Bug 450966 - Dolphin crashes when dragging image from Gwenview over the details view
Summary: Dolphin crashes when dragging image from Gwenview over the details view
Status: RESOLVED FIXED
Alias: None
Product: dolphin
Classification: Applications
Component: general (show other bugs)
Version: unspecified
Platform: Neon Linux
: NOR crash
Target Milestone: ---
Assignee: Dolphin Bug Assignee
URL:
Keywords: drkonqi
Depends on:
Blocks:
 
Reported: 2022-02-28 14:19 UTC by Oded Arbel
Modified: 2022-03-04 22:28 UTC (History)
1 user (show)

See Also:
Latest Commit: https://invent.kde.org/frameworks/kio/commit/3866295794d9201c4b4269e0cd5006ed01d6b8af
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Oded Arbel 2022-02-28 14:19:13 UTC 
Application: dolphin (22.03.70)

Qt Version: 5.15.3
Frameworks Version: 5.92.0
Operating System: Linux 5.13.0-30-generic x86_64
Windowing System: X11
Distribution: Ubuntu 21.10
DrKonqi: 5.24.80 [KCrashBackend]

-- Information about the crash:
- What I was doing when the application crashed:
Dragged an image showing in gwenview (full image, not from folder browsing). The crash has been reproduced multiple times.

The crash can be reproduced sometimes.

