[Digikam-devel] [Bug 209207] Crash when deleting saved searches (GPS and Timeline)
Andi Clemens
andi.clemens at gmx.net
Fri Oct 9 16:29:40 BST 2009
https://bugs.kde.org/show_bug.cgi?id=209207
--- Comment #18 from Andi Clemens <andi clemens gmx net> 2009-10-09 17:29:32 ---
This problem is weird. As you can see in this trace, the item gets deleted
twice:
Invalid read of size 4
==21813== at 0x822DCCC: Digikam::AlbumHistory::deleteAlbum(Digikam::Album*)
(albumhistory.cpp:146)
==21813== by 0x82912A7:
Digikam::DigikamView::slotAlbumDeleted(Digikam::Album*) (digikamview.cpp:822)
==21813== by 0x828B878: Digikam::DigikamView::qt_metacall(QMetaObject::Call,
int, void**) (digikamview.moc:283)
==21813== by 0x6A0C8AB: QMetaObject::activate(QObject*, int, int, void**)
(in /usr/lib/libQtCore.so.4.5.3)
==21813== by 0x6A0D4E1: QMetaObject::activate(QObject*, QMetaObject const*,
int, void**) (in /usr/lib/libQtCore.so.4.5.3)
==21813== by 0x8233C7F:
Digikam::AlbumManager::signalAlbumDeleted(Digikam::Album*)
(albummanager.moc:222)
==21813== by 0x82424E9:
Digikam::AlbumManager::deleteSAlbum(Digikam::SAlbum*) (albummanager.cpp:2356)
==21813== by 0x81C2A80:
Digikam::GPSSearchFolderView::searchDelete(Digikam::SAlbum*)
(gpssearchfolderview.cpp:184)
==21813== by 0x81C368E:
Digikam::GPSSearchFolderView::slotContextMenu(Q3ListViewItem*, QPoint const&,
int) (gpssearchfolderview.cpp:309)
==21813== by 0x81C1D49:
Digikam::GPSSearchFolderView::qt_metacall(QMetaObject::Call, int, void**)
(gpssearchfolderview.moc:95)
==21813== by 0x6A0C8AB: QMetaObject::activate(QObject*, int, int, void**)
(in /usr/lib/libQtCore.so.4.5.3)
==21813== by 0x6A0D4E1: QMetaObject::activate(QObject*, QMetaObject const*,
int, void**) (in /usr/lib/libQtCore.so.4.5.3)
==21813== Address 0x19b733d8 is 0 bytes inside a block of size 8 free'd
==21813== at 0x402322D: operator delete(void*) (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==21813== by 0x822DCEC: Digikam::AlbumHistory::deleteAlbum(Digikam::Album*)
(albumhistory.cpp:148)
==21813== by 0x82912A7:
Digikam::DigikamView::slotAlbumDeleted(Digikam::Album*) (digikamview.cpp:822)
==21813== by 0x828B878: Digikam::DigikamView::qt_metacall(QMetaObject::Call,
int, void**) (digikamview.moc:283)
==21813== by 0x6A0C8AB: QMetaObject::activate(QObject*, int, int, void**)
(in /usr/lib/libQtCore.so.4.5.3)
==21813== by 0x6A0D4E1: QMetaObject::activate(QObject*, QMetaObject const*,
int, void**) (in /usr/lib/libQtCore.so.4.5.3)
==21813== by 0x8233C7F:
Digikam::AlbumManager::signalAlbumDeleted(Digikam::Album*)
(albummanager.moc:222)
==21813== by 0x82424E9:
Digikam::AlbumManager::deleteSAlbum(Digikam::SAlbum*) (albummanager.cpp:2356)
==21813== by 0x81C2A80:
Digikam::GPSSearchFolderView::searchDelete(Digikam::SAlbum*)
(gpssearchfolderview.cpp:184)
==21813== by 0x81C368E:
Digikam::GPSSearchFolderView::slotContextMenu(Q3ListViewItem*, QPoint const&,
int) (gpssearchfolderview.cpp:309)
==21813== by 0x81C1D49:
Digikam::GPSSearchFolderView::qt_metacall(QMetaObject::Call, int, void**)
(gpssearchfolderview.moc:95)
==21813== by 0x6A0C8AB: QMetaObject::activate(QObject*, int, int, void**)
(in /usr/lib/libQtCore.so.4.5.3)
==21813==
==21813== Invalid free() / delete / delete[]
==21813== at 0x402322D: operator delete(void*) (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==21813== by 0x822DCEC: Digikam::AlbumHistory::deleteAlbum(Digikam::Album*)
(albumhistory.cpp:148)
==21813== by 0x82912A7:
Digikam::DigikamView::slotAlbumDeleted(Digikam::Album*) (digikamview.cpp:822)
