Bug 466194 - Selecting multiple files then clicking "Edit" for the "Compilation" tag causes consistent crash
Summary: Selecting multiple files then clicking "Edit" for the "Compilation" tag cause...
Status: RESOLVED FIXED
Alias: None
Product: kid3
Classification: Applications
Component: general (other bugs)
Version First Reported In: 3.9.x
Platform: Manjaro Linux
: NOR crash
Target Milestone: ---
Assignee: Urs Fleisch
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-02-21 13:37 UTC by CG
Modified: 2023-02-21 19:27 UTC (History)
0 users

See Also:
Latest Commit:
Version Fixed/Implemented In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description CG 2023-02-21 13:37:30 UTC 
STEPS TO REPRODUCE
1. Select multiple loaded tracks from a Compilation album by Various Artists.
2. Click "EDIT" for the "Compilation" tag under Tag2.

OBSERVED RESULT
The app closes with no error message.  The same bug can be replicated consistently and with any compilation album.  
Editing the Compilation tag value manually one track at a time does work.

EXPECTED RESULT
The edit input box to appear to allow changing of the tag value for multiple tracks.

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Manjaro 6.1.11-1
(available in About System)
KDE Plasma Version: 5.26.5
KDE Frameworks Version: 5.102.0
Qt Version: 5.15.8
KID3 Version: 3.9.3

ADDITIONAL INFORMATION
Apologies if I've not supplied the correct info, I'm still fairly inexperienced with Linux.  I followed the guide on providing a backtrace, without fully understanding it so I'm not sure I've done it correctly.  

