Bug 395028 - Scrollbars without widget and styleObject cause crash (e.g. QtWebKit)
Summary: Scrollbars without widget and styleObject cause crash (e.g. QtWebKit)
Status: RESOLVED FIXED
Alias: None
Product: Breeze
Classification: Plasma
Component: QStyle (other bugs)
Version First Reported In: 5.12.90
Platform: Other Linux
: NOR crash
Target Milestone: ---
Assignee: Unassigned bugs
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-06-04 13:28 UTC by Christoph Feck
Modified: 2018-06-05 10:31 UTC (History)
0 users

See Also:
Latest Commit: https://commits.kde.org/breeze/6d886e9f75d04eb34cd34cac668606d027384f96
Version Fixed In: 5.13.0
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Christoph Feck 2018-06-04 13:28:08 UTC 
https://cgit.kde.org/breeze.git/tree/kstyle/breezestyle.cpp#n5041 says:

widget ? [...] : option->styleObject->property("hover").toBool()

The preceeding comment seems to suggest that the code assumes QML if widget is 0. When both are 0, it causes a crash.

Backtrace:

#0  QObject::property (this=0x0, name=name@entry=0x7fffd74e7038 "hover") at kernel/qobject.cpp:3934
#1  0x00007fffd74c4110 in Breeze::Style::drawScrollBarSliderControl (this=0x1225ff0, option=0x7fffffffbc80, painter=0x7fff6a6d29e8, widget=0x0) at /usr/src/debug/breeze-5.13.80git.20180603T093531~47ca4e81-3.1.x86_64/kstyle/breezestyle.cpp:5041
#2  0x00007fffd74cc16f in std::function<bool (Breeze::Style const&, QStyleOption const*, QPainter*, QWidget const*)>::operator()(Breeze::Style const&, QStyleOption const*, QPainter*, QWidget const*) const (__args#3=<optimized out>, __args#2=<optimized out>, __args#1=<optimized out>, __args#0=..., this=0x7fffffffb9c0)
    at /usr/include/c++/7/bits/std_function.h:706
#3  Breeze::Style::drawControl (this=0x1225ff0, element=QStyle::CE_ScrollBarSlider, option=0x7fffffffbc80, painter=0x7fff6a6d29e8, widget=0x0) at /usr/src/debug/breeze-5.13.80git.20180603T093531~47ca4e81-3.1.x86_64/kstyle/breezestyle.cpp:937
#4  0x0000000000917eaf in Otter::Style::drawControl(QStyle::ControlElement, QStyleOption const*, QPainter*, QWidget const*) const ()
#5  0x0000000000b39fcb in Otter::FreeDesktopOrgPlatformStyle::drawControl(QStyle::ControlElement, QStyleOption const*, QPainter*, QWidget const*) const ()
#6  0x00007ffff657e541 in QCommonStyle::drawComplexControl (this=this@entry=0x1225ff0, cc=cc@entry=QStyle::CC_ScrollBar, opt=opt@entry=0x7fffffffbe70, p=p@entry=0x7fff6a6d29e8, widget=widget@entry=0x0) at styles/qcommonstyle.cpp:3290
#7  0x00007fffd74ccf21 in Breeze::Style::drawScrollBarComplexControl (this=0x1225ff0, option=0x7fffffffbe70, painter=0x7fff6a6d29e8, widget=0x0) at /usr/src/debug/breeze-5.13.80git.20180603T093531~47ca4e81-3.1.x86_64/kstyle/breezestyle.cpp:6497
#8  0x00007fffd74ccb44 in std::function<bool (Breeze::Style const&, QStyleOptionComplex const*, QPainter*, QWidget const*)>::operator()(Breeze::Style const&, QStyleOptionComplex const*, QPainter*, QWidget const*) const (__args#3=<optimized out>, __args#2=<optimized out>, __args#1=<optimized out>, __args#0=..., this=0x7fffffffbe00)
    at /usr/include/c++/7/bits/std_function.h:706
#9  Breeze::Style::drawComplexControl (this=0x1225ff0, element=QStyle::CC_ScrollBar, option=0x7fffffffbe70, painter=0x7fff6a6d29e8, widget=0x0) at /usr/src/debug/breeze-5.13.80git.20180603T093531~47ca4e81-3.1.x86_64/kstyle/breezestyle.cpp:968
#10 0x00007ffff7bc39ae in WebKit::QStyleFacadeImp::paintScrollBar () at /usr/src/debug/libqt5-qtwebkit-5.212~alpha2-11.3.x86_64/Source/WebKit/qt/WidgetSupport/QStyleFacadeImp.cpp:473
Comment 1 Kai Uwe Broulik 2018-06-05 10:31:49 UTC 
Git commit 6d886e9f75d04eb34cd34cac668606d027384f96 by Kai Uwe Broulik.
Committed on 05/06/2018 at 10:31.
Pushed by broulik into branch 'Plasma/5.13'.

Check for option->styleObject before accessing it
FIXED-IN: 5.13.0

Differential Revision: https://phabricator.kde.org/D13336

M  +3    -1    kstyle/breezestyle.cpp

https://commits.kde.org/breeze/6d886e9f75d04eb34cd34cac668606d027384f96