Bug 497740
| Summary: | Klipper segfaults on disabling actions from popup window | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Konrad Karl <kk_konrad> |
| Component: | kdebase-workspace | Assignee: | Kevin Kofler <kevin> |
| Status: | CLOSED WORKSFORME | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 11 | CC: | arbiter, fedora, jreznik, kevin, ltinkl, rdieter, smparrish, than |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-07-22 01:41:25 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Konrad Karl
2009-04-26 19:04:47 UTC
Please report this issue upstream at http://bugs.kde.org and please remember to add the upstream info to this report. We will monitor upstream for a resolution. I disagree that It should be me to report upstream - this is a maintainers job. I feel like a Fedora "customer" and my point of contact should be within Fedora. Thanks for your understanding. (and sorry for late reply, was travelling) Konrad BTW, it still crashes the same way in current Rawhide Unable to reproduce this. Can you give examples of specific website where this is happening. This is information upstream will need to help isolate and correct this issue. Instead of us acting as an intermediary it would be beneficial to file this upstream yourself as requested. That way when the upstream developers have questions they can contact you directly. -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers I think this is most likely the same bug as https://bugs.kde.org/show_bug.cgi?id=165726 It's fixed in 4.3, but not in 4.2.x. Tentative fix for the 4.2 branch here (from me, back in February, completely ignored by upstream): https://bugs.kde.org/show_bug.cgi?id=165726#c36 As that bug annoys me too, I'll add that patch to the 4.2.4 builds and see what goes. Grrr, I tested my fix (which is in 4.2.4-3), it doesn't seem to fix this bug. It does appear to fix https://bugs.kde.org/show_bug.cgi?id=165726 , but as that wasn't 100% reproducible I'm not sure that one is fixed either. Valgrind log for this one (but not very useful because there's no debugging info in this): ==14718== Invalid read of size 4 ==14718== at 0x3662F62: (within /usr/lib/libQtGui.so.4.5.0) ==14718== by 0x3669887: (within /usr/lib/libQtGui.so.4.5.0) ==14718== by 0x366A371: QMenu::mouseReleaseEvent(QMouseEvent*) (in /usr/lib/libQtGui.so.4.5.0) ==14718== by 0x5887274: KMenu::mouseReleaseEvent(QMouseEvent*) (in /usr/lib/libkdeui.so.5.2.0) ==14718== by 0x3245762: QWidget::event(QEvent*) (in /usr/lib/libQtGui.so.4.5.0) ==14718== by 0x366C758: QMenu::event(QEvent*) (in /usr/lib/libQtGui.so.4.5.0) ==14718== by 0x31EE98B: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /usr/lib/libQtGui.so.4.5.0) ==14718== by 0x31F7600: QApplication::notify(QObject*, QEvent*) (in /usr/lib/libQtGui.so.4.5.0) ==14718== by 0x57A6F8C: KApplication::notify(QObject*, QEvent*) (in /usr/lib/libkdeui.so.5.2.0) ==14718== by 0x7D5A72A: QCoreApplication::notifyInternal(QObject*, QEvent*) (in /usr/lib/libQtCore.so.4.5.0) ==14718== by 0x31F666D: QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&) (in /usr/lib/libQtGui.so.4.5.0) ==14718== by 0x3266675: (within /usr/lib/libQtGui.so.4.5.0) ==14718== Address 0x5a90a5c is 4 bytes inside a block of size 408 free'd ==14718== at 0x40054AA: operator delete(void*) (vg_replace_malloc.c:342) ==14718== by 0x366E814: (within /usr/lib/libQtGui.so.4.5.0) ==14718== by 0x7D71FC0: QObject::~QObject() (in /usr/lib/libQtCore.so.4.5.0) ==14718== by 0x324045E: QWidget::~QWidget() (in /usr/lib/libQtGui.so.4.5.0) ==14718== by 0x36638CC: QMenu::~QMenu() (in /usr/lib/libQtGui.so.4.5.0) ==14718== by 0x588774E: KMenu::~KMenu() (in /usr/lib/libkdeui.so.5.2.0) ==14718== by 0x7D698A4: qDeleteInEventHandler(QObject*) (in /usr/lib/libQtCore.so.4.5.0) ==14718== by 0x7D6B192: QObject::event(QEvent*) (in /usr/lib/libQtCore.so.4.5.0) ==14718== by 0x324505F: QWidget::event(QEvent*) (in /usr/lib/libQtGui.so.4.5.0) ==14718== by 0x366C758: QMenu::event(QEvent*) (in /usr/lib/libQtGui.so.4.5.0) ==14718== by 0x31EE98B: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /usr/lib/libQtGui.so.4.5.0) ==14718== by 0x31F6D71: QApplication::notify(QObject*, QEvent*) (in /usr/lib/libQtGui.so.4.5.0) ==14718== ==14718== Invalid read of size 4 ==14718== at 0x366178F: QMenu::findIdForAction(QAction*) const (in /usr/lib/libQtGui.so.4.5.0) ==14718== by 0x3662F6C: (within /usr/lib/libQtGui.so.4.5.0) ==14718== by 