SUMMARY
***
==18266== Memcheck, a memory error detector
==18266== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
==18266== Using Valgrind-3.19.0 and LibVEX; rerun with -h for copyright info
==18266== Command: kid3
==18266== Parent PID: 18150
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5CC1: ???
==18266==    by 0xC9FC677: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5BB1: ???
==18266==    by 0x2B752997: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5CC1: ???
==18266==    by 0xCD954D7: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5BB1: ???
==18266==    by 0x2B77F3E7: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5CC1: ???
==18266==    by 0x2B7A3D97: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5BB1: ???
==18266==    by 0xACC80B7: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5CC1: ???
==18266==    by 0x2B7C60E7: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5BB1: ???
==18266==    by 0x2E3E0387: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5CC1: ???
==18266==    by 0xCCBC2B7: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5BB1: ???
==18266==    by 0x2E3EB3B7: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5CC1: ???
==18266==    by 0x1D0EC2F7: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5BB1: ???
==18266==    by 0x2E3EC537: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5D1E: ???
==18266==    by 0x2B728EA7: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5AC9: ???
==18266==    by 0x2B733787: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5AC9: ???
==18266==    by 0xCCAC557: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5AC9: ???
==18266==    by 0x1D0EF9A7: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5AC9: ???
==18266==    by 0xCC93037: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5AC9: ???
==18266==    by 0xD6BD537: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5AC9: ???
==18266==    by 0x1D0FB687: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5AC9: ???
==18266==    by 0x1D0FCDE7: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5AC9: ???
==18266==    by 0xCC05007: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5AC9: ???
==18266==    by 0x2E45F5A7: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5AC9: ???
==18266==    by 0x1D0FF747: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5AC9: ???
==18266==    by 0x2B7874E7: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5AC9: ???
==18266==    by 0x2E4671E7: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5AC9: ???
==18266==    by 0x2E46ABF7: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5AC9: ???
==18266==    by 0x2E46C7F7: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5AC9: ???
==18266==    by 0x1AB3EC27: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5AC9: ???
==18266==    by 0x2B766417: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5AC9: ???
==18266==    by 0x2C5E8BC7: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5AC9: ???
==18266==    by 0x2E4705F7: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2B202342: dami::io::ExitTrigger::~ExitTrigger() (in /usr/lib/libid3-3.8.so.3.0.0)
==18266==    by 0x2B20EC66: ??? (in /usr/lib/libid3-3.8.so.3.0.0)
==18266==    by 0x2B20F095: dami::id3::v2::parse(ID3_TagImpl&, ID3_Reader&) (in /usr/lib/libid3-3.8.so.3.0.0)
==18266==    by 0x2B20F44B: ID3_TagImpl::ParseReader(ID3_Reader&) (in /usr/lib/libid3-3.8.so.3.0.0)
==18266==    by 0x2B20FB14: ID3_TagImpl::ParseFile() (in /usr/lib/libid3-3.8.so.3.0.0)
==18266==    by 0x2B20C034: ID3_TagImpl::Link(char const*, unsigned short) (in /usr/lib/libid3-3.8.so.3.0.0)
==18266==    by 0x2B197D0F: ??? (in /usr/lib/kid3/plugins/libid3libmetadata.so)
==18266==    by 0x4ECCBFF: FileProxyModel::readTagsFromTaggedFile(TaggedFile*) (in /usr/lib/kid3/libkid3-core.so)
==18266==    by 0x4EF42F6: TaggedFileSelection::addTaggedFile(TaggedFile*) (in /usr/lib/kid3/libkid3-core.so)
==18266==    by 0x4ED7AD4: Kid3Application::addTaggedFilesToSelection(QList<QPersistentModelIndex> const&, bool) (in /usr/lib/kid3/libkid3-core.so)
==18266==    by 0x4EDA2FE: Kid3Application::selectedTagsToFrameModels(QItemSelection const&) (in /usr/lib/kid3/libkid3-core.so)
==18266==    by 0x48F8D45: BaseMainWindowImpl::applySelectionChange(QItemSelection const&, QItemSelection const&) (in /usr/lib/kid3/libkid3-gui.so)
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5CC1: ???
==18266==    by 0x1AC0FF77: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5BB1: ???
==18266==    by 0x1D06A267: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5DF1: ???
==18266==    by 0x1A91C6D9: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5DF1: ???
==18266==    by 0x2D442C89: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5DF1: ???
==18266==    by 0x1A9485B9: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5DF1: ???
==18266==    by 0x2D70B699: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5DF1: ???
==18266==    by 0x2B438DA9: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5DF1: ???
==18266==    by 0x2B5A7299: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5DF1: ???
==18266==    by 0xC808AB9: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5DF1: ???
==18266==    by 0x2B43C369: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5DF1: ???
==18266==    by 0xD04C1D9: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5DF1: ???
==18266==    by 0x2B437EC9: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C52A9: ???
==18266==    by 0xCF08727: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C52A9: ???
==18266==    by 0xACB91E7: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C52A9: ???
==18266==    by 0xCCC7397: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5DF1: ???
==18266==    by 0x2C674BE9: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5DF1: ???
==18266==    by 0xCEFF529: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5DF1: ???
==18266==    by 0xCF63879: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5DF1: ???
==18266==    by 0x2D28C689: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5DF1: ???
==18266==    by 0xD077609: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5DF1: ???
==18266==    by 0x1CDA6CA9: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5DF1: ???
==18266==    by 0x2D47DA59: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5DF1: ???
==18266==    by 0x1CDBA929: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5DF1: ???
==18266==    by 0x2CF1AA09: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5DF1: ???
==18266==    by 0xAD75EF9: ???
==18266== 
==18617== 
==18617== HEAP SUMMARY:
==18617==     in use at exit: 15,359,891 bytes in 176,470 blocks
==18617==   total heap usage: 923,152 allocs, 746,682 frees, 240,986,723 bytes allocated
==18617== 
==18617== LEAK SUMMARY:
==18617==    definitely lost: 17,200 bytes in 30 blocks
==18617==    indirectly lost: 238 bytes in 10 blocks
==18617==      possibly lost: 76,841 bytes in 809 blocks
