Bug#741564: libkio5: libkio : segmentation fault caused by KFileItemDelegate
¡Hola Paul! El 2014-03-15 a las 14:01 +0100, Paul Chavent escribió: A patch have been submitted to https://git.reviewboard.kde.org/r/116808/ and on the kde bug tracker. I attach the patch on this thread too. This fix the bug but it let appear an other one. If i hover the mouse on the file list, everything is fine. But as soon i get out of the file list, the application abort with a message (QWidget::repaint: Recursive repaint detected). I remember to read some peoples who already reported such a bug. I will go on investigations. Mmh, you should add this info in the review. A link to the kde bug in the bug field and also a link to the debian bug in the description would be nice. The patch looks a bit messy, I would prefer to avoid the usage of QSharedPointer and use it only if really needed, else we are only hiding the issue. My bets are in animationState, as it looks like a getter but it actually does a bunch of creepy things, one of the few comments near the 321 line claims: // If the cursor has exited an item And then goes and calls: startAnimation(state); And tries to stop it in the next line? But, well, maybe KFileItemDelegate::paint should have called findAnimationState instead. Have you tested something about this? Happy hacking, -- Whenever possible, steal code. -- Tom Duff Saludos /\/\ /\ `/ -- To UNSUBSCRIBE, email to debian-qt-kde-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140321183618.ga3...@gnuservers.com.ar
Bug#741564: libkio5: libkio : segmentation fault caused by KFileItemDelegate
On 03/14/2014 01:32 PM, Maximiliano Curia wrote: Control: tag -1 + upstream Control: forwarded -1 https://bugs.kde.org/show_bug.cgi?id=332132 ¡Hola Paul! El 2014-03-14 a las 12:29 +0100, Paul Chavent escribió: I've only checked by code review, and yes the suspicious code seems unchanged in the current git tree. Ok. I've filled a report on the kde bug tracker : https://bugs.kde.org/show_bug.cgi?id=332132 Great, I've added the forward information to the Debian bug. I can write a patch that workaround the problem, but I'm not sure to find the solution the authors of this code would imagine. Well, preparing a patch, testing it in your environment, and submitting it to git.reviewboard.kde.org is a consistent way to get the developers feedback. A patch have been submitted to https://git.reviewboard.kde.org/r/116808/ and on the kde bug tracker. I attach the patch on this thread too. This fix the bug but it let appear an other one. If i hover the mouse on the file list, everything is fine. But as soon i get out of the file list, the application abort with a message (QWidget::repaint: Recursive repaint detected). I remember to read some peoples who already reported such a bug. I will go on investigations. In any case, the backtrace that you provide could be improved adding the corresponding states to the involved variables, so even someone foreing to this code (like myself), can understand somthing like why is that state is not forward and not valid. I won't be able to use the monitor features of gdb since the bug disappear if i attach to the process. However i can add printf traces and still reproduce the bug. Is it what you mean ? Well, printf won't work, you'll need to use kDebug or kWarning. And configure your ~/.kde/share/config/kdebugrc to get the debug output to stderr, I think it's something like this: [kio (delegateanimationhandler)] InfoOutput=2 The warning should appear in the ~/.xsession-errors file. Happy hacking, --- a/kio/kio/delegateanimationhandler.cpp +++ b/kio/kio/delegateanimationhandler.cpp @@ -198,7 +198,6 @@ while (i.hasNext()) { i.next(); -qDeleteAll(*i.value()); delete i.value(); } animationLists.clear(); @@ -268,7 +267,7 @@ // } } -AnimationState *DelegateAnimationHandler::animationState(const QStyleOption option, +DelegateAnimationHandler::AnimationStatePtr DelegateAnimationHandler::animationState(const QStyleOption option, const QModelIndex index, const QAbstractItemView *view) { @@ -276,15 +275,15 @@ // item will be drawn in two locations at the same time and hovered in one and // not the other. We can't tell them apart because they both have the same index. if (!view || static_castconst ProtectedAccessor*(view)-draggingState()) -return NULL; +return AnimationStatePtr(NULL); -AnimationState *state = findAnimationState(view, index); +AnimationStatePtr state = findAnimationState(view, index); bool hover = option.state QStyle::State_MouseOver; // If the cursor has entered an item -if (!state hover) +if (state.isNull() hover) { -state = new AnimationState(index); +state = AnimationStatePtr(new AnimationState(index)); addAnimationState(state, view); if (!fadeInAddTime.isValid() || @@ -303,7 +302,7 @@ eventuallyStartIteration(index); } -else if (state) +else if (!state.isNull()) { // If the cursor has exited an item if (!hover (!state-animating || state-direction == QTimeLine::Forward)) @@ -336,9 +335,9 @@ eventuallyStartIteration(index); } } -else if (!state index.model()-data(index, KDirModel::HasJobRole).toBool()) +else if (state.isNull() index.model()-data(index, KDirModel::HasJobRole).toBool()) { -state = new AnimationState(index); +state = AnimationStatePtr(new AnimationState(index)); addAnimationState(state, view); startAnimation(state); state-setJobAnimation(true); @@ -348,7 +347,7 @@ } -AnimationState *DelegateAnimationHandler::findAnimationState(const QAbstractItemView *view, +DelegateAnimationHandler::AnimationStatePtr DelegateAnimationHandler::findAnimationState(const QAbstractItemView *view, const QModelIndex index) const { // Try to find a list of animation states for the view @@ -356,16 +355,16 @@ if (list) { -foreach (AnimationState *state, *list) +foreach (AnimationStatePtr state, *list) if (state-index == index) return state; } -return NULL; +return AnimationStatePtr(NULL); } -void DelegateAnimationHandler::addAnimationState(AnimationState *state, const QAbstractItemView *view)
Bug#741564: libkio5: libkio : segmentation fault caused by KFileItemDelegate
In article 532237B1.8030603__30393.1409529925$1394751274$gmane$o...@fnac.net you wrote: Some precisions. The SIGSEGV arise when we hover mouse on files in the file chooser dialog. The problems seems to be that KFileItemDelegate::paint ask for a state with d-animationState(...) and get a state that can have been deleted meanwhile (see kio/kio/kfileitemdelegate.cpp:~1271). Indeed, DelegateAnimationHandler::animationState (in kio/kio/delegateanimationhandler.cpp:~330) calls setSequenceIndex(0) which has the effect of finally call DelegateAnimationHandler::runAnimations and delete state (in kio/kio/delegateanimationhandler.cpp:~440). Interesting, can you check if this bug is still present in kde4.12.3 (it's currently available in experimental), and if so, report it upstream? Also, if you seem to be quite close the produce a patch, which may attract more eyes. In any case, the backtrace that you provide could be improved adding the corresponding states to the involved variables, so even someone foreing to this code (like myself), can understand somthing like why is that state is not forward and not valid. Thanks, -- Seek simplicity, and distrust it. -- Whitehead's Rule Saludos /\/\ /\ `/ signature.asc Description: Digital signature
Bug#741564: libkio5: libkio : segmentation fault caused by KFileItemDelegate
On 03/14/2014 11:58 AM, Maximiliano Curia wrote: In article 532237B1.8030603__30393.1409529925$1394751274$gmane$o...@fnac.net you wrote: Some precisions. The SIGSEGV arise when we hover mouse on files in the file chooser dialog. The problems seems to be that KFileItemDelegate::paint ask for a state with d-animationState(...) and get a state that can have been deleted meanwhile (see kio/kio/kfileitemdelegate.cpp:~1271). Indeed, DelegateAnimationHandler::animationState (in kio/kio/delegateanimationhandler.cpp:~330) calls setSequenceIndex(0) which has the effect of finally call DelegateAnimationHandler::runAnimations and delete state (in kio/kio/delegateanimationhandler.cpp:~440). Interesting, can you check if this bug is still present in kde4.12.3 (it's currently available in experimental), and if so, report it upstream? Also, if you seem to be quite close the produce a patch, which may attract more eyes. I've only checked by code review, and yes the suspicious code seems unchanged in the current git tree. I've filled a report on the kde bug tracker : https://bugs.kde.org/show_bug.cgi?id=332132 I can write a patch that workaround the problem, but I'm not sure to find the solution the authors of this code would imagine. In any case, the backtrace that you provide could be improved adding the corresponding states to the involved variables, so even someone foreing to this code (like myself), can understand somthing like why is that state is not forward and not valid. I won't be able to use the monitor features of gdb since the bug disappear if i attach to the process. However i can add printf traces and still reproduce the bug. Is it what you mean ? Thanks, Cheers. -- To UNSUBSCRIBE, email to debian-qt-kde-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5322e811.6050...@fnac.net
