Bug 427448 - kdeinit5 crashes when Dolphin filters audio files
Summary: kdeinit5 crashes when Dolphin filters audio files
Status: RESOLVED FIXED
Alias: None
Product: frameworks-kinit
Classification: Frameworks and Libraries
Component: general (show other bugs)
Version: unspecified
Platform: Neon Linux
: NOR crash
Target Milestone: ---
Assignee: David Faure
URL: https://github.com/taglib/taglib/issu...
Keywords:
: 407393 439034 (view as bug list)
Depends on:
Blocks:
 
Reported: 2020-10-08 13:48 UTC by Patrick Silva
Modified: 2023-05-25 21:50 UTC (History)
7 users (show)

See Also:
Latest Commit: https://invent.kde.org/network/kio-extras/-/commit/39174377a5cd233c2043912867a8047c41bdd1fc
Version Fixed In: 23.08
Sentry Crash Report:

Attachments
file that causes crash (4.41 KB, audio/x-m4a)
2020-11-01 19:50 UTC, Patrick Silva 		Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Patrick Silva 2020-10-08 13:48:16 UTC 
SUMMARY
kdeinit5 crashes when I click on "Audio" filter under "Search for" section of Places panel of Dolphin.

SOFTWARE/OS VERSIONS
Operating System: KDE neon Unstable Edition
KDE Plasma Version: 5.20.80
KDE Frameworks Version: 5.75.0
Qt Version: 5.15

Application: kdeinit5 (kdeinit5), signal: Segmentation fault
Content of s_kcrashErrorMessage: (null)
[New LWP 27656]
[New LWP 27657]
[New LWP 27658]
[New LWP 27659]
[New LWP 27660]
[New LWP 27661]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
0x00007f1e33163aff in __GI___poll (fds=fds@entry=0x7ffce05c60a8, nfds=nfds@entry=1, timeout=timeout@entry=1000) at ../sysdeps/unix/sysv/linux/poll.c:29
[Current thread is 1 (Thread 0x7f1e2fd54800 (LWP 27655))]