==18617==    still reachable: 15,263,596 bytes in 175,600 blocks
==18617==                       of which reachable via heuristic:
==18617==                         newarray           : 4,608 bytes in 10 blocks
==18617==                         multipleinheritance: 205,832 bytes in 258 blocks
==18617==         suppressed: 0 bytes in 0 blocks
==18617== Rerun with --leak-check=full to see details of leaked memory
==18617== 
==18617== Use --track-origins=yes to see where uninitialised values come from
==18617== For lists of detected and suppressed errors, rerun with: -s
==18617== ERROR SUMMARY: 57 errors from 57 contexts (suppressed: 0 from 0)
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5DF1: ???
==18266==    by 0x2D252129: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5DF1: ???
==18266==    by 0x2D511FD9: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5DF1: ???
==18266==    by 0x2D252729: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5DF1: ???
==18266==    by 0x2D525AA9: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5DF1: ???
==18266==    by 0x2D56EEB9: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5DF1: ???
==18266==    by 0x2D4250F9: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5DF1: ???
==18266==    by 0x2D525459: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5DF1: ???
==18266==    by 0x2D4258E9: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5DF1: ???
==18266==    by 0x2B709519: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5DF1: ???
==18266==    by 0x2D3EA579: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C54A1: ???
==18266==    by 0x1A9B8C87: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5391: ???
==18266==    by 0x1A9B8C87: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C54A1: ???
==18266==    by 0x2D92C377: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5391: ???
==18266==    by 0x2D92C377: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C54FE: ???
==18266==    by 0x2B7B6037: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C54A1: ???
==18266==    by 0x2D6E1487: ???
==18266== 
==18266== Conditional jump or move depends on uninitialised value(s)
==18266==    at 0x2F2C5391: ???
==18266==    by 0x2D746167: ???
==18266== 
==18266== Invalid read of size 8
==18266==    at 0x2B20136F: ID3_Frame::CreateIterator() (in /usr/lib/libid3-3.8.so.3.0.0)
==18266==    by 0x2B199B7F: ??? (in /usr/lib/kid3/plugins/libid3libmetadata.so)
==18266==    by 0x2B19CDE8: ??? (in /usr/lib/kid3/plugins/libid3libmetadata.so)
==18266==    by 0x4ED2BEF: FrameList::addFrameFieldList() (in /usr/lib/kid3/libkid3-core.so)
==18266==    by 0x4EDCC95: Kid3Application::editFrame(Frame::TagNumber) (in /usr/lib/kid3/libkid3-core.so)
==18266==    by 0x626FA70: UnknownInlinedFun (qobjectdefs_impl.h:398)
==18266==    by 0x626FA70: void doActivate<false>(QObject*, int, void**) (qobject.cpp:3923)
==18266==    by 0x53D4726: QAbstractButton::clicked(bool) (moc_qabstractbutton.cpp:308)
==18266==    by 0x53D6F89: QAbstractButtonPrivate::emitClicked() (qabstractbutton.cpp:416)
==18266==    by 0x53D84CC: QAbstractButtonPrivate::click() (qabstractbutton.cpp:409)
==18266==    by 0x53D866F: QAbstractButton::mouseReleaseEvent(QMouseEvent*) (qabstractbutton.cpp:1045)
==18266==    by 0x5327836: QWidget::event(QEvent*) (qwidget.cpp:8671)
==18266==    by 0x52F0B5B: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:3640)
==18266==  Address 0x8 is not stack'd, malloc'd or (recently) free'd
==18266== 
==18266== 
==18266== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==18266==  Access not within mapped region at address 0x8
==18266==    at 0x2B20136F: ID3_Frame::CreateIterator() (in /usr/lib/libid3-3.8.so.3.0.0)
==18266==    by 0x2B199B7F: ??? (in /usr/lib/kid3/plugins/libid3libmetadata.so)
==18266==    by 0x2B19CDE8: ??? (in /usr/lib/kid3/plugins/libid3libmetadata.so)
==18266==    by 0x4ED2BEF: FrameList::addFrameFieldList() (in /usr/lib/kid3/libkid3-core.so)
==18266==    by 0x4EDCC95: Kid3Application::editFrame(Frame::TagNumber) (in /usr/lib/kid3/libkid3-core.so)
==18266==    by 0x626FA70: UnknownInlinedFun (qobjectdefs_impl.h:398)
==18266==    by 0x626FA70: void doActivate<false>(QObject*, int, void**) (qobject.cpp:3923)
==18266==    by 0x53D4726: QAbstractButton::clicked(bool) (moc_qabstractbutton.cpp:308)
==18266==    by 0x53D6F89: QAbstractButtonPrivate::emitClicked() (qabstractbutton.cpp:416)
==18266==    by 0x53D84CC: QAbstractButtonPrivate::click() (qabstractbutton.cpp:409)
==18266==    by 0x53D866F: QAbstractButton::mouseReleaseEvent(QMouseEvent*) (qabstractbutton.cpp:1045)
==18266==    by 0x5327836: QWidget::event(QEvent*) (qwidget.cpp:8671)
==18266==    by 0x52F0B5B: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:3640)
==18266==  If you believe this happened as a result of a stack
==18266==  overflow in your program's main thread (unlikely but
==18266==  possible), you can try to increase the size of the
==18266==  main thread stack using the --main-stacksize= flag.
==18266==  The main thread stack size used in this run was 8388608.
==18266== 
==18266== HEAP SUMMARY:
==18266==     in use at exit: 18,310,946 bytes in 184,195 blocks
==18266==   total heap usage: 1,362,782 allocs, 1,178,587 frees, 357,159,470 bytes allocated
==18266== 
==18266== LEAK SUMMARY:
==18266==    definitely lost: 1,320 bytes in 5 blocks
==18266==    indirectly lost: 2,687 bytes in 100 blocks
==18266==      possibly lost: 122,959 bytes in 1,920 blocks
==18266==    still reachable: 18,181,964 bytes in 182,149 blocks
==18266==                       of which reachable via heuristic:
==18266==                         newarray           : 4,888 bytes in 17 blocks
==18266==                         multipleinheritance: 70,880 bytes in 94 blocks
==18266==         suppressed: 0 bytes in 0 blocks
==18266== Rerun with --leak-check=full to see details of leaked memory
==18266== 
==18266== Use --track-origins=yes to see where uninitialised values come from
==18266== For lists of detected and suppressed errors, rerun with: -s
==18266== ERROR SUMMARY: 134 errors from 75 contexts (suppressed: 0 from 0)

***
Comment 1 Urs Fleisch 2023-02-21 19:27:39 UTC 
Thanks for the report, it is detailed enough, so I could reproduce the crash. The problem is that id3lib (as used by the Id3libMetadata plugin) does not support the "Compilation" frame (TCMP) since it is not a standard frame but an Apple extension. The null pointer resulting from the creation of such a frame was not checked and it crashed. I have now fixed it with version git20210221, which you can find in the development folder https://sourceforge.net/projects/kid3/files/kid3/development/.
The fixed version will no longer crash, but you will still not be able to edit Compilation frames with Id3libMetadata. So I suggest that you uncheck the Id3libMetadata entry in the Plugins tab of the settings. Then restart Kid3. Now the TaglibMetadata plugin will be used for MP3 files, and you will be able to edit Compilation frames.