Bug 456614 - Segmentation fault in qtconfig-qt4 [due to Phase style]
Segmentation fault in qtconfig-qt4 [due to Phase style]
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: qt4 (Show other bugs)
9
All Linux
low Severity medium
: ---
: ---
Assigned To: Ngo Than
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-07-24 18:41 EDT by Paul Smith
Modified: 2008-07-24 19:38 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-07-24 19:31:28 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Paul Smith 2008-07-24 18:41:28 EDT
When running "qtconfig-qt4", I get a "segmentation fault". The messages were:

Jul 24 23:33:02 localhost kernel: qtconfig-qt4[4427]: segfault at 20 ip 008d7f12
sp bfc6d010 error 4 in libQtGui.so.4.3.5[646000+71b000]
Jul 24 23:33:31 localhost kernel: qtconfig-qt4[4437]: segfault at 20 ip 008d7f12
sp bfc440c0 error 4 in libQtGui.so.4.3.5[646000+71b000]

Running qt-4.3.5-2.fc9.i386.

Paul
Comment 1 Kevin Kofler 2008-07-24 18:45:02 EDT
Can you please obtain a stack trace with debugging information? Please see 
https://fedoraproject.org/wiki/StackTraces for instructions. Such stack traces 
are invaluable for us to figure out what's going wrong.
Comment 2 Paul Smith 2008-07-24 18:56:16 EDT
Thanks, Kevin. I hope the following helps:

$ valgrind --leak-check=full --show-reachable=yes qtconfig-qt4
==4529== Memcheck, a memory error detector.
==4529== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==4529== Using LibVEX rev 1804, a library for dynamic binary translation.
==4529== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==4529== Using valgrind-3.3.0, a dynamic binary instrumentation framework.
==4529== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==4529== For more details, rerun with: -v
==4529== 
==4530== 
==4530== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 17 from 1)
==4530== malloc/free: in use at exit: 18,289 bytes in 577 blocks.
==4530== malloc/free: 815 allocs, 238 frees, 32,471 bytes allocated.
==4530== For counts of detected errors, rerun with: -v
==4530== searching for pointers to 577 not-freed blocks.
==4530== checked 122,924 bytes.
==4530== 
==4530== 424 bytes in 2 blocks are still reachable in loss record 1 of 3
==4530==    at 0x4006C0C: realloc (vg_replace_malloc.c:429)
==4530==    by 0x809FEF4: xrealloc (in /bin/bash)
==4530==    by 0x80698F6: (within /bin/bash)
==4530==    by 0x8069996: (within /bin/bash)
==4530==    by 0x8069B85: (within /bin/bash)
==4530==    by 0x806A3F6: print_simple_command (in /bin/bash)
==4530==    by 0x806FF18: (within /bin/bash)
==4530==    by 0x806E0B0: execute_command_internal (in /bin/bash)
==4530==    by 0x806EB32: execute_command (in /bin/bash)
==4530==    by 0x806E803: execute_command_internal (in /bin/bash)
==4530==    by 0x806EB32: execute_command (in /bin/bash)
==4530==    by 0x806E1A9: execute_command_internal (in /bin/bash)
==4530== 
==4530== 
==4530== 1,870 bytes in 5 blocks are still reachable in loss record 2 of 3
==4530==    at 0x4006AEE: malloc (vg_replace_malloc.c:207)
==4530==    by 0x809FF17: xrealloc (in /bin/bash)
==4530==    by 0x808E036: fd_to_buffered_stream (in /bin/bash)
==4530==    by 0x808E0B1: with_input_from_buffered_stream (in /bin/bash)
==4530==    by 0x805EC7F: main (in /bin/bash)
==4530== 
==4530== 
==4530== 15,995 bytes in 570 blocks are still reachable in loss record 3 of 3
==4530==    at 0x4006AEE: malloc (vg_replace_malloc.c:207)
==4530==    by 0x809FF79: xmalloc (in /bin/bash)
==4530==    by 0x809B8A8: set_default_locale (in /bin/bash)
==4530==    by 0x805DAD9: main (in /bin/bash)
==4530== 
==4530== LEAK SUMMARY:
==4530==    definitely lost: 0 bytes in 0 blocks.
==4530==      possibly lost: 0 bytes in 0 blocks.
==4530==    still reachable: 18,289 bytes in 577 blocks.
==4530==         suppressed: 0 bytes in 0 blocks.
==4532== 
==4532== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 17 from 1)
==4532== malloc/free: in use at exit: 17,971 bytes in 585 blocks.
==4532== malloc/free: 884 allocs, 299 frees, 37,018 bytes allocated.
==4532== For counts of detected errors, rerun with: -v
==4532== searching for pointers to 585 not-freed blocks.
==4532== checked 122,584 bytes.
==4532== 
==4532== 13 bytes in 1 blocks are definitely lost in loss record 1 of 4
==4532==    at 0x4006AEE: malloc (vg_replace_malloc.c:207)
==4532==    by 0x809FF79: xmalloc (in /bin/bash)
==4532==    by 0x806FFD0: (within /bin/bash)
==4532==    by 0x806E0B0: execute_command_internal (in /bin/bash)
==4532==    by 0x806D2EE: (within /bin/bash)
==4532==    by 0x806E7AC: execute_command_internal (in /bin/bash)
==4532==    by 0x806EB32: execute_command (in /bin/bash)
==4532==    by 0x806E169: execute_command_internal (in /bin/bash)
==4532==    by 0x806EB32: execute_command (in /bin/bash)
==4532==    by 0x805F066: reader_loop (in /bin/bash)
==4532==    by 0x805EC24: main (in /bin/bash)
==4532== 
==4532== 
==4532== 428 bytes in 2 blocks are still reachable in loss record 2 of 4
==4532==    at 0x4006C0C: realloc (vg_replace_malloc.c:429)
==4532==    by 0x809FEF4: xrealloc (in /bin/bash)
==4532==    by 0x80698F6: (within /bin/bash)
==4532==    by 0x8069996: (within /bin/bash)
==4532==    by 0x8069B85: (within /bin/bash)
==4532==    by 0x806A3F6: print_simple_command (in /bin/bash)
==4532==    by 0x806FF18: (within /bin/bash)
==4532==    by 0x806E0B0: execute_command_internal (in /bin/bash)
==4532==    by 0x806EB32: execute_command (in /bin/bash)
==4532==    by 0x806E803: execute_command_internal (in /bin/bash)
==4532==    by 0x806EB32: execute_command (in /bin/bash)
==4532==    by 0x806E1A9: execute_command_internal (in /bin/bash)
==4532== 
==4532== 
==4532== 1,862 bytes in 4 blocks are still reachable in loss record 3 of 4
==4532==    at 0x4006AEE: malloc (vg_replace_malloc.c:207)
==4532==    by 0x809FF17: xrealloc (in /bin/bash)
==4532==    by 0x808E036: fd_to_buffered_stream (in /bin/bash)
==4532==    by 0x808E0B1: with_input_from_buffered_stream (in /bin/bash)
==4532==    by 0x805EC7F: main (in /bin/bash)
==4532== 
==4532== 
==4532== 15,668 bytes in 578 blocks are still reachable in loss record 4 of 4
==4532==    at 0x4006AEE: malloc (vg_replace_malloc.c:207)
==4532==    by 0x809FF79: xmalloc (in /bin/bash)
==4532==    by 0x809B8A8: set_default_locale (in /bin/bash)
==4532==    by 0x805DAD9: main (in /bin/bash)
==4532== 
==4532== LEAK SUMMARY:
==4532==    definitely lost: 13 bytes in 1 blocks.
==4532==      possibly lost: 0 bytes in 0 blocks.
==4532==    still reachable: 17,958 bytes in 584 blocks.
==4532==         suppressed: 0 bytes in 0 blocks.
Segmentation fault
$ 

