Bug 495606 - Plasma crashes with bad .desktop file
Summary: Plasma crashes with bad .desktop file
Status: RESOLVED FIXED
Alias: None
Product: krunner
Classification: Plasma
Component: filesearch (show other bugs)
Version: 6.2.2
Platform: Manjaro Linux
: NOR crash
Target Milestone: ---
Assignee: Alexander Lohnau
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-10-30 19:49 UTC by dannkunt
Modified: 2024-11-27 03:06 UTC (History)
5 users (show)

See Also:
Latest Commit:
Version Fixed In: 6.2.4
Sentry Crash Report:


Attachments
kcrash generated with dr Konqi (112.42 KB, text/vnd.kde.kcrash-report)
2024-10-30 19:49 UTC, dannkunt
Details
desktop file with causing crash (1.34 KB, application/x-desktop)
2024-10-30 19:51 UTC, dannkunt
Details

Note You need to log in before you can comment on or make changes to this bug.
Description dannkunt 2024-10-30 19:49:40 UTC
Created attachment 175377 [details]
kcrash generated with dr Konqi

SUMMARY
Plasma crashes with bad .desktop file. I created it accidentally with change app -> app dialog

STEPS TO REPRODUCE
1. Add my specially crafted .desktop file to ~/.local/share/applications/
2. Type "call" in krunner or plasma start button.
2.1. If you want a big boom, search "call" in overview effect
3. Oh no :(

OBSERVED RESULT
Plasma shell crashes. In case of big boom, plasma and apps crashes

EXPECTED RESULT
Working search, but broken .desktop file

SOFTWARE/OS VERSIONS
Linux: 6.11.5-zen3-xanmod1-1
KDE Plasma Version: 6.2.2
KDE Frameworks Version: 6.7.0
Qt Version: 6.8.0