Processed: Re: Bug#741564: libkio5: libkio : segmentation fault caused by KFileItemDelegate
Processing control commands: tag -1 + upstream Bug #741564 [libkio5] libkio5: libkio : segmentation fault caused by KFileItemDelegate Added tag(s) upstream. forwarded -1 https://bugs.kde.org/show_bug.cgi?id=332132 Bug #741564 [libkio5] libkio5: libkio : segmentation fault caused by KFileItemDelegate Set Bug forwarded-to-address to 'https://bugs.kde.org/show_bug.cgi?id=332132'. -- 741564: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741564 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-qt-kde-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.b741564.139480032826787.transcr...@bugs.debian.org
Bug#741564: libkio5: libkio : segmentation fault caused by KFileItemDelegate
Control: tag -1 + upstream Control: forwarded -1 https://bugs.kde.org/show_bug.cgi?id=332132 ¡Hola Paul! El 2014-03-14 a las 12:29 +0100, Paul Chavent escribió: I've only checked by code review, and yes the suspicious code seems unchanged in the current git tree. Ok. I've filled a report on the kde bug tracker : https://bugs.kde.org/show_bug.cgi?id=332132 Great, I've added the forward information to the Debian bug. I can write a patch that workaround the problem, but I'm not sure to find the solution the authors of this code would imagine. Well, preparing a patch, testing it in your environment, and submitting it to git.reviewboard.kde.org is a consistent way to get the developers feedback. In any case, the backtrace that you provide could be improved adding the corresponding states to the involved variables, so even someone foreing to this code (like myself), can understand somthing like why is that state is not forward and not valid. I won't be able to use the monitor features of gdb since the bug disappear if i attach to the process. However i can add printf traces and still reproduce the bug. Is it what you mean ? Well, printf won't work, you'll need to use kDebug or kWarning. And configure your ~/.kde/share/config/kdebugrc to get the debug output to stderr, I think it's something like this: [kio (delegateanimationhandler)] InfoOutput=2 The warning should appear in the ~/.xsession-errors file. Happy hacking, -- Brilliant opportunities are cleverly disguised as insolvable problems. -- Gardener's Philosophy The reverse is also true. -- Corollary Saludos /\/\ /\ `/ signature.asc Description: Digital signature
Bug#741564: libkio5: libkio : segmentation fault caused by KFileItemDelegate
Package: libkio5 Version: 4:4.11.3-2 Severity: important Dear Maintainer, If i use the libreoffice-kde integration package, the opening of a file dialog rises a SIGSEGV. If i try to attach to the process with gdb or valgrind the problem disapear. However, i can get a coredump that gives : Core was generated by `/usr/lib/libreoffice/program/soffice.bin --splash- pipe=5'. Program terminated with signal 11, Segmentation fault. #0 checkValidity (current=..., this=0x540058) at .../../kio/kio/delegateanimationhandler_p.h:46 (gdb) where #0 checkValidity (current=..., this=0x540058) at .../../kio/kio/delegateanimationhandler_p.h:46 #1 KFileItemDelegate::paint (this=0x27644d0, painter=0x7fff702f0090, option=..., index=...) at ../../kio/kio/kfileitemdelegate.cpp:1291 #2 0x7fe31f539791 in QListView::paintEvent (this=0x27769d0, e=optimized out) at itemviews/qlistview.cpp:1039 #3 0x7fe31f071ab0 in QWidget::event (this=this@entry=0x27769d0, event=event@entry=0x7fff702f0860) at kernel/qwidget.cpp:8533 #4 0x7fe31f40fc5e in QFrame::event (this=0x27769d0, e=0x7fff702f0860) at widgets/qframe.cpp:557 [...] I also tried to change the line 1291 of kio/kio/kfileitemdelegate.cpp with fprintf(stderr, cache = %p\n, cache); fprintf(stderr, valid = %d\n, cache-valid); if (cache-checkValidity(opt.state) cache-regular.size() == opt.rect.size()) When i run libreoffice and open filechooser