Bug 429881 - kmixctrl segfault
Summary: kmixctrl segfault
Status: RESOLVED FIXED
Alias: None
Product: kmix
Classification: Applications
Component: Backend: Pulseaudio (show other bugs)
Version: unspecified
Platform: Gentoo Packages Linux
: NOR crash
Target Milestone: ---
Assignee: Colin Guthrie
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-12-01 10:44 UTC by Misha Labjuk
Modified: 2020-12-29 00:43 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Misha Labjuk 2020-12-01 10:44:21 UTC 
SUMMARY
kmixctrl crashes because invalid destuctor order.

STEPS TO REPRODUCE
1. run kmixctrl -s  or kmixctrl -r

OBSERVED RESULT
Segmentation fault

EXPECTED RESULT
save/restore settings

SOFTWARE/OS VERSIONS
KDE Plasma Version:  5.19.5
KDE Frameworks Version: 5.74.0
Qt Version: 5.15.1

ADDITIONAL INFORMATION

Null pointer dereference:


#0  0x0000000000000000 in ?? ()
#1  0x00007ffff61521f1 in free_events (c=0x55555559f550) at /var/tmp/portage/media-sound/pulseaudio-13.0/work/pulseaudio-13.0/src/pulsecore/socket-client.c:109
#2  0x00007ffff6152318 in socket_client_free (c=0x55555559f550) at /var/tmp/portage/media-sound/pulseaudio-13.0/work/pulseaudio-13.0/src/pulsecore/socket-client.c:295
#3  pa_socket_client_unref (c=0x55555559f550) at /var/tmp/portage/media-sound/pulseaudio-13.0/work/pulseaudio-13.0/src/pulsecore/socket-client.c:317
#4  0x00007ffff71ebd3a in context_unlink (c=<optimized out>) at /var/tmp/portage/media-sound/pulseaudio-13.0/work/pulseaudio-13.0/src/pulse/context.c:234
#5  context_unlink (c=0x555555584850) at /var/tmp/portage/media-sound/pulseaudio-13.0/work/pulseaudio-13.0/src/pulse/context.c:201
#6  0x00007ffff71ebe52 in context_free (c=0x555555584850) at /var/tmp/portage/media-sound/pulseaudio-13.0/work/pulseaudio-13.0/src/pulse/context.c:244
#7  0x00007ffff7f6978b in Mixer_PULSE::~Mixer_PULSE (this=0x5555555a6820, __in_chrg=<optimized out>) at /var/tmp/portage/kde-apps/kmix-20.08.3/work/kmix-20.08.3/backends/mixer_pulse.cpp:1073
#8  0x00007ffff7f697ee in Mixer_PULSE::~Mixer_PULSE (this=0x5555555a6820, __in_chrg=<optimized out>) at /var/tmp/portage/kde-apps/kmix-20.08.3/work/kmix-20.08.3/backends/mixer_pulse.cpp:1080
#9  0x00007ffff7f462e2 in Mixer::~Mixer (this=0x5555555a5e20, __in_chrg=<optimized out>) at /var/tmp/portage/kde-apps/kmix-20.08.3/work/kmix-20.08.3/core/mixer.cpp:115
#10 0x00007ffff7f4632a in Mixer::~Mixer (this=0x5555555a5e20, __in_chrg=<optimized out>) at /var/tmp/portage/kde-apps/kmix-20.08.3/work/kmix-20.08.3/core/mixer.cpp:116
#11 0x00007ffff7f3e4c2 in MixerToolBox::deinitMixer () at /var/tmp/portage/kde-apps/kmix-20.08.3/work/kmix-20.08.3/core/mixertoolbox.cpp:356
#12 0x0000555555556bf5 in main (argc=2, argv=0x7fffffffda48) at /var/tmp/portage/kde-apps/kmix-20.08.3/work/kmix-20.08.3/apps/kmixctrl.cpp:86



socket-client.c:109 c->mainloop->time_free(c->timeout_event);
mainloop->time_free is NULL and segfault is result.


mainloop->time_free set to NULL by other destructor :