ADDITIONAL INFORMATION
kcrash file is from dr konqi, but for some reason it gets stuck while generating full bug report
Comment 1 dannkunt 2024-10-30 19:51:08 UTC
Created attachment 175378 [details]
desktop file with causing crash
Comment 2 Nate Graham 2024-10-31 17:11:20 UTC
Thread 1 (Thread 0x790475c006c0 (LWP 86112)):
[KCrash Handler]
#5  0x00007904b39c3d0d in ?? () from /usr/lib/qt6/plugins/kf6/krunner/krunner_services.so
#6  0x00007904b39c45a6 in ?? () from /usr/lib/qt6/plugins/kf6/krunner/krunner_services.so
#7  0x00007904bb303c29 in KRunner::AbstractRunner::matchInternal (this=0x5a9ea5f16d80, context=...) at /usr/src/debug/krunner/krunner-6.7.0/src/abstractrunner.cpp:175
#8  KRunner::AbstractRunner::qt_static_metacall (_o=0x5a9ea5f16d80, _c=<optimized out>, _id=<optimized out>, _a=<optimized out>) at /usr/src/debug/krunner/build/src/KF6Runner_autogen/include/moc_abstractrunner.cpp:128
#9  0x00007904f4fa348a in QObject::event (this=0x5a9ea5f16d80, e=0x5a9ea7b72350) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qobject.cpp:1419
#10 0x00007904f70fe31a in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x5a9ea5f16d80, e=0x5a9ea7b72350) at /usr/src/debug/qt6-base/qtbase/src/widgets/kernel/qapplication.cpp:3294
#11 0x00007904f4f585a8 in QCoreApplication::notifyInternal2 (receiver=0x5a9ea5f16d80, event=event@entry=0x5a9ea7b72350) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qcoreapplication.cpp:1165
#12 0x00007904f4f59035 in QCoreApplication::sendEvent (receiver=<optimized out>, event=<optimized out>) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qcoreapplication.cpp:1609
#13 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x5a9e9fb38db0) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qcoreapplication.cpp:1965
#14 0x00007904f51c23fc in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qcoreapplication.cpp:1797
#15 postEventSourceDispatch (s=0x79047c000f50) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:246
#16 0x00007904f3adf559 in g_main_dispatch (context=0x79047c000c90) at ../glib/glib/gmain.c:3357
#17 0x00007904f3b42157 in g_main_context_dispatch_unlocked (context=0x79047c000c90) at ../glib/glib/gmain.c:4208
#18 g_main_context_iterate_unlocked.isra.0 (context=context@entry=0x79047c000c90, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/glib/gmain.c:4273
#19 0x00007904f3adea55 in g_main_context_iteration (context=0x79047c000c90, may_block=1) at ../glib/glib/gmain.c:4338
#20 0x00007904f51bf71d in QEventDispatcherGlib::processEvents (this=0x79047c000ba0, flags=...) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:396
#21 0x00007904f4f64566 in QEventLoop::processEvents (this=0x790475bffb30, flags=...) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qeventloop.cpp:100
#22 QEventLoop::exec (this=0x790475bffb30, flags=...) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qeventloop.cpp:191
#23 0x00007904f50571d2 in QThread::exec (this=<optimized out>) at /usr/src/debug/qt6-base/qtbase/src/corelib/thread/qthread.cpp:621
#24 QThread::run (this=<optimized out>) at /usr/src/debug/qt6-base/qtbase/src/corelib/thread/qthread.cpp:742
#25 0x00007904f50d840f in operator() (__closure=<optimized out>) at /usr/src/debug/qt6-base/qtbase/src/corelib/thread/qthread_unix.cpp:335
#26 (anonymous namespace)::terminate_on_exception<QThreadPrivate::start(void*)::<lambda()> > (t=...) at /usr/src/debug/qt6-base/qtbase/src/corelib/thread/qthread_unix.cpp:263
#27 QThreadPrivate::start (arg=0x5a9ea8ff1de0) at /usr/src/debug/qt6-base/qtbase/src/corelib/thread/qthread_unix.cpp:294
#28 0x00007904f48a339d in start_thread (arg=<optimized out>) at pthread_create.c:447
#29 0x00007904f492849c in __GI___clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
Comment 3 Alexander Lohnau 2024-11-01 08:39:14 UTC
The issue is in both KIO and the services runner
Comment 4 Bug Janitor Service 2024-11-01 08:41:33 UTC
A possibly relevant merge request was started @ https://invent.kde.org/plasma/plasma-workspace/-/merge_requests/4886
Comment 5 Bug Janitor Service 2024-11-02 09:56:03 UTC
A possibly relevant merge request was started @ https://invent.kde.org/frameworks/kio/-/merge_requests/1755
Comment 6 Alexander Lohnau 2024-11-02 09:56:54 UTC
Git commit 7ef3292bd0cecf8773c135d768e85db00dc9f20a by Alexander Lohnau.
Committed on 02/11/2024 at 09:56.
Pushed by alex into branch 'master'.

Do early return for ServciesRunner::resolvedArgs in case of error

In this case, the args are empty and we would try to join an empty list.
But in case of a malformed command, the executable name might still be
env and we try to remove the first element from an empty list.

M  +2    -1    runners/services/servicerunner.cpp

https://invent.kde.org/plasma/plasma-workspace/-/commit/7ef3292bd0cecf8773c135d768e85db00dc9f20a
Comment 7 Alexander Lohnau 2024-11-02 09:59:30 UTC
Git commit 24d72107f604c2acdc2370b9178856f80ff99e52 by Alexander Lohnau.
Committed on 02/11/2024 at 09:58.
Pushed by alex into branch 'Plasma/6.2'.

Do early return for ServciesRunner::resolvedArgs in case of error

In this case, the args are empty and we would try to join an empty list.
But in case of a malformed command, the executable name might still be
env and we try to remove the first element from an empty list.

M  +6    -1    runners/services/servicerunner.cpp

https://invent.kde.org/plasma/plasma-workspace/-/commit/24d72107f604c2acdc2370b9178856f80ff99e52
Comment 8 Alexander Lohnau 2024-11-26 20:19:08 UTC
Git commit 0e7ef7f546e5cfca5357ddc24e958b13610e440b by Alexander Lohnau.
Committed on 26/11/2024 at 19:22.
Pushed by alex into branch 'master'.

Fix out of bounds for KRunMX1::expandEscapedMacro

M  +3    -0    src/core/desktopexecparser.cpp

https://invent.kde.org/frameworks/kio/-/commit/0e7ef7f546e5cfca5357ddc24e958b13610e440b