402170 – Apper segfaults on repeated update check

Bug 402170 - Apper segfaults on repeated update check

Summary: Apper segfaults on repeated update check

Status:	RESOLVED FIXED

Alias:	None

Product:	apper
Classification:	Applications
Component:	general (show other bugs)
Version:	1.0.0
Platform:	Fedora RPMs Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Daniel Nicoletti

URL:
Keywords:	drkonqi

Depends on:
Blocks:

Reported:	2018-12-15 21:10 UTC by Arcadiy Ivanov
Modified:	2020-05-15 15:51 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:	https://commits.kde.org/apper/d486706f3e9f7eefa4d44cd5ace34eeaf7ba2ceb
Version Fixed In:

Attachments
New crash information added by DrKonqi (10.95 KB, text/plain) 2020-05-15 15:51 UTC, Shawn Starr	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Arcadiy Ivanov 2018-12-15 21:10:20 UTC

Application: apper (1.0.0)

Qt Version: 5.11.1
Frameworks Version: 5.52.0
Operating System: Linux 4.19.8-300.fc29.x86_64 x86_64
Distribution: "Fedora release 29 (Twenty Nine)"

-- Information about the crash:
- What I was doing when the application crashed:

Sometimes Apper segfaults on repeated check for update. 

Open Apper. 
Check for update.
Check for update again.
Apper segfaults.

The crash can be reproduced sometimes.

-- Backtrace:
Application: Apper (apper), signal: Segmentation fault
Using host libthread_db library "/lib64/libthread_db.so.1".
[Current thread is 1 (Thread 0x7f857d99a940 (LWP 4415))]

Thread 4 (Thread 0x7f8567ebe700 (LWP 4421)):
#0  0x00007f85809c977c in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00007f856c420b93 in ?? () from /usr/lib64/dri/i965_dri.so
#2  0x00007f856c4208eb in ?? () from /usr/lib64/dri/i965_dri.so
#3  0x00007f85809c358e in start_thread () from /lib64/libpthread.so.0
#4  0x00007f8580b516a3 in clone () from /lib64/libc.so.6

Thread 3 (Thread 0x7f856eef3700 (LWP 4417)):
#0  0x00007f8580b41f84 in read () from /lib64/libc.so.6
#1  0x00007f857e190aa0 in ?? () from /lib64/libglib-2.0.so.0
#2  0x00007f857e14a09b in g_main_context_check () from /lib64/libglib-2.0.so.0
#3  0x00007f857e14a550 in ?? () from /lib64/libglib-2.0.so.0
#4  0x00007f857e14a6d0 in g_main_context_iteration () from /lib64/libglib-2.0.so.0
#5  0x00007f85811f582b in QEventDispatcherGlib::processEvents (this=0x7f8560000b20, flags=...) at kernel/qeventdispatcher_glib.cpp:425
#6  0x00007f85811a417b in QEventLoop::exec (this=this@entry=0x7f856eef2c30, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:140
#7  0x00007f858100c046 in QThread::exec (this=this@entry=0x7f8581556060 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at ../../include/QtCore/../../src/corelib/global/qflags.h:120
#8  0x00007f85814daf89 in QDBusConnectionManager::run (this=0x7f8581556060 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at qdbusconnection.cpp:178
#9  0x00007f85810154bb in QThreadPrivate::start (arg=0x7f8581556060 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at thread/qthread_unix.cpp:367
#10 0x00007f85809c358e in start_thread () from /lib64/libpthread.so.0
#11 0x00007f8580b516a3 in clone () from /lib64/libc.so.6

Thread 2 (Thread 0x7f85706d9700 (LWP 4416)):
#0  0x00007f8580b46421 in poll () from /lib64/libc.so.6
#1  0x00007f857df6c39f in ?? () from /lib64/libxcb.so.1
#2  0x00007f857df6e01a in xcb_wait_for_event () from /lib64/libxcb.so.1
#3  0x00007f857089ada9 in QXcbEventReader::run (this=0x56319d603b80) at qxcbconnection.h:409
#4  0x00007f85810154bb in QThreadPrivate::start (arg=0x56319d603b80) at thread/qthread_unix.cpp:367
#5  0x00007f85809c358e in start_thread () from /lib64/libpthread.so.0
#6  0x00007f8580b516a3 in clone () from /lib64/libc.so.6

