423127 – Crash when dragging a url from Telegram to Firefox

Bug 423127 - Crash when dragging a url from Telegram to Firefox

Summary: Crash when dragging a url from Telegram to Firefox

Status:	RESOLVED FIXED

Alias:	None

Product:	kwin
Classification:	Plasma
Component:	wayland-generic (show other bugs)
Version:	unspecified
Platform:	Other Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	KWin default assignee

URL:
Keywords:

Depends on:
Blocks:

Reported:	2020-06-17 22:20 UTC by Aleix Pol
Modified:	2020-06-23 02:49 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:	https://invent.kde.org/plasma/kwayland-server/commit/5167c11b7dfe0520ef34ca0d237c480101eec17f
Version Fixed In:	5.19.2
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Aleix Pol 2020-06-17 22:20:30 UTC

STEPS TO REPRODUCE
1. Dragged from Telegram
2. to Firefox
3. 🤯

OBSERVED RESULT
#0  0x00007f5b3d853f11 in KWaylandServer::DataDeviceInterface::updateDragTarget(KWaylandServer::SurfaceInterface*, unsigned int)::$_5::operator()() const (this=0x55785d19f560) at /home/apol/devel/frameworks/kwayland-server/src/server/datadevice_interface.cpp:336
#1  0x00007f5b3d853ea6 in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, KWaylandServer::DataDeviceInterface::updateDragTarget(KWaylandServer::SurfaceInterface*, unsigned int)::$_5>::call(KWaylandServer::DataDeviceInterface::updateDragTarget(KWaylandServer::SurfaceInterface*, unsigned int)::$_5&, void**) (f=..., arg=0x7ffc6ddb60b0) at /home/apol/devel/kde5/include/QtCore/qobjectdefs_impl.h:146
#2  0x00007f5b3d853e71 in QtPrivate::Functor<KWaylandServer::DataDeviceInterface::updateDragTarget(KWaylandServer::SurfaceInterface*, unsigned int)::$_5, 0>::call<QtPrivate::List<>, void>(KWaylandServer::DataDeviceInterface::updateDragTarget(KWaylandServer::SurfaceInterface*, unsigned int)::$_5&, void*, void**) (f=..., arg=0x7ffc6ddb60b0) at /home/apol/devel/kde5/include/QtCore/qobjectdefs_impl.h:256
#3  0x00007f5b3d853e1c in QtPrivate::QFunctorSlotObject<KWaylandServer::DataDeviceInterface::updateDragTarget(KWaylandServer::SurfaceInterface*, unsigned int)::$_5, 0, QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*)
    (which=1, this_=0x55785d19f550, r=0x55785b2172b0, a=0x7ffc6ddb60b0, ret=0x0) at /home/apol/devel/kde5/include/QtCore/qobjectdefs_impl.h:443
#4  0x00007f5b3c3403fe in QtPrivate::QSlotObjectBase::call(QObject*, void**) (a=0x7ffc6ddb60b0, r=0x55785b2172b0, this=0x55785d19f550) at ../../include/QtCore/../../../../../devel/frameworks/qt5/qtbase/src/corelib/kernel/qobjectdefs_impl.h:398
#5  doActivate<false>(QObject*, int, void**) (sender=0x55785b2172b0, signal_index=5, argv=0x7ffc6ddb60b0) at /home/apol/devel/frameworks/qt5/qtbase/src/corelib/kernel/qobject.cpp:3886
#6  0x00007f5b3d8266f2 in KWaylandServer::DataOfferInterface::dragAndDropActionsChanged() (this=0x55785b2172b0) at src/server/KWaylandServer_autogen/EWIEGA46WW/moc_dataoffer_interface.cpp:132
#7  0x00007f5b3d855222 in KWaylandServer::DataOfferInterface::Private::setActionsCallback(wl_client*, wl_resource*, unsigned int, unsigned int) (client=0x55785d0855a0, resource=0x55785d365ac0, dnd_actions=0, preferred_action=0)
    at /home/apol/devel/frameworks/kwayland-server/src/server/dataoffer_interface.cpp:115
#8  0x00007f5b38496a8d in  () at /usr/lib/libffi.so.7
#9  0x00007f5b3849601b in  () at /usr/lib/libffi.so.7
#10 0x00007f5b3af71f62 in  () at /usr/lib/libwayland-server.so.0
#11 0x00007f5b3af6e2dc in  () at /usr/lib/libwayland-server.so.0
#12 0x00007f5b3af6ffaa in wl_event_loop_dispatch () at /usr/lib/libwayland-server.so.0
#13 0x00007f5b3d857d0e in KWaylandServer::Display::Private::dispatch() (this=0x55785b1bd350) at /home/apol/devel/frameworks/kwayland-server/src/server/display.cpp:135
#14 0x00007f5b3d85e878 in KWaylandServer::Display::Private::installSocketNotifier()::$_0::operator()() const (this=0x55785b1c3c90) at /home/apol/devel/frameworks/kwayland-server/src/server/display.cpp:103
#15 0x00007f5b3d85e826 in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, KWaylandServer::Display::Private::installSocketNotifier()::$_0>::call(KWaylandServer::Display::Private::installSocketNotifier()::$_0&, void**)
    (f=..., arg=0x7ffc6ddb6920) at /home/apol/devel/kde5/include/QtCore/qobjectdefs_impl.h:146
#16 0x00007f5b3d85e7f1 in QtPrivate::Functor<KWaylandServer::Display::Private::installSocketNotifier()::$_0, 0>::call<QtPrivate::List<>, void>(KWaylandServer::Display::Private::installSocketNotifier()::$_0&, void*, void**) (f=..., arg=0x7ffc6ddb6920)