Paul
Comment 3 Kevin Kofler 2008-07-24 19:02:40 EDT
Sorry, this doesn't help at all, because Valgrind isn't catching anything 
("ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 17 from 1)"). You're 
running Valgrind on qtconfig-qt4 which is only a wrapper script, please try 
running:
valgrind /usr/lib/qt4/bin/qtconfig
Comment 4 Paul Smith 2008-07-24 19:12:47 EDT
Sorry about that, Kevin. I hope this time I am providing useful information:

$ valgrind /usr/lib/qt4/bin/qtconfig
==4582== Memcheck, a memory error detector.
==4582== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==4582== Using LibVEX rev 1804, a library for dynamic binary translation.
==4582== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==4582== Using valgrind-3.3.0, a dynamic binary instrumentation framework.
==4582== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==4582== For more details, rerun with: -v
==4582== 
==4582== Syscall param writev(vector[...]) points to uninitialised byte(s)
==4582==    at 0x4D7E0BC: writev (in /lib/libc-2.8.so)
==4582==    by 0x57E35D: (within /usr/lib/libxcb.so.1.0.0)
==4582==    by 0x57E98D: (within /usr/lib/libxcb.so.1.0.0)
==4582==    by 0x57EAB8: (within /usr/lib/libxcb.so.1.0.0)
==4582==    by 0x57FBD5: xcb_wait_for_reply (in /usr/lib/libxcb.so.1.0.0)
==4582==    by 0x5E8E40: _XReply (in /usr/lib/libX11.so.6.2.0)
==4582==    by 0x5C5C52: XGetWindowProperty (in /usr/lib/libX11.so.6.2.0)
==4582==    by 0x5C4E76: XGetWMHints (in /usr/lib/libX11.so.6.2.0)
==4582==    by 0x4565958: QWidgetPrivate::setWindowIcon_sys(bool) (in
/usr/lib/libQtGui.so.4.3.5)
==4582==    by 0x4538A57: QWidget::create(unsigned long, bool, bool) (in
/usr/lib/libQtGui.so.4.3.5)
==4582==    by 0x4539082: QWidgetPrivate::createWinId(unsigned long) (in
/usr/lib/libQtGui.so.4.3.5)
==4582==    by 0x4539136: QWidgetPrivate::setWindowTitle_helper(QString const&)
(in /usr/lib/libQtGui.so.4.3.5)
==4582==  Address 0x505e547 is 6,991 bytes inside a block of size 8,556 alloc'd
==4582==    at 0x4004BA2: calloc (vg_replace_malloc.c:397)
==4582==    by 0x57E610: xcb_connect_to_fd (in /usr/lib/libxcb.so.1.0.0)
==4582==    by 0x58112E: xcb_connect (in /usr/lib/libxcb.so.1.0.0)
==4582==    by 0x5E833A: _XConnectXCB (in /usr/lib/libX11.so.6.2.0)
==4582==    by 0x5CF95E: XOpenDisplay (in /usr/lib/libX11.so.6.2.0)
==4582==    by 0x4550BB5: (within /usr/lib/libQtGui.so.4.3.5)
==4582==    by 0x44FCE78: QApplicationPrivate::construct(_XDisplay*, unsigned
long, unsigned long) (in /usr/lib/libQtGui.so.4.3.5)
==4582==    by 0x44FD9C2: QApplication::QApplication(int&, char**, int) (in
/usr/lib/libQtGui.so.4.3.5)
==4582==    by 0x8051C19: (within /usr/lib/qt4/bin/qtconfig)
==4582==    by 0x4CBE5D5: (below main) (in /lib/libc-2.8.so)
==4582== 
==4582== Syscall param writev(vector[...]) points to uninitialised byte(s)
==4582==    at 0x4D7E0BC: writev (in /lib/libc-2.8.so)
==4582==    by 0x57E35D: (within /usr/lib/libxcb.so.1.0.0)