-- Backtrace:
Application: Dolphin (dolphin), signal: Segmentation fault

[KCrash Handler]
#4  KFilePlacesViewDelegate::previousVisibleIndex (this=this@entry=0x562571808470, index=...) at ./src/filewidgets/kfileplacesview.cpp:476
#5  0x00007fe42d3c7fdb in KFilePlacesViewDelegate::previousVisibleIndex (index=..., this=0x562571808470) at ./src/filewidgets/kfileplacesview.cpp:494
#6  KFilePlacesViewDelegate::indexIsSectionHeader (index=..., this=0x562571808470) at ./src/filewidgets/kfileplacesview.cpp:495
#7  KFilePlacesViewDelegate::indexIsSectionHeader (this=0x562571808470, index=...) at ./src/filewidgets/kfileplacesview.cpp:488
#8  0x00007fe42d3d130f in KFilePlacesView::paintEvent (this=0x56257181a3e0, event=<optimized out>) at /usr/include/c++/9/bits/unique_ptr.h:154
#9  0x00007fe42bdeacf6 in QWidget::event (this=this@entry=0x56257181a3e0, event=event@entry=0x7fffa845a130) at kernel/qwidget.cpp:9020
#10 0x00007fe42be9b3e2 in QFrame::event (this=0x56257181a3e0, e=0x7fffa845a130) at widgets/qframe.cpp:550
#11 0x00007fe42c025f12 in QAbstractItemView::viewportEvent (this=0x56257181a3e0, event=0x7fffa845a130) at itemviews/qabstractitemview.cpp:1746
#12 0x00007fe42b2c9f03 in QCoreApplicationPrivate::sendThroughObjectEventFilters (event=<optimized out>, receiver=<optimized out>) at kernel/qcoreapplication.cpp:1190
#13 QCoreApplicationPrivate::sendThroughObjectEventFilters (receiver=receiver@entry=0x5625717b88f0, event=event@entry=0x7fffa845a130) at kernel/qcoreapplication.cpp:1179
#14 0x00007fe42bda7db2 in QApplicationPrivate::notify_helper (this=this@entry=0x5625711d7850, receiver=receiver@entry=0x5625717b88f0, e=e@entry=0x7fffa845a130) at kernel/qapplication.cpp:3626
#15 0x00007fe42bdb0bb8 in QApplication::notify (this=0x7fffa845b620, receiver=0x5625717b88f0, e=0x7fffa845a130) at kernel/qapplication.cpp:3156
#16 0x00007fe42b2ca19a in QCoreApplication::notifyInternal2 (receiver=0x5625717b88f0, event=0x7fffa845a130) at kernel/qcoreapplication.cpp:1064
#17 0x00007fe42bde30aa in QWidgetPrivate::sendPaintEvent (this=this@entry=0x5625717aebb0, toBePainted=...) at kernel/qwidget.cpp:5467
#18 0x00007fe42bde38d2 in QWidgetPrivate::drawWidget (this=0x5625717aebb0, pdev=0x562572121130, rgn=..., offset=..., flags=..., sharedPainter=<optimized out>, repaintManager=<optimized out>) at kernel/qwidget.cpp:5417
#19 0x00007fe42bde4cd3 in QWidgetPrivate::paintSiblingsRecursive (this=this@entry=0x5625717affc0, pdev=pdev@entry=0x562572121130, siblings=..., index=<optimized out>, rgn=..., offset=..., flags=..., sharedPainter=0x0, repaintManager=0x562571bdacf0) at kernel/qwidget.cpp:5598
#20 0x00007fe42bde35ec in QWidgetPrivate::drawWidget (this=0x5625717affc0, pdev=0x562572121130, rgn=..., offset=..., flags=..., sharedPainter=<optimized out>, repaintManager=<optimized out>) at kernel/qwidget.cpp:5458
#21 0x00007fe42bde4cd3 in QWidgetPrivate::paintSiblingsRecursive (this=this@entry=0x562571c91910, pdev=pdev@entry=0x562572121130, siblings=..., index=<optimized out>, rgn=..., offset=..., flags=..., sharedPainter=0x0, repaintManager=0x562571bdacf0) at kernel/qwidget.cpp:5598
#22 0x00007fe42bde35ec in QWidgetPrivate::drawWidget (this=0x562571c91910, pdev=0x562572121130, rgn=..., offset=..., flags=..., sharedPainter=<optimized out>, repaintManager=<optimized out>) at kernel/qwidget.cpp:5458
#23 0x00007fe42bde4cd3 in QWidgetPrivate::paintSiblingsRecursive (this=this@entry=0x562571322200, pdev=pdev@entry=0x562572121130, siblings=..., index=<optimized out>, rgn=..., offset=..., flags=..., sharedPainter=0x0, repaintManager=0x562571bdacf0) at kernel/qwidget.cpp:5598
#24 0x00007fe42bde35ec in QWidgetPrivate::drawWidget (this=this@entry=0x562571322200, pdev=0x562572121130, rgn=..., offset=..., flags=..., flags@entry=..., sharedPainter=sharedPainter@entry=0x0, repaintManager=<optimized out>) at kernel/qwidget.cpp:5458
#25 0x00007fe42bdba499 in QWidgetRepaintManager::paintAndFlush (this=this@entry=0x562571bdacf0) at kernel/qwidgetrepaintmanager.cpp:1009
#26 0x00007fe42bdbaf34 in QWidgetRepaintManager::sync (this=0x562571bdacf0) at kernel/qwidgetrepaintmanager.cpp:770
#27 0x00007fe42bde4775 in QWidgetPrivate::syncBackingStore (this=0x562571322200) at kernel/qwidget.cpp:1756
#28 0x00007fe42bdeb6ec in QWidget::event (this=this@entry=0x5625713b9490, event=event@entry=0x562572180c70) at kernel/qwidget.cpp:8965
#29 0x00007fe42bf03de8 in QMainWindow::event (this=0x5625713b9490, event=0x562572180c70) at widgets/qmainwindow.cpp:1341
#30 0x00007fe42ca9f213 in KMainWindow::event(QEvent*) () from /lib/x86_64-linux-gnu/libKF5XmlGui.so.5
#31 0x00007fe42caef65b in KXmlGuiWindow::event(QEvent*) () from /lib/x86_64-linux-gnu/libKF5XmlGui.so.5
#32 0x0000562570eb04b8 in ?? ()
#33 0x00007fe42bda7dc3 in QApplicationPrivate::notify_helper (this=this@entry=0x5625711d7850, receiver=receiver@entry=0x5625713b9490, e=e@entry=0x562572180c70) at kernel/qapplication.cpp:3632
#34 0x00007fe42bdb0bb8 in QApplication::notify (this=0x7fffa845b620, receiver=0x5625713b9490, e=0x562572180c70) at kernel/qapplication.cpp:3156
#35 0x00007fe42b2ca19a in QCoreApplication::notifyInternal2 (receiver=0x5625713b9490, event=0x562572180c70) at kernel/qcoreapplication.cpp:1064
#36 0x00007fe42b2ccaa1 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x5625711b1ec0) at kernel/qcoreapplication.cpp:1821
#37 0x00007fe42b325397 in postEventSourceDispatch (s=0x56257130bd30) at kernel/qeventdispatcher_glib.cpp:277
#38 0x00007fe428e568bb in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#39 0x00007fe428ea9f08 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#40 0x00007fe428e54003 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#41 0x00007fe42b3249f2 in QEventDispatcherGlib::processEvents (this=0x5625713216d0, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#42 0x00007fe42b2c8c9b in QEventLoop::exec (this=this@entry=0x7fffa845b530, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#43 0x00007fe42b2d0e44 in QCoreApplication::exec () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#44 0x0000562570ea95a3 in ?? ()
#45 0x00007fe42ac01fd0 in __libc_start_call_main (main=main@entry=0x562570ea8450, argc=argc@entry=2, argv=argv@entry=0x7fffa845b7f8) at ../sysdeps/nptl/libc_start_call_main.h:58
#46 0x00007fe42ac0207d in __libc_start_main_impl (main=0x562570ea8450, argc=2, argv=0x7fffa845b7f8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffa845b7e8) at ../csu/libc-start.c:409
#47 0x0000562570ea996e in ?? ()
[Inferior 1 (process 2585531) detached]

