1. Select any folder anywhere 2. Press spacebar. Selection mode opens. 3. Press spacebar again. Selection mode closes. 4. Press spacebar again. Dolphin crashes. SOFTWARE/OS VERSIONS KDE Plasma Version: 6.4.4 KDE Frameworks Version: 6.17.0 Qt Version: 6.9.1 Valgrind reports a use-after-free: ==33231== Invalid read of size 8 ==33231== at 0x7080104: QObject::setParent(QObject*) (in /usr/lib64/libQt6Core.so.6.9.1) ==33231== by 0x2CA210D5: ??? (in /usr/lib64/qt6/plugins/kf6/kfileitemaction/setfoldericonitemaction.so) ==33231== by 0x5EC9505: QWidgetAction::requestWidget(QWidget*) (in /usr/lib64/libQt6Widgets.so.6.9.1) ==33231== by 0x6002486: QMenu::actionEvent(QActionEvent*) (in /usr/lib64/libQt6Widgets.so.6.9.1) ==33231== by 0x5E61406: QWidget::event(QEvent*) (in /usr/lib64/libQt6Widgets.so.6.9.1) ==33231== by 0x5E087A7: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /usr/lib64/libQt6Widgets.so.6.9.1) ==33231== by 0x7033927: QCoreApplication::notifyInternal2(QObject*, QEvent*) (in /usr/lib64/libQt6Core.so.6.9.1) ==33231== by 0x5E4E7A9: QWidget::insertAction(QAction*, QAction*) (in /usr/lib64/libQt6Widgets.so.6.9.1) ==33231== by 0x1D5B5C: ??? (in /usr/bin/dolphin) ==33231== by 0x1996C7: ??? (in /usr/bin/dolphin) ==33231== by 0x17DCB9: ??? (in /usr/bin/dolphin) ==33231== by 0x709AB13: ??? (in /usr/lib64/libQt6Core.so.6.9.1) ==33231== Address 0xdf42558 is 8 bytes inside a block of size 16 free'd ==33231== at 0x484C739: operator delete(void*, unsigned long) (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==33231== by 0x707EFE9: QObjectPrivate::deleteChildren() (in /usr/lib64/libQt6Core.so.6.9.1) ==33231== by 0x5E4A9E7: QWidget::~QWidget() (in /usr/lib64/libQt6Widgets.so.6.9.1) ==33231== by 0x5E4AA31: QWidget::~QWidget() (in /usr/lib64/libQt6Widgets.so.6.9.1) ==33231== by 0x707EFE9: QObjectPrivate::deleteChildren() (in /usr/lib64/libQt6Core.so.6.9.1) ==33231== by 0x5E4A9E7: QWidget::~QWidget() (in /usr/lib64/libQt6Widgets.so.6.9.1) ==33231== by 0x5FF5B11: QMenu::~QMenu() (in /usr/lib64/libQt6Widgets.so.6.9.1) ==33231== by 0x707EFE9: QObjectPrivate::deleteChildren() (in /usr/lib64/libQt6Core.so.6.9.1) ==33231== by 0x5E4A9E7: QWidget::~QWidget() (in /usr/lib64/libQt6Widgets.so.6.9.1) ==33231== by 0x6008CB1: QPushButton::~QPushButton() (in /usr/lib64/libQt6Widgets.so.6.9.1) ==33231== by 0x1D6507: ??? (in /usr/bin/dolphin) ==33231== by 0x198359: ??? (in /usr/bin/dolphin) ==33231== Block was alloc'd at ==33231== at 0x4848F3F: operator new(unsigned long) (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==33231== by 0x2CA226B3: ??? (in /usr/lib64/qt6/plugins/kf6/kfileitemaction/setfoldericonitemaction.so) ==33231== by 0x4C40CB8: ??? (in /usr/lib64/libKF6KIOWidgets.so.6.17.0) ==33231== by 0x1A3C8D: ??? (in /usr/bin/dolphin) ==33231== by 0x1A4FB0: ??? (in /usr/bin/dolphin) ==33231== by 0x1D84B7: ??? (in /usr/bin/dolphin) ==33231== by 0x199715: ??? (in /usr/bin/dolphin) ==33231== by 0x17DCB9: ??? (in /usr/bin/dolphin) ==33231== by 0x709AB13: ??? (in /usr/lib64/libQt6Core.so.6.9.1) ==33231== by 0x6A8472A: QAction::triggered(bool) (in /usr/lib64/libQt6Gui.so.6.9.1) ==33231== by 0x6A8BBB9: QAction::activate(QAction::ActionEvent) (in /usr/lib64/libQt6Gui.so.6.9.1) ==33231== by 0x6A8BC8F: QAction::event(QEvent*) (in /usr/lib64/libQt6Gui.so.6.9.1)
A possibly relevant merge request was started @ https://invent.kde.org/system/dolphin/-/merge_requests/1029
