in QAction::triggered (
    this=this@entry=0x555555cfb520, _t1=<optimized out>)
    at .moc/moc_qaction.cpp:376
#42 0x00007ffff368e24c in QAction::activate (this=0x555555cfb520, 
    event=<optimized out>) at kernel/qaction.cpp:1167
#43 0x00007ffff37ff89c in QMenuPrivate::activateCausedStack (
    this=this@entry=0x555555f57620, causedStack=..., 
---Type <return> to continue, or q <return> to quit---
    action=action@entry=0x555555cfb520, 
    action_e=action_e@entry=QAction::Trigger, 
    self=self@entry=true) at widgets/qmenu.cpp:1373
#44 0x00007ffff380689f in QMenuPrivate::activateAction (
    this=this@entry=0x555555f57620, 
    action=action@entry=0x555555cfb520, 
    action_e=action_e@entry=QAction::Trigger, 
    self=self@entry=true) at widgets/qmenu.cpp:1450
#45 0x00007ffff38076b3 in QMenu::mouseReleaseEvent (
    this=<optimized out>, e=0x7fffffffd7c0)
    at widgets/qmenu.cpp:2944
#46 0x00007ffff36ce338 in QWidget::event (
    this=this@entry=0x555555f4c960, 
    event=event@entry=0x7fffffffd7c0) at kernel/qwidget.cpp:9197
---Type <return> to continue, or q <return> to quit---
#47 0x00007ffff38098db in QMenu::event (this=0x555555f4c960, 
    e=0x7fffffffd7c0) at widgets/qmenu.cpp:3066
#48 0x00007ffff369201c in QApplicationPrivate::notify_helper (
    this=<optimized out>, receiver=0x555555f4c960, 
    e=0x7fffffffd7c0) at kernel/qapplication.cpp:3733
#49 0x00007ffff369986f in QApplication::notify (
    this=<optimized out>, receiver=0x555555f4c960, 
    e=0x7fffffffd7c0) at kernel/qapplication.cpp:3209
#50 0x00007ffff2680f08 in QCoreApplication::notifyInternal2 (

    receiver=0x555555f4c960, event=0x7fffffffd7c0)
    at kernel/qcoreapplication.cpp:1044
#51 0x00007ffff36988bf in QApplicationPrivate::sendMouseEvent (
    receiver=0x555555f4c960, event=0x7fffffffd7c0, 

    alienWidget=0x0, nativeWidget=0x555555f4c960, 
---Type <return> to continue, or q <return> to quit---
    buttonDown=<optimized out>, lastMouseReceiver=..., 
    spontaneous=true)
    at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:234
#52 0x00007ffff36e83d7 in QWidgetWindow::handleMouseEvent (
    this=0x5555560c9e70, event=0x7fffffffdbb0)
    at kernel/qwidgetwindow.cpp:548
#53 0x00007ffff36eaab1 in QWidgetWindow::event (
    this=0x5555560c9e70, event=0x7fffffffdbb0)
    at kernel/qwidgetwindow.cpp:273
#54 0x00007ffff369201c in QApplicationPrivate::notify_helper (
    this=<optimized out>, receiver=0x5555560c9e70, 
    e=0x7fffffffdbb0) at kernel/qapplication.cpp:3733
#55 0x00007ffff3699314 in QApplication::notify (
---Type <return> to continue, or q <return> to quit---
    this=0x7fffffffded0, receiver=0x5555560c9e70, 
    e=0x7fffffffdbb0) at kernel/qapplication.cpp:3492
#56 0x00007ffff2680f08 in QCoreApplication::notifyInternal2 (
    receiver=receiver@entry=0x5555560c9e70, 
    event=event@entry=0x7fffffffdbb0)
    at kernel/qcoreapplication.cpp:1044
#57 0x00007ffff2e8a0dc in QCoreApplication::sendSpontaneousEvent (
    event=0x7fffffffdbb0, receiver=0x5555560c9e70)
    at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:237
#58 QGuiApplicationPrivate::processMouseEvent (e=0x5555563a4180)
    at kernel/qguiapplication.cpp:1957
#59 0x00007ffff2e8ba25 in QGuiApplicationPrivate::processWindowSystemEvent (e=0x5555563a4180) at kernel/qguiapplication.cpp:1741
---Type <return> to continue, or q <return> to quit---
#60 0x00007ffff2e64eab in QWindowSystemInterface::sendWindowSystemEvents (flags=...) at kernel/qwindowsysteminterface.cpp:976
#61 0x00007fffe248f78b in QPAEventDispatcherGlib::processEvents (
    this=0x555555a3b8b0, flags=...)
    at qeventdispatcher_glib.cpp:70
#62 0x00007ffff267f71a in QEventLoop::exec (
    this=this@entry=0x7fffffffde00, flags=..., flags@entry=...)
    at kernel/qeventloop.cpp:212
#63 0x00007ffff2688254 in QCoreApplication::exec ()
    at kernel/qcoreapplication.cpp:1332
#64 0x00005555555d01e8 in main (argc=<optimized out>, 
    argv=<optimized out>)
    at /usr/src/debug/k3b-17.12.2-1.1.x86_64/src/main.cpp:146
(gdb)
Comment 1 Scott Harvey 2018-02-22 18:19:43 UTC 
I'm able to reproduce on Kubuntu 17.10.1, following the exact procedure outlined in the original bug report. K3b freezes and then crashes.
Comment 2 Leslie Zhai 2018-03-30 14:08:45 UTC 
Thanks for your report! reproduced:

SUMMARY: AddressSanitizer: undefined-behavior
=================================================================
==4226==ERROR: AddressSanitizer: heap-use-after-free on address 0x60c0011f84d8 at pc 0x000000cafa84 bp 0x7fffffff1aa0 sp 0x7fffffff1a98
READ of size 8 at 0x60c0011f84d8 thread T0
Detaching after fork from child process 4336.
    #0 0xcafa83 in QMap<QString, QPixmap>::~QMap() /usr/include/qt5/QtCore/qmap.h:341:27
    #1 0xca94de in K3b::Theme::~Theme() /data/project/kde/k3b/src/k3bthememanager.h:28:11
    #2 0xc97ba9 in K3b::ThemeManager::loadThemes() /data/project/kde/k3b/src/k3bthememanager.cpp:277:9
    #3 0x13b0ecc in K3b::ThemeModel::reload() /data/project/kde/k3b/src/option/k3bthememodel.cpp:41:21
    #4 0x13696b7 in K3b::ThemeOptionTab::readSettings() /data/project/kde/k3b/src/option/k3bthemeoptiontab.cpp:71:19
    #5 0x137fc0a in K3b::ThemeOptionTab::slotRemoveTheme() /data/project/kde/k3b/src/option/k3bthemeoptiontab.cpp:218:9
Comment 3 Leslie Zhai 2018-03-30 14:29:54 UTC 
Git commit 166c2d8897d66348f46572d19ea8ee3100e726a4 by Leslie Zhai.
Committed on 30/03/2018 at 14:28.
Pushed by lesliezhai into branch 'master'.

Fix heap-use-after-free issue for ThemeManager

M  +4    -2    src/k3bthememanager.cpp

https://commits.kde.org/k3b/166c2d8897d66348f46572d19ea8ee3100e726a4