*** If you're not sure this is actually a bug, instead post about it at https://discuss.kde.org If you're reporting a crash, attach a backtrace with debug symbols; see https://community.kde.org/Guidelines_and_HOWTOs/Debugging/How_to_create_useful_crash_reports *** SUMMARY Konsole can with a use-after-free when dropping a URL into it. I can reproduce this on GNOME Wayland consistently. STEPS TO REPRODUCE 1. Open Konsole 2. Drag a URL from e.g. Firefox and drop it into the terminal window OBSERVED RESULT Konsole segfaults with this backtrace: * thread #1, name = 'konsole', stop reason = signal SIGSEGV: invalid address * frame #0: 0x000079db70e778f8 libkonsoleprivate.so.24.05.2`Konsole::TerminalDisplay::dropEvent(this=0x000079db70494600, event=0x00007fff5febf150) at TerminalDisplay.cpp:3066:19 frame #1: 0x000079db6c39b61c libQt6Widgets.so.6`QWidget::event(this=<unavailable>, event=<unavailable>) at qwidget.cpp:9232:9 frame #2: 0x000079db6c345371 libQt6Widgets.so.6`QApplicationPrivate::notify_helper(this=0x000079db6c942800, receiver=0x000079db70494600, e=0x00007fff5febf150) at qapplication.cpp:3287:26 frame #3: 0x000079db6c347c33 libQt6Widgets.so.6`QApplication::notify(this=0x000079db6c890800, receiver=0x000079db70494600, e=0x00007fff5febf150) at qapplication.cpp:3049:22 frame #4: 0x000079db6b5a8de0 libQt6Core.so.6`QCoreApplication::notifyInternal2(receiver=0x000079db70494600, event=0x00007fff5febf150) at qcoreapplication.cpp:1142:18 frame #5: 0x000079db6c3b5c8a libQt6Widgets.so.6`QWidgetWindow::handleDropEvent(this=<unavailable>, event=0x00007fff5febf5f0) at qwidgetwindow.cpp:996:5 frame #6: 0x000079db6c3b2777 libQt6Widgets.so.6`QWidgetWindow::event(this=<unavailable>, event=<unavailable>) at qwidgetwindow.cpp:305:9 frame #7: 0x000079db6c345371 libQt6Widgets.so.6`QApplicationPrivate::notify_helper(this=0x000079db6c942800, receiver=0x000079db700a8c40, e=0x00007fff5febf5f0) at qapplication.cpp:3287:26 frame #8: 0x000079db6c34643c libQt6Widgets.so.6`QApplication::notify(this=<unavailable>, receiver=0x000079db700a8c40, e=0x00007fff5febf5f0) at qapplication.cpp:0 frame #9: 0x000079db6b5a8de0 libQt6Core.so.6`QCoreApplication::notifyInternal2(receiver=0x000079db700a8c40, event=0x00007fff5febf5f0) at qcoreapplication.cpp:1142:18 frame #10: 0x000079db6bb7c685 libQt6Gui.so.6`QGuiApplicationPrivate::processDrop(w=0x000079db700a8c40, dropData=0x000079db70667300, p=<unavailable>, supportedActions=(i = 1), buttons=(i = 0), modifiers=(i = 0)) at qguiapplication.cpp:3397:5 frame #11: 0x000079db6bbda605 libQt6Gui.so.6`QWindowSystemInterface::handleDrop(window=0x000079db700a8c40, dropData=0x000079db70667300, p=0x000079db6c8117c8, supportedActions=(i = 1), buttons=(i = 0), modifiers=(i = 0)) at qwindowsysteminterface.cpp:858:12 frame #12: 0x000079db680e571b libQt6WaylandClient.so.6`QtWaylandClient::QWaylandDataDevice::data_device_drop(this=0x000079db6c811780) at qwaylanddatadevice.cpp:194:40 frame #13: 0x000079db66deb41a libffi.so.8`ffi_call_unix64 at unix64.S:104 frame #14: 0x000079db66defe95 libffi.so.8`ffi_call_int(cif=0x00007fff5febf880, fn=(libQt6WaylandClient.so.6`QtWayland::wl_data_device::handle_drop(void*, wl_data_device*) at qwayland-wayland.cpp:977), rvalue=0x0000000000000000, avalue=0x00007fff5febf8b0, closure=<unavailable>) at ffi64.c:673:3 frame #15: 0x000079db66def9ec libffi.so.8`ffi_call(cif=0x00007fff5febf880, fn=(libQt6WaylandClient.so.6`QtWayland::wl_data_device::handle_drop(void*, wl_data_device*) at qwayland-wayland.cpp:977), rvalue=0x0000000000000000, avalue=0x00007fff5febf8b0) at ffi64.c:710:3 frame #16: 0x000079db68005b43 libwayland-client.so.0`wl_closure_invoke(closure=0x000079db600c3760, flags=<unavailable>, target=<unavailable>, opcode=4, data=<unavailable>) at connection.c:1228:2 frame #17: 0x000079db68003bb8 libwayland-client.so.0`dispatch_event(display=<unavailable>, queue=<unavailable>) at wayland-client.c:1670:3 frame #18: 0x000079db68003381 libwayland-client.so.0`wl_display_dispatch_queue_pending [inlined] dispatch_queue(display=0x000079db6c8f08c0, queue=<unavailable>) at wayland-client.c:1816:3 frame #19: 0x000079db6800332b libwayland-client.so.0`wl_display_dispatch_queue_pending(display=0x000079db6c8f08c0, queue=0x000079db6c8f09b8) at wayland-client.c:2058:8 frame #20: 0x000079db6800346c libwayland-client.so.0`wl_display_dispatch_pending(display=<unavailable>) at wayland-client.c:2121:9 [artificial] frame #21: 0x000079db6809a855 libQt6WaylandClient.so.6`QtWaylandClient::EventThread::readAndDispatchEvents() [inlined] QtWaylandClient::EventThread::dispatchQueuePending(this=0x000079db6ccd2ff0) at qwaylanddisplay.cpp:227:20 frame #22: 0x000079db6809a844 libQt6WaylandClient.so.6`QtWaylandClient::EventThread::readAndDispatchEvents(this=0x000079db6ccd2ff0) at qwaylanddisplay.cpp:109:17 frame #23: 0x000079db6b5f7447 libQt6Core.so.6`QObject::event(this=0x000079db6ca00c00, e=0x000079db5f890380) at qobject.cpp:1452:18 frame #24: 0x000079db6c345371 libQt6Widgets.so.6`QApplicationPrivate::notify_helper(this=0x000079db6c942800, receiver=0x000079db6ca00c00, e=0x000079db5f890380) at qapplication.cpp:3287:26 frame #25: 0x000079db6c34643c libQt6Widgets.so.6`QApplication::notify(this=<unavailable>, receiver=0x000079db6ca00c00, e=0x000079db5f890380) at qapplication.cpp:0 frame #26: 0x000079db6b5a8de0 libQt6Core.so.6`QCoreApplication::notifyInternal2(receiver=0x000079db6ca00c00, event=0x000079db5f890380) at qcoreapplication.cpp:1142:18 frame #27: 0x000079db6b5aa175 libQt6Core.so.6`QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) [inlined] QCoreApplication::sendEvent(receiver=0x000079db6ca00c00, event=0x000079db5f890380) at qcoreapplication.cpp:1583:12 frame #28: 0x000079db6b5aa165 libQt6Core.so.6`QCoreApplicationPrivate::sendPostedEvents(receiver=0x0000000000000000, event_type=0, data=0x000079db6c8d0100) at qcoreapplication.cpp:1940:9 frame #29: 0x000079db6b86fe35 libQt6Core.so.6`postEventSourceDispatch(_GSource*, int (*)(void*), void*) [inlined] QCoreApplication::sendPostedEvents(receiver=0x0000000000000000, event_type=0) at