==21813== by 0x828B878: Digikam::DigikamView::qt_metacall(QMetaObject::Call,
int, void**) (digikamview.moc:283)
==21813== by 0x6A0C8AB: QMetaObject::activate(QObject*, int, int, void**)
(in /usr/lib/libQtCore.so.4.5.3)
==21813== by 0x6A0D4E1: QMetaObject::activate(QObject*, QMetaObject const*,
int, void**) (in /usr/lib/libQtCore.so.4.5.3)
==21813== by 0x8233C7F:
Digikam::AlbumManager::signalAlbumDeleted(Digikam::Album*)
(albummanager.moc:222)
==21813== by 0x82424E9:
Digikam::AlbumManager::deleteSAlbum(Digikam::SAlbum*) (albummanager.cpp:2356)
==21813== by 0x81C2A80:
Digikam::GPSSearchFolderView::searchDelete(Digikam::SAlbum*)
(gpssearchfolderview.cpp:184)
==21813== by 0x81C368E:
Digikam::GPSSearchFolderView::slotContextMenu(Q3ListViewItem*, QPoint const&,
int) (gpssearchfolderview.cpp:309)
==21813== by 0x81C1D49:
Digikam::GPSSearchFolderView::qt_metacall(QMetaObject::Call, int, void**)
(gpssearchfolderview.moc:95)
==21813== by 0x6A0C8AB: QMetaObject::activate(QObject*, int, int, void**)
(in /usr/lib/libQtCore.so.4.5.3)
==21813== Address 0x19b733d8 is 0 bytes inside a block of size 8 free'd
==21813== at 0x402322D: operator delete(void*) (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==21813== by 0x822DCEC: Digikam::AlbumHistory::deleteAlbum(Digikam::Album*)
(albumhistory.cpp:148)
==21813== by 0x82912A7:
Digikam::DigikamView::slotAlbumDeleted(Digikam::Album*) (digikamview.cpp:822)
==21813== by 0x828B878: Digikam::DigikamView::qt_metacall(QMetaObject::Call,
int, void**) (digikamview.moc:283)
==21813== by 0x6A0C8AB: QMetaObject::activate(QObject*, int, int, void**)
(in /usr/lib/libQtCore.so.4.5.3)
==21813== by 0x6A0D4E1: QMetaObject::activate(QObject*, QMetaObject const*,
int, void**) (in /usr/lib/libQtCore.so.4.5.3)
==21813== by 0x8233C7F:
Digikam::AlbumManager::signalAlbumDeleted(Digikam::Album*)
(albummanager.moc:222)
==21813== by 0x82424E9:
Digikam::AlbumManager::deleteSAlbum(Digikam::SAlbum*) (albummanager.cpp:2356)
==21813== by 0x81C2A80:
Digikam::GPSSearchFolderView::searchDelete(Digikam::SAlbum*)
(gpssearchfolderview.cpp:184)
==21813== by 0x81C368E:
Digikam::GPSSearchFolderView::slotContextMenu(Q3ListViewItem*, QPoint const&,
int) (gpssearchfolderview.cpp:309)
==21813== by 0x81C1D49:
Digikam::GPSSearchFolderView::qt_metacall(QMetaObject::Call, int, void**)
(gpssearchfolderview.moc:95)
==21813== by 0x6A0C8AB: QMetaObject::activate(QObject*, int, int, void**)
(in /usr/lib/libQtCore.so.4.5.3)
When I remove the line albumhistory.cpp:148 (delete *iter), digiKam always
crashes (or ends up in an infinite loop).
If you use kDebug() to analyze the pointers, you can see that
QList::erase() is NOT returning the next iter object pointer, but the current
one.
Why?
I first thought this is an Qt 4.5.3 issue, but I wrote a small test app and in
there it didn't happen.
Valgrind will also state somewhere that AlbumHistory::addAlbum() is
re-allocating memory when using QList::push_back() or QList::append().
I then thought that we might have a race condition and that
AlbumHistory::addAlbum() is called while deleteAlbum is running and therefore
make the iterator invalid.
But this is not the case.
So what is this? Why is erase() not working correctly here?
I also made the stack lists normal objects instead of pointers, but it is not
working.
Any idea?
This is a serious problem that will mostly all the time crash digiKam.
There must be some simple explanation, but I can't find it at the moment.
Andi
--
Configure bugmail: https://bugs.kde.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the Digikam-devel
mailing list