Bug 448329 - Segmentation fault in idevice_free
Summary: Segmentation fault in idevice_free
Status: RESOLVED FIXED
Alias: None
Product: frameworks-solid
Classification: Frameworks and Libraries
Component: general (show other bugs)
Version: 5.89.0
Platform: openSUSE Linux
: NOR crash
Target Milestone: ---
Assignee: Lukáš Tinkl
URL:
Keywords: drkonqi
: 451984 (view as bug list)
Depends on:
Blocks:
 
Reported: 2022-01-12 16:22 UTC by Christopher Yeleighton
Modified: 2022-11-28 13:29 UTC (History)
6 users (show)

See Also:
Latest Commit: https://invent.kde.org/frameworks/solid/commit/233d11f91ed1b5660ffe9bdba495a3e7714017aa
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Christopher Yeleighton 2022-01-12 16:22:32 UTC 
Application: plasmashell (5.23.4)

Qt Version: 5.15.2
Frameworks Version: 5.89.0
Operating System: Linux 5.15.12-1-default x86_64
Windowing System: X11
Distribution: openSUSE Tumbleweed
DrKonqi: 5.23.4 [KCrashBackend]

-- Information about the crash:
- What I was doing when the application crashed:

I attached an iPhone over USB and continued to work on my own business.

The reporter is unsure if this crash is reproducible.

-- Backtrace:
Application: Plazma (plasmashell), signal: Segmentation fault
Content of s_kcrashErrorMessage: {_M_t = {<std::__uniq_ptr_impl<char, std::default_delete<char []> >> = {_M_t = {<std::_Tuple_impl<0, char*, std::default_delete<char []> >> = {<std::_Tuple_impl<1, std::default_delete<char []> >> = {<std::_Head_base<1, std::default_delete<char []>, true>> = {_M_head_impl = {<No data fields>}}, <No data fields>}, <std::_Head_base<0, char*, false>> = {_M_head_impl = <optimized out>}, <No data fields>}, <No data fields>}}, <No data fields>}}
[KCrash Handler]
#6  0x00007f239424c3ae in __GI___libc_free (mem=0xf2e66c35dec8948) at malloc.c:3255
#7  0x00007f2393d2bbe1 in idevice_free (device=0x7f2396c1462c <__tls_get_addr+60>) at /usr/src/debug/libimobiledevice-1.3.0+git.20200910-1.7.x86_64/src/idevice.c:409
#8  0x00007f239685c1e1 in operator() (__closure=<synthetic pointer>) at /usr/src/debug/solid-5.89.0-1.3.x86_64/src/solid/devices/backends/imobile/imobiledevice.cpp:37
#9  QScopeGuard<Solid::Backends::IMobile::IMobileDevice::IMobileDevice(const QString&)::<lambda()> >::~QScopeGuard (this=<optimized out>, this=<optimized out>) at /usr/include/qt5/QtCore/qscopeguard.h:80
#10 Solid::Backends::IMobile::IMobileDevice::IMobileDevice (this=<optimized out>, udi=..., this=<optimized out>, udi=...) at /usr/src/debug/solid-5.89.0-1.3.x86_64/src/solid/devices/backends/imobile/imobiledevice.cpp:72
#11 0x00007f239685faaf in Solid::Backends::IMobile::Manager::createDevice (this=0x55fd01774ba0, udi=...) at /usr/src/debug/solid-5.89.0-1.3.x86_64/src/solid/devices/backends/imobile/imobilemanager.cpp:67
#12 0x00007f2396862edc in Solid::DeviceManagerPrivate::createBackendObject(QString const&) [clone .constprop.0] (udi=..., this=<optimized out>) at /usr/src/debug/solid-5.89.0-1.3.x86_64/src/solid/devices/frontend/devicemanager.cpp:285
#13 0x00007f239682f138 in Solid::DeviceManagerPrivate::findRegisteredDevice (udi=..., this=0x55fd01769a90) at /usr/src/debug/solid-5.89.0-1.3.x86_64/src/solid/devices/frontend/devicemanager.cpp:254
#14 Solid::DeviceManagerPrivate::findRegisteredDevice (udi=..., this=0x55fd01769a90) at /usr/src/debug/solid-5.89.0-1.3.x86_64/src/solid/devices/frontend/devicemanager.cpp:247
#15 Solid::Device::Device (this=<optimized out>, udi=..., this=<optimized out>, udi=...) at /usr/src/debug/solid-5.89.0-1.3.x86_64/src/solid/devices/frontend/device.cpp:45
#16 0x00007f234ac2ed95 in HotplugEngine::onDeviceAdded (this=0x55fd01b30190, udi=...) at /usr/src/debug/plasma5-workspace-5.23.4-1.4.x86_64/dataengines/hotplug/hotplugengine.cpp:188
#17 0x00007f23948f2423 in QtPrivate::QSlotObjectBase::call (a=0x7fff98fc6f10, r=0x55fd01b30190, this=0x55fd01b7a9c0) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#18 doActivate<false> (sender=0x55fd01769a90, signal_index=3, argv=0x7fff98fc6f10) at kernel/qobject.cpp:3886
#19 0x00007f23948eb8ef in QMetaObject::activate (sender=<optimized out>, m=m@entry=0x7f2396898520 <Solid::DeviceNotifier::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7fff98fc6f10) at kernel/qobject.cpp:3946
#20 0x00007f23968271b2 in Solid::DeviceNotifier::deviceAdded (this=<optimized out>, _t1=...) at /usr/src/debug/solid-5.89.0-1.3.x86_64/build/src/solid/KF5Solid_autogen/include/moc_devicenotifier.cpp:144
#21 0x00007f23948e83ce in QObject::event (this=0x55fd01769a90, e=0x7f2354001cf0) at kernel/qobject.cpp:1314
#22 0x00007f2395657a7f in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x55fd01769a90, e=0x7f2354001cf0) at kernel/qapplication.cpp:3632
#23 0x00007f23948bbdba in QCoreApplication::notifyInternal2 (receiver=0x55fd01769a90, event=0x7f2354001cf0) at kernel/qcoreapplication.cpp:1064
#24 0x00007f23948bee07 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x55fd006410a0) at kernel/qcoreapplication.cpp:1821
#25 0x00007f2394913c13 in postEventSourceDispatch (s=s@entry=0x55fd007332b0) at kernel/qeventdispatcher_glib.cpp:277
#26 0x00007f2392bead9f in g_main_dispatch (context=0x7f2388005000) at ../glib/gmain.c:3381
#27 g_main_context_dispatch (context=0x7f2388005000) at ../glib/gmain.c:4099
#28 0x00007f2392beb128 in g_main_context_iterate (context=context@entry=0x7f2388005000, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4175
#29 0x00007f2392beb1df in g_main_context_iteration (context=0x7f2388005000, may_block=1) at ../glib/gmain.c:4240
#30 0x00007f2394913294 in QEventDispatcherGlib::processEvents (this=0x55fd0073c670, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#31 0x00007f23948ba7bb in QEventLoop::exec (this=this@entry=0x7fff98fc7300, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#32 0x00007f23948c2aa0 in QCoreApplication::exec () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#33 0x00007f2394d0c23c in QGuiApplication::exec () at kernel/qguiapplication.cpp:1867
#34 0x00007f23956579f5 in QApplication::exec () at kernel/qapplication.cpp:2824
#35 0x000055fcfe754366 in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/plasma5-workspace-5.23.4-1.4.x86_64/shell/main.cpp:238
[Inferior 1 (process 5608) detached]

