https://bugs.kde.org/show_bug.cgi?id=520647
Bug ID: 520647
Summary: TagsFileItemAction crashes Dolphin with null QUrl in
toLocalFile() on directory/viewport context menu
Classification: Frameworks and Libraries
Product: baloo-widgets
Version First 26.04.1
Reported In:
Platform: Arch Linux
OS: Linux
Status: REPORTED
Severity: crash
Priority: NOR
Component: general
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Created attachment 192600
--> https://bugs.kde.org/attachment.cgi?id=192600&action=edit
Full symbolized backtrace (thread apply all bt full, via debuginfod)
SUMMARY
TagsFileItemAction::actions() calls QUrl::toLocalFile() on a null QUrl pointer
(this=0x0), causing Dolphin to crash with SIGSEGV. The crash is intermittent
(race-like — it takes 1–2 minutes of repeated right-clicking to trigger) and
happens when opening the context menu in a directory with mimetype
inode/directory, including the empty viewport. This looks like a residual or
regression case of bug 437501 (same file, same function, same toLocalFile crash
signature).
STEPS TO REPRODUCE
KDE Plasma 6.6 / Wayland, Dolphin 26.04.1, baloo-widgets 26.04.1, with the Tags
action enabled in Dolphin's context menu.
Open a local directory in Dolphin.
Right-click repeatedly on file items and on the empty viewport for 1–2 minutes.
Dolphin segfaults inside TagsFileItemAction.
OBSERVED RESULT
Dolphin crashes with SIGSEGV. The faulting thread (symbolized via debuginfod):
#5 QUrl::isLocalFile (this=<optimized out>) at qurl.cpp:3432
#6 QUrl::toLocalFile (this=0x0) at qurl.cpp:3413
#7 TagsFileItemAction::actions (this=..., fileItemInfos=..., parentWidget=...)
at tagsfileitemaction.cpp
filePath = {... ptr = u"<garbage>", size = 94805179002544}
#8 KFileItemActionsPrivate::addPluginActionsTo (...)
at kio-6.26.0/src/widgets/kfileitemactions.cpp:646
pluginId = u"tagsfileitemaction"
commonMimeType = u"inode/directory"
#9 DolphinContextMenu::addAdditionalActions
at dolphin-26.04.1/src/dolphincontextmenu.cpp:538
#10 DolphinContextMenu::addViewportContextMenu
at dolphin-26.04.1/src/dolphincontextmenu.cpp:376
Key points:
Frame #6: QUrl::toLocalFile is called with this=0x0 — a null QUrl pointer is
dereferenced.
Frame #7: the filePath local is corrupted (garbage UTF-16 string, nonsensical
size), consistent with reading a path from a null/invalid QUrl.
Frame #8: confirms the plugin is tagsfileitemaction on an inode/directory item.
Full thread apply all bt full output is attached (the other 14 threads are idle
— poll/futex/wait, not involved).
EXPECTED RESULT
No crash; the Tags action should handle a null/invalid QUrl gracefully.
WORKAROUND
Disabling the Tags action in Dolphin's context-menu settings (or removing
tagsfileitemaction.so) stops the crash. The user has no Baloo tags at all
(tags:/ is empty), yet the crash still occurs.
SOFTWARE/OS VERSIONS
baloo-widgets: 26.04.1
Dolphin: 26.04.1
KDE Frameworks: 6.26.0
Qt: 6.11.1
KDE Plasma: 6.6.5
Graphics Platform: Wayland
OS: Arch Linux, kernel 7.0.9-arch2-1
ADDITIONAL INFORMATION
Possibly related to bug 437501 (TagCheckBox crash on a tag containing /,
FIXED-IN 25.08) — same source file tagsfileitemaction.cpp and same
QUrl::toLocalFile crash path, but here it triggers with no tags defined and on
the directory/viewport context menu.
--
You are receiving this mail because:
You are watching all bug changes.