Git commit fb4a4eb1884da2192bf17ab4f92f2ff01f531044 by Felix Ernst. Committed on 07/09/2025 at 20:47. Pushed by felixernst into branch 'master'. Fix crash between selection mode and folder icon chooser Opening selection mode twice with a single folder selected causes a crash. SetFolderIconItemAction expects its widget to be destroyed but the SelectionMode::BottomBar code path keeps it alive, so the second call to QWidgetAction::createWidget() of the folder icon chooser crashes because the previously created widget still has a parent. This small check fixes the crash. Contrarily, the regular context menu does destroy the actions on hide, so no crash happens there. An alternative fix to what was implemented in this commit could look at the lifetime handling of the SelectionMode::BottomBar implementation. Its BottomBarContentsContainer is never destroyed, BottomBarContentsContainer::contextActionsFor does not set lifetimes on contextActions, or destroys its actions on hide. However, fixing this here in QWidgetAction::createWidget() also makes sense because the related QWidgetAction::requestWidget() method transfers ownership to the caller. It's not part of this API to expect the caller to delete the widget immediately. On the contrary QWidgetAction::requestWidget(QWidget *parent) is typically expected to be callable e.g. by toolbars as well where the action will persist indefinitely. M +3 -1 src/itemactions/setfoldericonitemaction.cpp https://invent.kde.org/system/dolphin/-/commit/fb4a4eb1884da2192bf17ab4f92f2ff01f531044
Git commit 9a0b5030293a68a75fe057a454e0332b434d3163 by Felix Ernst. Committed on 07/09/2025 at 20:51. Pushed by felixernst into branch 'release/25.08'. Fix crash between selection mode and folder icon chooser Opening selection mode twice with a single folder selected causes a crash. SetFolderIconItemAction expects its widget to be destroyed but the SelectionMode::BottomBar code path keeps it alive, so the second call to QWidgetAction::createWidget() of the folder icon chooser crashes because the previously created widget still has a parent. This small check fixes the crash. Contrarily, the regular context menu does destroy the actions on hide, so no crash happens there. An alternative fix to what was implemented in this commit could look at the lifetime handling of the SelectionMode::BottomBar implementation. Its BottomBarContentsContainer is never destroyed, BottomBarContentsContainer::contextActionsFor does not set lifetimes on contextActions, or destroys its actions on hide. However, fixing this here in QWidgetAction::createWidget() also makes sense because the related QWidgetAction::requestWidget() method transfers ownership to the caller. It's not part of this API to expect the caller to delete the widget immediately. On the contrary QWidgetAction::requestWidget(QWidget *parent) is typically expected to be callable e.g. by toolbars as well where the action will persist indefinitely. (cherry picked from commit fb4a4eb1884da2192bf17ab4f92f2ff01f531044) fa8ba3b5 Fix crash of folder icon chooser in selection mode Co-authored-by: Felix Ernst <felixernst@kde.org> M +3 -1 src/itemactions/setfoldericonitemaction.cpp https://invent.kde.org/system/dolphin/-/commit/9a0b5030293a68a75fe057a454e0332b434d3163
*** Bug 509956 has been marked as a duplicate of this bug. ***
Hi, I saw in the commit that this fix was was in commit release/25.08 I'm running dolphin 25.08.0 according to dolphin --version and this bug still occurs. Am I missing something here? Sorry, I'm new to Linux.