==4582==    by 0x57E98D: (within /usr/lib/libxcb.so.1.0.0)
==4582==    by 0x57EF1A: xcb_send_request (in /usr/lib/libxcb.so.1.0.0)
==4582==    by 0x5E7C55: _XPutXCBBuffer (in /usr/lib/libX11.so.6.2.0)
==4582==    by 0x5E801F: (within /usr/lib/libX11.so.6.2.0)
==4582==    by 0x924B1E: XRenderAddGlyphs (in /usr/lib/libXrender.so.1.3.0)
==4582==    by 0x4701009:
QFontEngineX11FT::uploadGlyphToServer(QFontEngineFT::QGlyphSet*, unsigned,
QFontEngineFT::Glyph*, _XGlyphInfo*, int) const (in /usr/lib/libQtGui.so.4.3.5)
==4582==    by 0x4709691: QFontEngineFT::loadGlyph(QFontEngineFT::QGlyphSet*,
unsigned, QFontEngineFT::GlyphFormat) const (in /usr/lib/libQtGui.so.4.3.5)
==4582==    by 0x470A362: QFontEngineFT::recalcAdvances(int, QGlyphLayout*,
QFlags<QTextEngine::ShaperFlag>) const (in /usr/lib/libQtGui.so.4.3.5)
==4582==    by 0x47061D3: QFontEngineFT::stringToCMap(QChar const*, int,
QGlyphLayout*, int*, QFlags<QTextEngine::ShaperFlag>) const (in
/usr/lib/libQtGui.so.4.3.5)
==4582==    by 0x466B683: QFontEngineMulti::stringToCMap(QChar const*, int,
QGlyphLayout*, int*, QFlags<QTextEngine::ShaperFlag>) const (in
/usr/lib/libQtGui.so.4.3.5)
==4582==  Address 0x505e273 is 6,267 bytes inside a block of size 8,556 alloc'd
==4582==    at 0x4004BA2: calloc (vg_replace_malloc.c:397)
==4582==    by 0x57E610: xcb_connect_to_fd (in /usr/lib/libxcb.so.1.0.0)
==4582==    by 0x58112E: xcb_connect (in /usr/lib/libxcb.so.1.0.0)
==4582==    by 0x5E833A: _XConnectXCB (in /usr/lib/libX11.so.6.2.0)
==4582==    by 0x5CF95E: XOpenDisplay (in /usr/lib/libX11.so.6.2.0)
==4582==    by 0x4550BB5: (within /usr/lib/libQtGui.so.4.3.5)
==4582==    by 0x44FCE78: QApplicationPrivate::construct(_XDisplay*, unsigned
long, unsigned long) (in /usr/lib/libQtGui.so.4.3.5)
==4582==    by 0x44FD9C2: QApplication::QApplication(int&, char**, int) (in
/usr/lib/libQtGui.so.4.3.5)
==4582==    by 0x8051C19: (within /usr/lib/qt4/bin/qtconfig)
==4582==    by 0x4CBE5D5: (below main) (in /lib/libc-2.8.so)
==4582== 
==4582== Invalid read of size 4
==4582==    at 0x4679F12: QFontMetrics::lineSpacing() const (in
/usr/lib/libQtGui.so.4.3.5)
==4582==    by 0x5C9CE4D: PhaseStyle::pixelMetric(QStyle::PixelMetric,
QStyleOption const*, QWidget const*) const (phasestyle.cpp:2387)
==4582==    by 0x481ED84: QMdiArea::minimumSizeHint() const (in
/usr/lib/libQtGui.so.4.3.5)
==4582==    by 0x4519F56: qSmartMaxSize(QWidgetItem const*,
QFlags<Qt::AlignmentFlag>) (in /usr/lib/libQtGui.so.4.3.5)
==4582==    by 0x451CDC3: QWidgetItem::maximumSize() const (in
/usr/lib/libQtGui.so.4.3.5)
==4582==    by 0x44FF374: (within /usr/lib/libQtGui.so.4.3.5)
==4582==    by 0x4500495: QBoxLayout::minimumSize() const (in
/usr/lib/libQtGui.so.4.3.5)
==4582==    by 0x45183EA: QLayout::totalMinimumSize() const (in
/usr/lib/libQtGui.so.4.3.5)
==4582==    by 0x452FCC5: QWidget::minimumSizeHint() const (in
/usr/lib/libQtGui.so.4.3.5)
==4582==    by 0x451A124: qSmartMinSize(QWidgetItem const*) (in