Thread 1 (Thread 0x7f857d99a940 (LWP 4415)):
[KCrash Handler]
#6  0x00007f8582e72cdb in QHash<QString, PackageModel::InternalPackage>::erase (this=this@entry=0x56319db07c80, it=..., it@entry=...) at /usr/include/c++/8/bits/atomic_base.h:303
#7  0x00007f8582e6c93b in QHash<QString, PackageModel::InternalPackage>::erase (it=..., this=0x56319db07c80) at /usr/include/qt5/QtCore/qhash.h:475
#8  PackageModel::clearSelectedNotPresent (this=0x56319db07c40) at /usr/src/debug/apper-1.0.0-3.fc29.x86_64/libapper/PackageModel.cpp:494
#9  0x000056319cb0060e in Updater::getUpdatesFinished (this=0x56319da79780) at /usr/src/debug/apper-1.0.0-3.fc29.x86_64/Apper/Updater/Updater.cpp:268
#10 0x00007f85811cd513 in QtPrivate::QSlotObjectBase::call (a=0x7ffd611fa1f0, r=0x56319da79780, this=0x56319d6c7900) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:376
#11 QMetaObject::activate (sender=0x7f8568008440, signalOffset=<optimized out>, local_signal_index=<optimized out>, argv=<optimized out>) at kernel/qobject.cpp:3754
#12 0x00007f8582dd2a73 in PackageKit::Transaction::finished(PackageKit::Transaction::Exit, unsigned int) () from /lib64/libpackagekitqt5.so.1
#13 0x00007f8582dd6bd9 in PackageKit::TransactionPrivate::finished(unsigned int, unsigned int) () from /lib64/libpackagekitqt5.so.1
#14 0x00007f8582dd50c5 in PackageKit::Transaction::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) () from /lib64/libpackagekitqt5.so.1
#15 0x00007f85811cd3ee in QMetaObject::activate (sender=0x56319dc8c570, signalOffset=<optimized out>, local_signal_index=<optimized out>, argv=<optimized out>) at kernel/qobject.cpp:3771
#16 0x00007f8582de9ed9 in OrgFreedesktopPackageKitTransactionInterface::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) () from /lib64/libpackagekitqt5.so.1
#17 0x00007f8582dec073 in OrgFreedesktopPackageKitTransactionInterface::qt_metacall(QMetaObject::Call, int, void**) () from /lib64/libpackagekitqt5.so.1
#18 0x00007f85814e6b4a in QDBusConnectionPrivate::deliverCall (this=<optimized out>, object=<optimized out>, msg=..., metaTypes=..., slotIdx=<optimized out>) at qdbusintegrator.cpp:991
#19 0x00007f85811ce0f6 in QObject::event (this=0x56319dc8c570, e=<optimized out>) at kernel/qobject.cpp:1251
#20 0x00007f8581bba2a5 in QApplicationPrivate::notify_helper (this=this@entry=0x56319d5e94b0, receiver=receiver@entry=0x56319dc8c570, e=e@entry=0x7f85600202c0) at kernel/qapplication.cpp:3727
#21 0x00007f8581bc19c0 in QApplication::notify (this=0x7ffd611fac40, receiver=0x56319dc8c570, e=0x7f85600202c0) at kernel/qapplication.cpp:3486
#22 0x00007f85811a5236 in QCoreApplication::notifyInternal2 (receiver=0x56319dc8c570, event=0x7f85600202c0) at kernel/qcoreapplication.cpp:1048
#23 0x00007f85811a840b in QCoreApplication::sendEvent (event=0x7f85600202c0, receiver=<optimized out>) at kernel/qcoreapplication.h:234
#24 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x56319d5e5e60) at kernel/qcoreapplication.cpp:1745
#25 0x00007f85811f5a87 in postEventSourceDispatch (s=0x56319d6a1440) at kernel/qeventdispatcher_glib.cpp:276
#26 0x00007f857e14a26d in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
#27 0x00007f857e14a638 in ?? () from /lib64/libglib-2.0.so.0
#28 0x00007f857e14a6d0 in g_main_context_iteration () from /lib64/libglib-2.0.so.0
#29 0x00007f85811f5813 in QEventDispatcherGlib::processEvents (this=0x56319d652df0, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#30 0x00007f857092df15 in QPAEventDispatcherGlib::processEvents (this=0x56319d652df0, flags=...) at qeventdispatcher_glib.cpp:69
#31 0x00007f85811a417b in QEventLoop::exec (this=this@entry=0x7ffd611fab60, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:140
#32 0x00007f85811ac246 in QCoreApplication::exec () at ../../include/QtCore/../../src/corelib/global/qflags.h:120
#33 0x000056319caf2e0a in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/apper-1.0.0-3.fc29.x86_64/Apper/main.cpp:56
[Inferior 1 (process 4415) detached]

Reported using DrKonqi

Comment 1 Albert Astals Cid 2019-03-21 22:11:14 UTC

Git commit d486706f3e9f7eefa4d44cd5ace34eeaf7ba2ceb by Albert Astals Cid, on behalf of Alexander Kernozhitsky.
Committed on 21/03/2019 at 22:11.
Pushed by aacid into branch 'master'.

Prevent crashing Apper on PackageModel::clearSelectedNotPresent()

Summary:
m_checkedPackages.erase() is called, but the iterator is not increased, therefore on the next iteration we use an invalid iterator
Related: bug 405433, bug 401461

Test Plan: I just rebuilt Apper, ran it and installed the updates with it. The bug does not appear.

Reviewers: dantti, apol

Reviewed By: dantti

Differential Revision: https://phabricator.kde.org/D19951

M  +1    -1    libapper/PackageModel.cpp

https://commits.kde.org/apper/d486706f3e9f7eefa4d44cd5ace34eeaf7ba2ceb

Comment 2 Shawn Starr 2020-05-15 15:51:58 UTC

Created attachment 128486 [details]
New crash information added by DrKonqi

apper (1.0.0) using Qt 5.13.2

- What I was doing when the application crashed:

Did an update, then refreshed for another update, then it crashed since I haven't updated in awhile...

-- Backtrace (Reduced):
#6  0x00007f12d6b668a3 in QHash<QString, PackageModel::InternalPackage>::erase(QHash<QString, PackageModel::InternalPackage>::const_iterator) () from /usr/lib64/apper/libapper_private.so
#7  0x00007f12d6b62e4b in PackageModel::clearSelectedNotPresent() () from /usr/lib64/apper/libapper_private.so
#8  0x00005625fcf01ace in Updater::getUpdatesFinished() ()
[...]
#10 0x00007f12d6ac5513 in PackageKit::Transaction::finished(PackageKit::Transaction::Exit, unsigned int) () from /lib64/libpackagekitqt5.so.1
#11 0x00007f12d6ac9169 in PackageKit::TransactionPrivate::finished(unsigned int, unsigned int) () from /lib64/libpackagekitqt5.so.1