qcoreapplication.cpp:1797:5 frame #30: 0x000079db6b86fe1f libQt6Core.so.6`postEventSourceDispatch(s=0x000079db6c8cd9a0, (null)=<unavailable>, (null)=<unavailable>) at qeventdispatcher_glib.cpp:244:5 frame #31: 0x000079db68b8970b libglib-2.0.so.0`g_main_context_dispatch_unlocked [inlined] g_main_dispatch(context=0x000079db6d020500) at gmain.c:3344:27 frame #32: 0x000079db68b895bf libglib-2.0.so.0`g_main_context_dispatch_unlocked(context=0x000079db6d020500) at gmain.c:4152:7 frame #33: 0x000079db68b89c63 libglib-2.0.so.0`g_main_context_iterate_unlocked(context=0x000079db6d020500, block=<unavailable>, dispatch=1, self=<unavailable>) at gmain.c:4217:5 frame #34: 0x000079db68b89e24 libglib-2.0.so.0`g_main_context_iteration(context=0x000079db6d020500, may_block=1) at gmain.c:4282:12 frame #35: 0x000079db6b86f4d1 libQt6Core.so.6`QEventDispatcherGlib::processEvents(this=0x000079db6cc48060, flags=(i = 164)) at qeventdispatcher_glib.cpp:394:19 frame #36: 0x000079db6b5b3a9a libQt6Core.so.6`QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) [inlined] QEventLoop::processEvents(this=0x00007fff5fec0060, flags=(i = 164)) at qeventloop.cpp:100:55 frame #37: 0x000079db6b5b3a7c libQt6Core.so.6`QEventLoop::exec(this=0x00007fff5fec0060, flags=<unavailable>) at qeventloop.cpp:182:9 frame #38: 0x000079db6b5a94fd libQt6Core.so.6`QCoreApplication::exec() at qcoreapplication.cpp:1486:32 frame #39: 0x000062d083742b19 konsole`main(argc=1, argv=0x00007fff5fec0288) at main.cpp:258:15 frame #40: 0x000079db70fc2c1d ld-musl-x86_64.so.1`libc_start_main_stage2(main=(konsole`main at main.cpp:131), argc=<unavailable>, argv=0x00007fff5fec0288) at __libc_start_main.c:95:7 frame #41: 0x000062d083741576 konsole`_start + 22 EXPECTED RESULT The URL gets pasted into Konsole. SOFTWARE/OS VERSIONS OS: Chimera Linux KDE Frameworks Version: 6.5.0 Konsole version: 24.05.2 Qt Version: 6.7.2 ADDITIONAL INFORMATION Downstream ticket: https://github.com/chimera-linux/cports/issues/2416 (we believe the gnome-console crash to be unrelated) We carry a patch to fix the crash: https://github.com/chimera-linux/cports/blob/96d7d8642064298f87327492b09a722e1675a672/contrib/konsole/patches/drag-and-drop-urls.patch
I see, the extractDroppedText call might invalidate that due to KIO::StatJob *job = KIO::mostLocalUrl(urls[i], KIO::HideProgressInfo); if (!job->exec()) { continue; }
ttps://github.com/chimera-linux/cports/blob/96d7d8642064298f87327492b09a722e1675a672/contrib/konsole/patches/drag-and-drop-urls.patch
https://github.com/chimera-linux/cports/blob/96d7d8642064298f87327492b09a722e1675a672/contrib/konsole/patches/drag-and-drop-urls.patch
Git commit cc628b2a50c0926386dd9fee9567bf6d5e74d047 by Christoph Cullmann. Committed on 05/12/2024 at 22:29. Pushed by cullmann into branch 'master'. ensure we don't use an invalidated mimeData M +4 -2 src/terminalDisplay/TerminalDisplay.cpp https://invent.kde.org/utilities/konsole/-/commit/cc628b2a50c0926386dd9fee9567bf6d5e74d047