Possible duplicates by query: bug 271511, bug 246140.

Reported using DrKonqi
Comment 1 Oded Arbel 2022-02-28 15:02:13 UTC 
I cannot reproduce this issue with the "places" panel closed.
Comment 2 Bug Janitor Service 2022-03-04 20:13:20 UTC 
A possibly relevant merge request was started @ https://invent.kde.org/frameworks/kio/-/merge_requests/779
Comment 3 Bug Janitor Service 2022-03-04 20:13:22 UTC 
A possibly relevant merge request was started @ https://invent.kde.org/frameworks/kio/-/merge_requests/779
Comment 4 snx 2022-03-04 22:27:51 UTC 
Git commit 3866295794d9201c4b4269e0cd5006ed01d6b8af by snooxx 💤.
Committed on 02/03/2022 at 17:21.
Pushed by broulik into branch 'master'.

KFilePlacesView: Fix crash when dragging over topmost section header

b5de820a78 fixed incorrect highlighting of the section header label
during drag operations over the first place of a section in clients
setting `m_dropOnPlace`, e.g. Dolphin. This was effective for all except
the topmost section header, where it would cause a crash (independent of
the state of `m_dropOnPlace`).

In `KFilePlacesViewDelegate::previousVisibleIndex` access to `model`
fails, because the `index` determined via `indexAt` of `m_dropRect` in
`KFilePlacesView::paintEvent` is invalid when dragging towards the
topmost section header label. This is because `m_dropRect.topLeft()` can
extend above the entry's `visualRect`, i.e. it covers the places items
below as well as above the separator, of which the latter does not exist
for the first entry.

By remembering the index belonging to `m_dropRect` in `m_dropIndex`
instead of reconstructing it, we can guarantee it to be valid.
Related: bug 450813

Test Plan:

No more crash when dragging places or folders over topmost section
header label in places view in `kdialog --getsaveurl` as well as
`dolphin`. Other functionality related to dragging places around
(including existing bugs) is unaffected and the behavior of the original
fix remains.

M  +7    -5    src/filewidgets/kfileplacesview.cpp

https://invent.kde.org/frameworks/kio/commit/3866295794d9201c4b4269e0cd5006ed01d6b8af
Comment 5 snx 2022-03-04 22:28:07 UTC 
Git commit fc95fed526f59b70ea93c5e81680ffd0dec05c61 by snooxx 💤.
Committed on 03/03/2022 at 09:06.
Pushed by broulik into branch 'master'.

KFilePlacesView: Fix potential crash in `previousVisibleIndex`

The previous commit fixed a crash in
`KFilePlacesViewDelegate::previousVisibleIndex`, where access to `model`
failed due to an invalid index.

In addition to the previous commit already fixing the crash, unrelated
potential crashes in the future can be avoided by checking for an
invalid `index` in `previousVisibleIndex`. The existing logic of
`indexIsSectionHeader` is kept intact, since now an invalid `index` will
lead to comparing two empty strings, i.e. it will not be considered a
section header as required by the rest of the code.

This fix alone would already solve the crash without any side effects,
still introducing `m_dropIndex` seemed less brittle.
Related: bug 450813

Test Plan:

Functionality related to dragging places around (including existing
bugs) is unaffected.

M  +1    -1    src/filewidgets/kfileplacesview.cpp

https://invent.kde.org/frameworks/kio/commit/fc95fed526f59b70ea93c5e81680ffd0dec05c61