0x3669887: (within /usr/lib/libQtGui.so.4.5.0) ==14718== by 0x366A371: QMenu::mouseReleaseEvent(QMouseEvent*) (in /usr/lib/libQtGui.so.4.5.0) ==14718== by 0x5887274: KMenu::mouseReleaseEvent(QMouseEvent*) (in /usr/lib/libkdeui.so.5.2.0) ==14718== by 0x3245762: QWidget::event(QEvent*) (in /usr/lib/libQtGui.so.4.5.0) ==14718== by 0x366C758: QMenu::event(QEvent*) (in /usr/lib/libQtGui.so.4.5.0) ==14718== by 0x31EE98B: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /usr/lib/libQtGui.so.4.5.0) ==14718== by 0x31F7600: QApplication::notify(QObject*, QEvent*) (in /usr/lib/libQtGui.so.4.5.0) ==14718== by 0x57A6F8C: KApplication::notify(QObject*, QEvent*) (in /usr/lib/libkdeui.so.5.2.0) ==14718== by 0x7D5A72A: QCoreApplication::notifyInternal(QObject*, QEvent*) (in /usr/lib/libQtCore.so.4.5.0) ==14718== by 0x31F666D: QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&) (in /usr/lib/libQtGui.so.4.5.0) ==14718== Address 0x5aa8564 is 4 bytes inside a block of size 8 free'd ==14718== at 0x40054AA: operator delete(void*) (vg_replace_malloc.c:342) ==14718== by 0x31EA394: QAction::~QAction() (in /usr/lib/libQtGui.so.4.5.0) ==14718== by 0x7D69BBE: QObjectPrivate::deleteChildren() (in /usr/lib/libQtCore.so.4.5.0) ==14718== by 0x7D71F22: QObject::~QObject() (in /usr/lib/libQtCore.so.4.5.0) ==14718== by 0x404F69D: (within /usr/lib/libkdeinit4_klipper.so) ==14718== by 0x404931A: (within /usr/lib/libkdeinit4_klipper.so) ==14718== by 0x404B4F1: (within /usr/lib/libkdeinit4_klipper.so) ==14718== by 0x7D70A77: QMetaObject::activate(QObject*, int, int, void**) (in /usr/lib/libQtCore.so.4.5.0) ==14718== by 0x7D72201: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/libQtCore.so.4.5.0) ==14718== by 0x31E83C8: QAction::toggled(bool) (in /usr/lib/libQtGui.so.4.5.0) ==14718== by 0x31E980B: QAction::setChecked(bool) (in /usr/lib/libQtGui.so.4.5.0) ==14718== by 0x4049305: (within /usr/lib/libkdeinit4_klipper.so) ==14718== ==14718== Invalid read of size 4 ==14718== at 0x3661792: QMenu::findIdForAction(QAction*) const (in /usr/lib/libQtGui.so.4.5.0) ==14718== by 0x3662F6C: (within /usr/lib/libQtGui.so.4.5.0) ==14718== by 0x3669887: (within /usr/lib/libQtGui.so.4.5.0) ==14718== by 0x366A371: QMenu::mouseReleaseEvent(QMouseEvent*) (in /usr/lib/libQtGui.so.4.5.0) ==14718== by 0x5887274: KMenu::mouseReleaseEvent(QMouseEvent*) (in /usr/lib/libkdeui.so.5.2.0) ==14718== by 0x3245762: QWidget::event(QEvent*) (in /usr/lib/libQtGui.so.4.5.0) ==14718== by 0x366C758: QMenu::event(QEvent*) (in /usr/lib/libQtGui.so.4.5.0) ==14718== by 0x31EE98B: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /usr/lib/libQtGui.so.4.5.0) ==14718== by 0x31F7600: QApplication::notify(QObject*, QEvent*) (in /usr/lib/libQtGui.so.4.5.0) ==14718== by 0x57A6F8C: KApplication::notify(QObject*, QEvent*) (in /usr/lib/libkdeui.so.5.2.0) ==14718== by 0x7D5A72A: QCoreApplication::notifyInternal(QObject*, QEvent*) (in /usr/lib/libQtCore.so.4.5.0) ==14718== by 0x31F666D: QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&) (in /usr/lib/libQtGui.so.4.5.0) ==14718== Address 0xa8 is not stack'd, malloc'd or (recently) free'd KCrash: Application 'klipper' crashing... I think this is indeed a different bug than the upstream one. What's happening here is that the deletion for m_myMenu->deleteLater(); is triggered too early. It seems even deleteLater() is unsafe to use where it's being used, because there are events being processed where the menu is still needed. So this needs to be posted as a separate upstream bug. This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle. Changing version to '11'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping Seems to be fixed at least in kdebase-workspace-4.2.4-3.fc11.x86_64 Thanks to the people involved! Konrad I'm not convinced it's fixed yet. I was still able to still reproduce your bug after my fix. I can't reproduce the related bug https://bugs.kde.org/show_bug.cgi?id=165726 anymore, so I think that one is really fixed by my patch, but yours was still reproducible. But I can't reproduce it right now. Weird. Kevin any updates?
--
Steven M. Parrish - KDE Triage Master
- PackageKit Triager
Fedora Bugzappers volunteer triage team
https://fedoraproject.org/wiki/BugZappers
I can't reproduce it anymore (and neither can the reporter). I have no idea what fixed it because my patch didn't fix this issue (only the other one) when I tested it. |