/usr/lib/libQtGui.so.4.3.5)
==4582==    by 0x451CEB6: QWidgetItem::minimumSize() const (in
/usr/lib/libQtGui.so.4.3.5)
==4582==    by 0x45111D7: (within /usr/lib/libQtGui.so.4.3.5)
==4582==  Address 0x20 is not stack'd, malloc'd or (recently) free'd
==4582== 
==4582== Process terminating with default action of signal 11 (SIGSEGV)
==4582==  Access not within mapped region at address 0x20
==4582==    at 0x4679F12: QFontMetrics::lineSpacing() const (in
/usr/lib/libQtGui.so.4.3.5)
==4582==    by 0x5C9CE4D: PhaseStyle::pixelMetric(QStyle::PixelMetric,
QStyleOption const*, QWidget const*) const (phasestyle.cpp:2387)
==4582==    by 0x481ED84: QMdiArea::minimumSizeHint() const (in
/usr/lib/libQtGui.so.4.3.5)
==4582==    by 0x4519F56: qSmartMaxSize(QWidgetItem const*,
QFlags<Qt::AlignmentFlag>) (in /usr/lib/libQtGui.so.4.3.5)
==4582==    by 0x451CDC3: QWidgetItem::maximumSize() const (in
/usr/lib/libQtGui.so.4.3.5)
==4582==    by 0x44FF374: (within /usr/lib/libQtGui.so.4.3.5)
==4582==    by 0x4500495: QBoxLayout::minimumSize() const (in
/usr/lib/libQtGui.so.4.3.5)
==4582==    by 0x45183EA: QLayout::totalMinimumSize() const (in
/usr/lib/libQtGui.so.4.3.5)
==4582==    by 0x452FCC5: QWidget::minimumSizeHint() const (in
/usr/lib/libQtGui.so.4.3.5)
==4582==    by 0x451A124: qSmartMinSize(QWidgetItem const*) (in
/usr/lib/libQtGui.so.4.3.5)
==4582==    by 0x451CEB6: QWidgetItem::minimumSize() const (in
/usr/lib/libQtGui.so.4.3.5)
==4582==    by 0x45111D7: (within /usr/lib/libQtGui.so.4.3.5)
==4582== 
==4582== ERROR SUMMARY: 6 errors from 3 contexts (suppressed: 62 from 1)
==4582== malloc/free: in use at exit: 525,588 bytes in 8,697 blocks.
==4582== malloc/free: 40,031 allocs, 31,334 frees, 18,779,615 bytes allocated.
==4582== For counts of detected errors, rerun with: -v
==4582== searching for pointers to 8,697 not-freed blocks.
==4582== checked 965,036 bytes.
==4582== 
==4582== LEAK SUMMARY:
==4582==    definitely lost: 1,992 bytes in 78 blocks.
==4582==      possibly lost: 6,428 bytes in 213 blocks.
==4582==    still reachable: 517,168 bytes in 8,406 blocks.
==4582==         suppressed: 0 bytes in 0 blocks.
==4582== Rerun with --leak-check=full to see details of leaked memory.
Segmentation fault
$ 

Paul
Comment 5 Kevin Kofler 2008-07-24 19:31:28 EDT
This is a bug in the Phase style, which is not part of Fedora. See also the 
comments on its kde-look.org page:
http://www.kde-look.org/content/show.php?content=11402
(including a comment I just added, which explains what the bug is).
Comment 6 Kevin Kofler 2008-07-24 19:36:22 EDT
Actually, the Phase style will be part of kdeartwork in the KDE 4.1 update 
which is coming soon, but this bug has already been fixed in that version:
http://websvn.kde.org/branches/KDE/4.1/kdeartwork/styles/phase/phasestyle.cpp?r1=784282&r2=808184
Comment 7 Paul Smith 2008-07-24 19:38:20 EDT
Many thanks, Kevin!

Paul

Note You need to log in before you can comment on or make changes to this bug.