dialog i get : cache = 0x3a37b80 valid = 1 cache = 0x3a37b80 valid = 1 cache = 0x540058 SIGSEGV So cache pointer seems to be corrupted. -- System Information: Debian Release: jessie/sid APT prefers testing-updates APT policy: (500, 'testing-updates'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.12-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libkio5 depends on: ii libacl1 2.2.52-1 ii libattr11:2.4.47-1 ii libc6 2.18-4 ii libkdecore5 4:4.11.3-2 ii libkdeui5 4:4.11.3-2 ii libnepomuk4 4:4.11.3-2 ii libqt4-dbus 4:4.8.5+git209-g718fae5+dfsg-1 ii libqt4-network 4:4.8.5+git209-g718fae5+dfsg-1 ii libqt4-svg 4:4.8.5+git209-g718fae5+dfsg-1 ii libqt4-xml 4:4.8.5+git209-g718fae5+dfsg-1 ii libqtcore4 4:4.8.5+git209-g718fae5+dfsg-1 ii libqtgui4 4:4.8.5+git209-g718fae5+dfsg-1 ii libsolid4 4:4.11.3-2 ii libstdc++6 4.8.2-16 ii libstreamanalyzer0 0.7.8-1+b1 ii libx11-62:1.6.2-1 ii libxrender1 1:0.9.8-1 Versions of packages libkio5 recommends: ii kdelibs5-plugins 4:4.11.3-2 libkio5 suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-qt-kde-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140313214640.26332.2784.report...@tank.matrix.lan
Bug#741564: libkio5: libkio : segmentation fault caused by KFileItemDelegate
Some precisions. The SIGSEGV arise when we hover mouse on files in the file chooser dialog. The problems seems to be that KFileItemDelegate::paint ask for a state with d-animationState(...) and get a state that can have been deleted meanwhile (see kio/kio/kfileitemdelegate.cpp:~1271). Indeed, DelegateAnimationHandler::animationState (in kio/kio/delegateanimationhandler.cpp:~330) calls setSequenceIndex(0) which has the effect of finally call DelegateAnimationHandler::runAnimations and delete state (in kio/kio/delegateanimationhandler.cpp:~440). Regards. Paul. On 03/13/2014 10:46 PM, Paul Chavent wrote: Package: libkio5 Version: 4:4.11.3-2 Severity: important Dear Maintainer, If i use the libreoffice-kde integration package, the opening of a file dialog rises a SIGSEGV. If i try to attach to the process with gdb or valgrind the problem disapear. However, i can get a coredump that gives : Core was generated by `/usr/lib/libreoffice/program/soffice.bin --splash- pipe=5'. Program terminated with signal 11, Segmentation fault. #0 checkValidity (current=..., this=0x540058) at .../../kio/kio/delegateanimationhandler_p.h:46 (gdb) where #0 checkValidity (current=..., this=0x540058) at .../../kio/kio/delegateanimationhandler_p.h:46 #1 KFileItemDelegate::paint (this=0x27644d0, painter=0x7fff702f0090, option=..., index=...) at ../../kio/kio/kfileitemdelegate.cpp:1291 #2 0x7fe31f539791 in QListView::paintEvent (this=0x27769d0, e=optimized out) at itemviews/qlistview.cpp:1039 #3 0x7fe31f071ab0 in QWidget::event (this=this@entry=0x27769d0, event=event@entry=0x7fff702f0860) at kernel/qwidget.cpp:8533 #4 0x7fe31f40fc5e in QFrame::event (this=0x27769d0, e=0x7fff702f0860) at widgets/qframe.cpp:557 [...] I also tried to change the line 1291 of kio/kio/kfileitemdelegate.cpp with fprintf(stderr, cache = %p\n, cache); fprintf(stderr, valid = %d\n, cache-valid); if (cache-checkValidity(opt.state) cache-regular.size() == opt.rect.size()) When i run libreoffice and open filechooser dialog i get : cache = 0x3a37b80 valid = 1 cache = 0x3a37b80 valid = 1 cache = 0x540058 SIGSEGV So cache pointer seems to be corrupted. -- System Information: Debian Release: jessie/sid APT prefers testing-updates APT policy: (500, 'testing-updates'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.12-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libkio5 depends on: ii libacl1 2.2.52-1 ii libattr11:2.4.47-1 ii libc6 2.18-4 ii libkdecore5 4:4.11.3-2 ii libkdeui5 4:4.11.3-2 ii libnepomuk4 4:4.11.3-2 ii libqt4-dbus 4:4.8.5+git209-g718fae5+dfsg-1 ii libqt4-network 4:4.8.5+git209-g718fae5+dfsg-1 ii libqt4-svg 4:4.8.5+git209-g718fae5+dfsg-1 ii libqt4-xml 4:4.8.5+git209-g718fae5+dfsg-1 ii libqtcore4 4:4.8.5+git209-g718fae5+dfsg-1 ii libqtgui4 4:4.8.5+git209-g718fae5+dfsg-1 ii libsolid4 4:4.11.3-2 ii libstdc++6 4.8.2-16 ii libstreamanalyzer0 0.7.8-1+b1 ii libx11-62:1.6.2-1 ii libxrender1 1:0.9.8-1 Versions of packages libkio5 recommends: ii kdelibs5-plugins 4:4.11.3-2 libkio5 suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-qt-kde-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/532237b1.8030...@fnac.net