    at /home/apol/devel/kde5/include/QtCore/qobjectdefs_impl.h:256
#17 0x00007f5b3d85e79c in QtPrivate::QFunctorSlotObject<KWaylandServer::Display::Private::installSocketNotifier()::$_0, 0, QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*)
    (which=1, this_=0x55785b1c3c80, r=0x55785b1bd1b0, a=0x7ffc6ddb6920, ret=0x0) at /home/apol/devel/kde5/include/QtCore/qobjectdefs_impl.h:443
#18 0x00007f5b3c3403fe in QtPrivate::QSlotObjectBase::call(QObject*, void**) (a=0x7ffc6ddb6920, r=0x55785b1bd1b0, this=0x55785b1c3c80) at ../../include/QtCore/../../../../../devel/frameworks/qt5/qtbase/src/corelib/kernel/qobjectdefs_impl.h:398
#19 doActivate<false>(QObject*, int, void**) (sender=0x55785b1bd620, signal_index=3, argv=0x7ffc6ddb6920) at /home/apol/devel/frameworks/qt5/qtbase/src/corelib/kernel/qobject.cpp:3886
#20 0x00007f5b3c3399df in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (sender=sender@entry=0x55785b1bd620, m=m@entry=0x7f5b3c5d8b40 <QSocketNotifier::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7ffc6ddb6920)
    at /home/apol/devel/frameworks/qt5/qtbase/src/corelib/kernel/qobject.cpp:3946
#21 0x00007f5b3c34432f in QSocketNotifier::activated(QSocketDescriptor, QSocketNotifier::Type, QSocketNotifier::QPrivateSignal) (this=this@entry=0x55785b1bd620, _t1=..., _t2=<optimized out>, _t3=...) at .moc/moc_qsocketnotifier.cpp:178
#22 0x00007f5b3c344a9b in QSocketNotifier::event(QEvent*) (this=0x55785b1bd620, e=0x7ffc6ddb6bf0) at /home/apol/devel/frameworks/qt5/qtbase/src/corelib/kernel/qsocketnotifier.cpp:302
#23 0x00007f5b3ce13cdf in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=this@entry=0x55785b16cb70, receiver=receiver@entry=0x55785b1bd620, e=e@entry=0x7ffc6ddb6bf0) at /home/apol/devel/frameworks/qt5/qtbase/src/widgets/kernel/qapplication.cpp:3671
#24 0x00007f5b3ce1cb60 in QApplication::notify(QObject*, QEvent*) (this=0x7ffc6ddb7548, receiver=0x55785b1bd620, e=0x7ffc6ddb6bf0) at /home/apol/devel/frameworks/qt5/qtbase/src/widgets/kernel/qapplication.cpp:3417
#25 0x00007f5b3c30a3fa in QCoreApplication::notifyInternal2(QObject*, QEvent*) (receiver=0x55785b1bd620, event=0x7ffc6ddb6bf0) at ../../include/QtCore/5.15.0/QtCore/private/../../../../../../../../devel/frameworks/qt5/qtbase/src/corelib/thread/qthread_p.h:325
#26 0x00007f5b3c3604cb in QEventDispatcherUNIXPrivate::activateSocketNotifiers() (this=0x55785b17b190) at /home/apol/devel/frameworks/qt5/qtbase/src/corelib/kernel/qeventdispatcher_unix.cpp:304
#27 0x00007f5b3c36091b in QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=<optimized out>, flags=...) at /home/apol/devel/frameworks/qt5/qtbase/src/corelib/kernel/qeventdispatcher_unix.cpp:511
#28 0x00007f5b37961f5d in QUnixEventDispatcherQPA::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=<optimized out>, flags=...) at /home/apol/devel/frameworks/qt5/qtbase/src/platformsupport/eventdispatchers/qunixeventdispatcher.cpp:63
#29 0x00007f5b3c308feb in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7ffc6ddb6d80, flags=..., flags@entry=...) at ../../include/QtCore/../../../../../devel/frameworks/qt5/qtbase/src/corelib/global/qflags.h:141
#30 0x00007f5b3c310f00 in QCoreApplication::exec() () at ../../include/QtCore/../../../../../devel/frameworks/qt5/qtbase/src/corelib/global/qflags.h:121
#31 0x000055785b0ab98f in main(int, char**) (argc=4, argv=0x7ffc6ddb7768) at /home/apol/devel/frameworks/kwin/main_wayland.cpp:704


EXPECTED RESULT


SOFTWARE/OS VERSIONS
Windows: 
macOS: 
Linux/KDE Plasma: 
(available in About System)
KDE Plasma Version: 
KDE Frameworks Version: 
Qt Version: 

ADDITIONAL INFORMATION

Comment 1 Bug Janitor Service 2020-06-18 10:02:33 UTC

A possibly relevant merge request was started @ https://invent.kde.org/plasma/kwayland-server/-/merge_requests/25

Comment 2 David Edmundson 2020-06-22 23:24:35 UTC

Git commit 5167c11b7dfe0520ef34ca0d237c480101eec17f by David Edmundson.
Committed on 22/06/2020 at 23:23.
Pushed by davidedmundson into branch 'Plasma/5.19'.

Scope dragAndDropActionsChanged to source lifespan

The source can have a different lifespan to the offer being made.
If a source is removed and we get a drag actions changed before the
offer is cancelled we don't want to crash.

Couldn't reproduce locally, but the trace was good.

M  +1    -1    src/server/datadevice_interface.cpp

https://invent.kde.org/plasma/kwayland-server/commit/5167c11b7dfe0520ef34ca0d237c480101eec17f