Possible duplicates by query: bug 448123, bug 447870, bug 447190, bug 446808, bug 446671.

Reported using DrKonqi
Comment 1 Fushan Wen 2022-01-12 16:45:52 UTC 
I don't have a iPhone, but I guess `device` is freed before `idevice_free(device);` is called.
Comment 2 Nate Graham 2022-03-28 21:31:52 UTC 
*** Bug 451984 has been marked as a duplicate of this bug. ***
Comment 3 Bug Janitor Service 2022-11-28 12:27:05 UTC 
A possibly relevant merge request was started @ https://invent.kde.org/frameworks/solid/-/merge_requests/110
Comment 4 Kai Uwe Broulik 2022-11-28 13:29:01 UTC 
Git commit 233d11f91ed1b5660ffe9bdba495a3e7714017aa by Kai Uwe Broulik.
Committed on 28/11/2022 at 12:25.
Pushed by broulik into branch 'master'.

imobiledevice: Check error returned by idevice_new

If the device we query for isn't known, the `device` pointer will
remain untouched according to `idevice.c`, and we leave it dangling.

Instead, check whether it returns `IDEVICE_E_SUCCESS`.

M  +6    -6    src/solid/devices/backends/imobile/imobiledevice.cpp

https://invent.kde.org/frameworks/solid/commit/233d11f91ed1b5660ffe9bdba495a3e7714017aa