Thread 7 (Thread 0x7f1e1f7fe700 (LWP 27661)):
#0  0x00007f1e31cc633d in g_mutex_lock () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#1  0x00007f1e31c78bec in g_main_context_check () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007f1e31c79152 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007f1e31c792e3 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#4  0x00007f1e3354aeab in QEventDispatcherGlib::processEvents (this=0x7f1e08000b60, flags=...) at kernel/qeventdispatcher_glib.cpp:425
#5  0x00007f1e334ef1bb in QEventLoop::exec (this=this@entry=0x7f1e1f7fdd70, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:141
#6  0x00007f1e3330d082 in QThread::exec (this=this@entry=0x7f1e2f51bd80 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#7  0x00007f1e2f498f2b in QDBusConnectionManager::run (this=0x7f1e2f51bd80 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at qdbusconnection.cpp:179
#8  0x00007f1e3330e20c in QThreadPrivate::start (arg=0x7f1e2f51bd80 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at thread/qthread_unix.cpp:342
#9  0x00007f1e326d3609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#10 0x00007f1e33170293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 6 (Thread 0x7f1e26233700 (LWP 27660)):
#0  futex_wait_cancelable (private=<optimized out>, expected=0, futex_word=0x7f1e280056f8) at ../sysdeps/nptl/futex-internal.h:183
#1  __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x7f1e280056a8, cond=0x7f1e280056d0) at pthread_cond_wait.c:508
#2  __pthread_cond_wait (cond=0x7f1e280056d0, mutex=0x7f1e280056a8) at pthread_cond_wait.c:638
#3  0x00007f1e2775297b in cnd_wait (mtx=0x7f1e280056a8, cond=0x7f1e280056d0) at ../include/c11/threads_posix.h:155
#4  util_queue_thread_func (input=input@entry=0x55ff7da08200) at ../src/util/u_queue.c:275
#5  0x00007f1e2775258b in impl_thrd_routine (p=<optimized out>) at ../include/c11/threads_posix.h:87
#6  0x00007f1e326d3609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#7  0x00007f1e33170293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 5 (Thread 0x7f1e1ffff700 (LWP 27659)):
#0  futex_wait_cancelable (private=<optimized out>, expected=0, futex_word=0x7f1e280056f8) at ../sysdeps/nptl/futex-internal.h:183
#1  __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x7f1e280056a8, cond=0x7f1e280056d0) at pthread_cond_wait.c:508
#2  __pthread_cond_wait (cond=0x7f1e280056d0, mutex=0x7f1e280056a8) at pthread_cond_wait.c:638
#3  0x00007f1e2775297b in cnd_wait (mtx=0x7f1e280056a8, cond=0x7f1e280056d0) at ../include/c11/threads_posix.h:155
#4  util_queue_thread_func (input=input@entry=0x55ff7da081c0) at ../src/util/u_queue.c:275
#5  0x00007f1e2775258b in impl_thrd_routine (p=<optimized out>) at ../include/c11/threads_posix.h:87
#6  0x00007f1e326d3609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#7  0x00007f1e33170293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 4 (Thread 0x7f1e26a34700 (LWP 27658)):
#0  futex_wait_cancelable (private=<optimized out>, expected=0, futex_word=0x7f1e280056f8) at ../sysdeps/nptl/futex-internal.h:183
#1  __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x7f1e280056a8, cond=0x7f1e280056d0) at pthread_cond_wait.c:508
#2  __pthread_cond_wait (cond=0x7f1e280056d0, mutex=0x7f1e280056a8) at pthread_cond_wait.c:638
#3  0x00007f1e2775297b in cnd_wait (mtx=0x7f1e280056a8, cond=0x7f1e280056d0) at ../include/c11/threads_posix.h:155
#4  util_queue_thread_func (input=input@entry=0x55ff7da07fc0) at ../src/util/u_queue.c:275
#5  0x00007f1e2775258b in impl_thrd_routine (p=<optimized out>) at ../include/c11/threads_posix.h:87
#6  0x00007f1e326d3609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#7  0x00007f1e33170293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 3 (Thread 0x7f1e27235700 (LWP 27657)):
#0  futex_wait_cancelable (private=<optimized out>, expected=0, futex_word=0x7f1e280056f8) at ../sysdeps/nptl/futex-internal.h:183
#1  __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x7f1e280056a8, cond=0x7f1e280056d0) at pthread_cond_wait.c:508
#2  __pthread_cond_wait (cond=0x7f1e280056d0, mutex=0x7f1e280056a8) at pthread_cond_wait.c:638
#3  0x00007f1e2775297b in cnd_wait (mtx=0x7f1e280056a8, cond=0x7f1e280056d0) at ../include/c11/threads_posix.h:155
#4  util_queue_thread_func (input=input@entry=0x55ff7d8dc8c0) at ../src/util/u_queue.c:275
#5  0x00007f1e2775258b in impl_thrd_routine (p=<optimized out>) at ../include/c11/threads_posix.h:87
#6  0x00007f1e326d3609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#7  0x00007f1e33170293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 2 (Thread 0x7f1e2d704700 (LWP 27656)):
#0  0x00007f1e33163aff in __GI___poll (fds=0x7f1e2d703ca8, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007f1e33f1ec1a in ?? () from /lib/x86_64-linux-gnu/libxcb.so.1
#2  0x00007f1e33f2090a in xcb_wait_for_event () from /lib/x86_64-linux-gnu/libxcb.so.1
#3  0x00007f1e2dc8c978 in QXcbEventQueue::run (this=0x55ff7d806d80) at qxcbeventqueue.cpp:228
#4  0x00007f1e3330e20c in QThreadPrivate::start (arg=0x55ff7d806d80) at thread/qthread_unix.cpp:342
#5  0x00007f1e326d3609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#6  0x00007f1e33170293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 1 (Thread 0x7f1e2fd54800 (LWP 27655)):
[KCrash Handler]
#6  0x00007f1e1d4d8314 in TagLib::MP4::Tag::itemMap() const () from /lib/x86_64-linux-gnu/libtag.so.1
#7  0x00007f1e1d79d7ad in parseMP4Tag<TagLib::MP4::File> (img=..., file=...) at ./thumbnail/audiocreator.cpp:175
#8  AudioCreator::create (this=<optimized out>, path=..., img=...) at ./thumbnail/audiocreator.cpp:175
#9  0x00007f1e340ff38c in ThumbnailProtocol::get (this=0x7ffce05c6bc0, url=...) at ./thumbnail/thumbnail.cpp:256
#10 0x00007f1e2f948026 in KIO::SlaveBase::dispatch (this=0x7ffce05c6bc0, command=67, data=...) at ./src/core/slavebase.cpp:1193
#11 0x00007f1e2f9486c6 in KIO::SlaveBase::dispatchLoop (this=this@entry=0x7ffce05c6bc0) at ./src/core/slavebase.cpp:325
#12 0x00007f1e340fcc32 in kdemain (argc=<optimized out>, argv=0x55ff7d7f15f0) at ./thumbnail/thumbnail.cpp:137
#13 0x000055ff7c850076 in launch (argc=4, _name=0x55ff7d7f0d58 "/usr/lib/x86_64-linux-gnu/qt5/plugins/kf5/kio/thumbnail.so", args=0x55ff7d7f0e04 "", cwd=<optimized out>, envc=0, envs=<optimized out>, reset_env=false, tty=0x0, avoid_loops=false, startup_id_str=0x55ff7c853187 "0") at ./src/kdeinit/kinit.cpp:696
#14 0x000055ff7c8514da in handle_launcher_request (sock=8, who=<optimized out>) at ./src/kdeinit/kinit.cpp:1134
#15 0x000055ff7c851eca in handle_requests (waitForPid=0) at ./src/kdeinit/kinit.cpp:1327
#16 0x000055ff7c84d0ff in main (argc=3, argv=<optimized out>) at ./src/kdeinit/kinit.cpp:1765
[Inferior 1 (process 27655) detached]
Comment 1 Nate Graham 2020-10-08 15:00:49 UTC 
It's crashing in TagLib on one of your MP4 files:

