Bug 1497829

Summary: [abrt] plasma-workspace: SNIProxy::getImageNonComposite(): xembedsniproxy killed by SIGSEGV
Product: [Fedora] Fedora Reporter: John Griffiths <fedora.jrg01>
Component: plasma-workspaceAssignee: Rex Dieter <rdieter>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 27CC: igiwatson, jgrulich, kde-sig, macieksitarz+redhatbugzilla, me, rdieter, rhzilla, sam.mndl, than
Target Milestone: ---Keywords: Patch
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
URL: https://retrace.fedoraproject.org/faf/reports/bthash/8aec2005fdecdf15567e8cf293a979e8e4134682
Whiteboard: abrt_hash:66c3f5656bd0c7351316eb364aacad71963e0837;
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-01-08 22:44:56 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: backtrace
none
File: cgroup
none
File: core_backtrace
none
File: cpuinfo
none
File: dso_list
none
File: environ
none
File: exploitable
none
File: limits
none
File: maps
none
File: open_fds
none
File: proc_pid_status
none
File: var_log_messages none

Description John Griffiths 2017-10-02 19:39:17 UTC 
Description of problem:
All I did was lon in to the KDE desktop.

Version-Release number of selected component:
plasma-workspace-5.10.5-3.fc26

Additional info:
reporter:       libreport-2.9.1
backtrace_rating: 4
cmdline:        /usr/bin/xembedsniproxy
crash_function: SNIProxy::getImageNonComposite
executable:     /usr/bin/xembedsniproxy
journald_cursor: s=1e5eab78a23b47bf96bc64068a6ce7fb;i=23b1b71;b=915989c0e247449bbb28b3ce9d7c3f44;m=512b2b557d;t=55a954d89f84e;x=efb5ce5d6130eda7
kernel:         4.12.14-300.fc26.x86_64
rootdir:        /
runlevel:       N 5
type:           CCpp
uid:            1000

Truncated backtrace:
Thread no. 1 (10 frames)
 #0 SNIProxy::getImageNonComposite at /usr/src/debug/plasma-workspace-5.10.5/xembed-sni-proxy/sniproxy.cpp:291
 #1 SNIProxy::update at /usr/src/debug/plasma-workspace-5.10.5/xembed-sni-proxy/sniproxy.cpp:232
 #2 FdoSelectionManager::nativeEventFilter at /usr/src/debug/plasma-workspace-5.10.5/xembed-sni-proxy/fdoselectionmanager.cpp:154
 #3 QAbstractEventDispatcher::filterNativeEvent at kernel/qabstracteventdispatcher.cpp:466
 #4 QXcbConnection::handleXcbEvent at qxcbconnection.cpp:1106
 #5 QXcbConnection::processXcbEvents at qxcbconnection.cpp:1741
 #6 QObject::event at kernel/qobject.cpp:1263
 #7 doNotify at kernel/qcoreapplication.cpp:1063
 #8 QCoreApplication::notifyInternal2 at kernel/qcoreapplication.cpp:988
 #9 QCoreApplication::sendEvent at kernel/qcoreapplication.h:231

Potential duplicate: bug 1282152
Comment 1 John Griffiths 2017-10-02 19:39:24 UTC 
Created attachment 1333422 [details]
File: backtrace
Comment 2 John Griffiths 2017-10-02 19:39:25 UTC 
Created attachment 1333423 [details]
File: cgroup
Comment 3 John Griffiths 2017-10-02 19:39:26 UTC 
Created attachment 1333424 [details]
File: core_backtrace
Comment 4 John Griffiths 2017-10-02 19:39:28 UTC 
Created attachment 1333425 [details]
File: cpuinfo
Comment 5 John Griffiths 2017-10-02 19:39:29 UTC 
Created attachment 1333426 [details]
File: dso_list
Comment 6 John Griffiths 2017-10-02 19:39:30 UTC 
Created attachment 1333427 [details]
File: environ
Comment 7 John Griffiths 2017-10-02 19:39:32 UTC 
Created attachment 1333428 [details]
File: exploitable
Comment 8 John Griffiths 2017-10-02 19:39:33 UTC 
Created attachment 1333429 [details]
File: limits
Comment 9 John Griffiths 2017-10-02 19:39:36 UTC 
Created attachment 1333430 [details]
File: maps
Comment 10 John Griffiths 2017-10-02 19:39:37 UTC 
Created attachment 1333431 [details]
File: open_fds
Comment 11 John Griffiths 2017-10-02 19:39:38 UTC 
Created attachment 1333432 [details]
File: proc_pid_status
Comment 12 John Griffiths 2017-10-02 19:39:39 UTC 
Created attachment 1333433 [details]
File: var_log_messages
Comment 13 igiwatson 2017-10-30 23:08:28 UTC 
Similar problem has been detected:

I had just quit the new skype. 

reporter:       libreport-2.9.1
backtrace_rating: 4
cmdline:        /usr/bin/xembedsniproxy
crash_function: SNIProxy::getImageNonComposite
executable:     /usr/bin/xembedsniproxy
journald_cursor: s=8033d5bb4a9c4f9fac9ec0301c998d87;i=1333c8;b=9800c3f04a6a4ce08ff41b01c8a4e42f;m=17e5e158b;t=55ccb97b2e2bd;x=ac5b713dd7a4e4fc
kernel:         4.13.9-200.fc26.x86_64
package:        plasma-workspace-5.10.5-3.fc26
reason:         xembedsniproxy killed by SIGSEGV
rootdir:        /
runlevel:       N 5
type:           CCpp
uid:            1004
Comment 14 rickw 2017-11-25 02:46:26 UTC 
*** Bug 1517417 has been marked as a duplicate of this bug. ***
Comment 15 Maciej Sitarz 2018-01-08 10:17:04 UTC 
I have exactly the same problem. It's reproducible every time I login to KDE (from SDDM).