Thread 1 "kmixctrl" hit Hardware watchpoint 4: s_context->mainloop->time_free

Old value = (void (*)(pa_time_event *)) 0x7ffff7f6c17c <QtPaMainLoop::freeTimer(pa_time_event*)>
New value = (void (*)(pa_time_event *)) 0x0
0x00007ffff7af9bd5 in QMetaCallEvent::QMetaCallEvent (this=0x5555555847d0, slotO=0x55555559e1f0, sender=0x555555599930, signalId=0, args=0x7fffffffd5f0, semaphore=0x7fffffffd570)
    at /var/tmp/portage/dev-qt/qtcore-5.15.1-r1/work/qtbase-everywhere-src-5.15.1/src/corelib/kernel/qobject_p.h:522
(gdb) bt
#0  0x00007ffff7af9bd5 in QMetaCallEvent::QMetaCallEvent (this=0x5555555847d0, slotO=0x55555559e1f0, sender=0x555555599930, signalId=0, args=0x7fffffffd5f0, semaphore=0x7fffffffd570)
    at /var/tmp/portage/dev-qt/qtcore-5.15.1-r1/work/qtbase-everywhere-src-5.15.1/src/corelib/kernel/qobject_p.h:522
#1  0x00007ffff7b058aa in doActivate<false> (sender=0x555555599930, signal_index=0, argv=0x7fffffffd5f0) at /var/tmp/portage/dev-qt/qtcore-5.15.1-r1/work/qtbase-everywhere-src-5.15.1/src/corelib/kernel/qobject.cpp:3862
#2  0x00007ffff7aff94f in QMetaObject::activate (sender=sender@entry=0x555555599930, m=m@entry=0x7ffff7d9dba0 <QObject::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7fffffffd5f0)
    at /var/tmp/portage/dev-qt/qtcore-5.15.1-r1/work/qtbase-everywhere-src-5.15.1/src/corelib/kernel/qobject.cpp:3946
#3  0x00007ffff7aff9ff in QObject::destroyed (this=this@entry=0x555555599930, _t1=<optimized out>, _t1@entry=0x555555599930) at .moc/moc_qobject.cpp:219
#4  0x00007ffff7b03c15 in QObject::~QObject (this=<optimized out>, __in_chrg=<optimized out>) at /var/tmp/portage/dev-qt/qtcore-5.15.1-r1/work/qtbase-everywhere-src-5.15.1/src/corelib/kernel/qobject.cpp:992
#5  0x00007ffff7f51370 in DBusMixerWrapper::~DBusMixerWrapper (this=0x555555599930, __in_chrg=<optimized out>) at /var/tmp/portage/kde-apps/kmix-20.08.3/work/kmix-20.08.3/dbus/dbusmixerwrapper.cpp:52
#6  0x00007ffff7f513a4 in DBusMixerWrapper::~DBusMixerWrapper (this=0x555555599930, __in_chrg=<optimized out>) at /var/tmp/portage/kde-apps/kmix-20.08.3/work/kmix-20.08.3/dbus/dbusmixerwrapper.cpp:58
#7  0x00007ffff7b02dcc in QObjectPrivate::deleteChildren (this=0x555555591800) at /var/tmp/portage/dev-qt/qtcore-5.15.1-r1/work/qtbase-everywhere-src-5.15.1/src/corelib/kernel/qobject.cpp:2104
#8  0x00007ffff7b039e6 in QObject::~QObject (this=<optimized out>, __in_chrg=<optimized out>) at /var/tmp/portage/dev-qt/qtcore-5.15.1-r1/work/qtbase-everywhere-src-5.15.1/src/corelib/kernel/qobject.cpp:1082
#9  0x00007ffff7f4630e in Mixer::~Mixer (this=0x555555591410, __in_chrg=<optimized out>) at /var/tmp/portage/kde-apps/kmix-20.08.3/work/kmix-20.08.3/core/mixer.cpp:112
#10 0x00007ffff7f4632a in Mixer::~Mixer (this=0x555555591410, __in_chrg=<optimized out>) at /var/tmp/portage/kde-apps/kmix-20.08.3/work/kmix-20.08.3/core/mixer.cpp:116
#11 0x00007ffff7f3e4c2 in MixerToolBox::deinitMixer () at /var/tmp/portage/kde-apps/kmix-20.08.3/work/kmix-20.08.3/core/mixertoolbox.cpp:356
#12 0x0000555555556bf5 in main (argc=2, argv=0x7fffffffda48) at /var/tmp/portage/kde-apps/kmix-20.08.3/work/kmix-20.08.3/apps/kmixctrl.cpp:86