[KCrash Handler]
#6  0x00007f1e1d4d8314 in TagLib::MP4::Tag::itemMap() const () from /lib/x86_64-linux-gnu/libtag.so.1
#7  0x00007f1e1d79d7ad in parseMP4Tag<TagLib::MP4::File> (img=..., file=...) at ./thumbnail/audiocreator.cpp:175
#8  AudioCreator::create (this=<optimized out>, path=..., img=...) at ./thumbnail/audiocreator.cpp:175


Please report this to the TagLib developers at https://github.com/taglib/taglib/issues It would be super helpful if you could figure out which MP4 file is causing the crash and attach it to the bug report you file over there.
Comment 2 Patrick Silva 2020-10-08 15:29:38 UTC 
Ok, I have found the culprit file.
Unfortunately taglib seems an abandonware, no release in almost 4 years. :(
Thanks Nate.
Comment 3 Stefan Brüns 2020-11-01 19:41:21 UTC 
@(In reply to Patrick Silva from comment #2)
> Ok, I have found the culprit file.
> Unfortunately taglib seems an abandonware, no release in almost 4 years. :(
> Thanks Nate.

Please attach the file directly to the bugreport. Having to download a problematic file from a random third party server is super annoying.
Comment 4 Patrick Silva 2020-11-01 19:50:54 UTC 
Created attachment 132949 [details]
file that causes crash
Comment 5 Stefan Brüns 2020-11-02 00:28:05 UTC 
Works on openSUSE Tumbleweed. We use a git snapshot for exactly this reason: 1.11.2~git20190725.79bc9ccf
Comment 6 Patrick Silva 2020-11-02 00:55:33 UTC 
humm, this crash was also reproducible on my Arch Linux. I have just replaced taglib package from Arch repos with taglib-git from AUR and now the crash is fixed.
Comment 7 postix 2023-05-17 14:03:57 UTC 
*** Bug 407393 has been marked as a duplicate of this bug. ***
Comment 8 postix 2023-05-17 14:05:31 UTC 
*** Bug 439034 has been marked as a duplicate of this bug. ***
Comment 9 Kai Uwe Broulik 2023-05-17 16:09:23 UTC 
@Patrick Silva: Since you can reproduce, please try https://invent.kde.org/network/kio-extras/-/merge_requests/240
Comment 10 Patrick Silva 2023-05-17 16:22:30 UTC 
Currently I can't reproduce.

Operating System: Arch Linux 
KDE Plasma Version: 5.27.5
KDE Frameworks Version: 5.106.0
Qt Version: 5.15.9
Graphics Platform: Wayland
Comment 11 postix 2023-05-17 16:27:37 UTC 
(In reply to Kai Uwe Broulik from comment #9)
> @Patrick Silva: Since you can reproduce, please try
> https://invent.kde.org/network/kio-extras/-/merge_requests/240

I could try your patch and check if this fixed #469458 for me, if you explain shortly how I can _run a Plasma session with a custom kio-extra build_ (compiled with kdesrc-build). :)
Comment 12 postix 2023-05-17 19:05:53 UTC 
Anyway, I built the current plasma5 branch of plasma-workspace, plasma-desktop, dolphin and kio-extra and could no longer reproduce #469458, even without Kai's patch.
Comment 13 Kai Uwe Broulik 2023-05-25 19:21:05 UTC 
Git commit 39174377a5cd233c2043912867a8047c41bdd1fc by Kai Uwe Broulik.
Committed on 25/05/2023 at 19:13.
Pushed by broulik into branch 'master'.

audiocreator: Check tag against null

In earlier versions of taglib it wasn't guaranteed that a "tag"
existed when the respective "has" method returned true.

This can lead to null pointer access.

M  +3    -3    thumbnail/audiocreator.cpp

https://invent.kde.org/network/kio-extras/-/commit/39174377a5cd233c2043912867a8047c41bdd1fc