(gdb) where
#0  SNIProxy::getImageNonComposite (this=this@entry=0x7fb8dc006820) at /usr/src/debug/plasma-workspace-5.11.4-1.fc27.x86_64/xembed-sni-proxy/sniproxy.cpp:291
#1  0x00005632d3892424 in SNIProxy::update (this=0x7fb8dc006820) at /usr/src/debug/plasma-workspace-5.11.4-1.fc27.x86_64/xembed-sni-proxy/sniproxy.cpp:232
#2  0x00005632d388f5ad in FdoSelectionManager::nativeEventFilter (this=0x7ffee259a780, eventType=..., message=0x5632d5804de0, result=<optimized out>)
    at /usr/src/debug/plasma-workspace-5.11.4-1.fc27.x86_64/xembed-sni-proxy/fdoselectionmanager.cpp:154
#3  0x00007fb8f1a44be4 in QAbstractEventDispatcher::filterNativeEvent(QByteArray const&, void*, long*) () from /lib64/libQt5Core.so.5
#4  0x00007fb8e2c01fe0 in QXcbConnection::handleXcbEvent(xcb_generic_event_t*) () from /lib64/libQt5XcbQpa.so.5
#5  0x00007fb8e2c02c6c in QXcbConnection::processXcbEvents() () from /lib64/libQt5XcbQpa.so.5
#6  0x00007fb8f1a7091a in QObject::event(QEvent*) () from /lib64/libQt5Core.so.5
#7  0x00007fb8f1a4727a in doNotify(QObject*, QEvent*) () from /lib64/libQt5Core.so.5
#8  0x00007fb8f1a47367 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /lib64/libQt5Core.so.5
#9  0x00007fb8f1a49aeb in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /lib64/libQt5Core.so.5
#10 0x00007fb8f1a98553 in postEventSourceDispatch(_GSource*, int (*)(void*), void*) () from /lib64/libQt5Core.so.5
#11 0x00007fb8ebb53bb7 in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
#12 0x00007fb8ebb53f60 in g_main_context_iterate.isra () from /lib64/libglib-2.0.so.0
#13 0x00007fb8ebb53fec in g_main_context_iteration () from /lib64/libglib-2.0.so.0
#14 0x00007fb8f1a9833f in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib64/libQt5Core.so.5
#15 0x00007fb8f1a460ea in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib64/libQt5Core.so.5
#16 0x00007fb8f1a4e744 in QCoreApplication::exec() () from /lib64/libQt5Core.so.5
#17 0x00005632d388ca53 in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/plasma-workspace-5.11.4-1.fc27.x86_64/xembed-sni-proxy/main.cpp:68


Is there any other debug/info needed?
Comment 16 Maciej Sitarz 2018-01-08 13:06:44 UTC 
My system is Fedora 27 and plasma-workspace.x86_64 5.11.4-1.fc27

I managed to mitigate (fix?) the problem by checking if 'image' object got from 'xcb_image_get()' is not null.

Patch below:

--- plasma-workspace-5.11.4/xembed-sni-proxy/sniproxy.cpp_orig  2018-01-08 13:40:42.070485134 +0100
+++ plasma-workspace-5.11.4/xembed-sni-proxy/sniproxy.cpp       2018-01-08 13:42:03.734526387 +0100
@@ -288,7 +288,13 @@
     xcb_image_t *image = xcb_image_get(c, m_windowId, 0, 0, geom->width, geom->height, 0xFFFFFFFF, XCB_IMAGE_FORMAT_Z_PIXMAP);
 
     // Don't hook up cleanup yet, we may use a different QImage after all
-    QImage naiveConversion = QImage(image->data, image->width, image->height, QImage::Format_ARGB32);
+    QImage naiveConversion;
+       if (nullptr != image) {
+        naiveConversion = QImage(image->data, image->width, image->height, QImage::Format_ARGB32);
+    } else {
+        qCDebug(SNIPROXY) << "Skip NULL image returned from xcb_image_get() for" << m_windowId << Title();
+        return QImage();
+    }
 
     if (isTransparentImage(naiveConversion)) {
         QImage elaborateConversion = QImage(convertFromNative(image));
Comment 17 Maciej Sitarz 2018-01-08 13:11:30 UTC 
Upstream KDE bug:
https://bugs.kde.org/show_bug.cgi?id=359664
Comment 18 Rex Dieter 2018-01-08 18:28:41 UTC 
%changelog
* Mon Jan 08 2018 Rex Dieter <rdieter> - 5.11.4-4
- use upstreamed version of previous commit/patch

* Mon Jan 08 2018 Rex Dieter <rdieter> - 5.11.4-3
- include candidate crash fix for xembedsniproxy (#1497829,kde#359664)
Comment 19 Rex Dieter 2018-01-08 22:44:56 UTC 
fix will be included when plasma-5.11.5 rolls out.

(that will most likely include f26 too, depending on discussion in tomorrow's kde-sig meeting)
Comment 20 Rex Dieter 2018-01-19 14:06:37 UTC 
*** Bug 1536425 has been marked as a duplicate of this bug. ***