Description of problem: konqueror (other kde progs too?) crashes when doing a save-as, with a SIGSEGV in free () from /usr/lib/libkdecore.so.4 Version-Release number of selected component (if applicable): kdelibs-3.3.0-1 How reproducible: Always on my system... Steps to Reproduce: 1. Start up konqueror, go to a page with stuff to download (I've been using http://kuoi.asui.uidaho.edu/~wes/images/ since it's mine) 2. Right-click and save-as something. (I've been using "Adam_Osborne.jpg" since it's the first thing there) Actual results: File downloads, then konq crashes. For a reason I don't understand, it just says "Alarm clock", but if you do it in gdb it's actually a segfault. See attached gdb output. Expected results: File saves, no crash. Additional info: Could this actually be a problem with gamin?
Created attachment 103112 [details] gdb trace of the crash
it looks like a bug in gamin (fam replacement), which causes this crash here. It works fine with fam. I reassign it to correct component
can you upgrade to gamin-0.0.8 from rawhide and retry ? There was some serious problem with version 0.0.7 Daniel
Yes, it still happens with gamin-0.0.8, exact same call trace even. I went a little further this time and rebuilt gamin with --enable-debug to get a better look at what's going bad, so... near the end of FAMCancelMonitor: /* * TODO: check should this *really* be freed ? */ free(fr); That's the free that it's crashing on. I also ran my test in konqueror under valgrind memcheck, and it turns up two spots with fam-related problems: ==13894== Conditional jump or move depends on uninitialised value(s) ==13894== at 0x1BC40E88: KDirWatchPrivate::checkFAMEvent(FAMEvent*) (in /usr/lib/libkio.so.4.2.0) ==13894== by 0x1BC41350: KDirWatchPrivate::famEventReceived() (in /usr/lib/libkio.so.4.2.0) ==13894== by 0x1BC4161F: KDirWatchPrivate::qt_invoke(int, QUObject*) (in /usr/lib/libkio.so.4.2.0) ==13894== by 0x1C603C9D: QObject::activate_signal(QConnectionList*, QUObject*) (in /usr/lib/qt-3.3/lib/libqt-mt.so.3.3.3) ==13894== ==13894== Conditional jump or move depends on uninitialised value(s) ==13894== at 0x1C272400: free (in /usr/lib/libkdecore.so.4.2.0) ==13894== by 0x1CBD12EA: FAMCancelMonitor (gam_api.c:1182) ==13894== by 0x1BC3ED34: KDirWatchPrivate::removeEntry(KDirWatch*, QString const&, KDirWatchPrivate::Entry*) (in /usr/lib/libkio.so.4.2.0) ==13894== by 0x1BC3EEDE: KDirWatch::removeDir(QString const&) (in /usr/lib/libkio.so.4.2.0)
Okay, the free() should not be done, that's clear now, thanks a lot I will fix that. However I'm not clear about the one in KDirWatchPrivate::checkFAMEvent 1/ I don't know that code 2/ Conditional jump or move depends on uninitialised value(s) can be generated by valgrind when run on optimized code whithout it being a real programming mistake. But I will try to make sure the full FAMEvent structure as returned by FAMNextEvent is fully initialized. I will double-check and commit this to CVs soon. I will probably make a new release of gamin this week. Daniel
Okay, reproduced the crash, verified that the change fixes the problem, this is commited in gamin CVS, and should hit Rawhide soon. thanks, Daniel
Got the new package from rawhide and tested it; fix works as promised. Thanks, closing this bug now.
Oh, one last thing... I noticed you changed the component from 'gamin' to 'kon2'. I'm assuming that was an accident and I'm changing it back so as not to confuse anyone.
yeah, it was a mistake, thanks ! Daniel
*** Bug 132922 has been marked as a duplicate of this bug. ***