Crash in KRecentFilesAction related to KURL handling

Thiago Macieira thiago at kde.org
Wed Dec 21 00:31:21 GMT 2005 

Andras Mantia wrote:
> I may regret the day when I implemented the shortname feature in
>KRecentFilesActions...
>In KRecentFilesAction::addURL there is a workaround to avoid a crash,
>wheree the manipulation is done on a copy of a KURL. David (Faure)
>corrected my comment to look like this:
>
>     const KURL u = url; // make a copy since d->m_urls.erase( title )
>could destroy the KURL that "url" references

I was looking at that code today.

What happens is that the const KURL& url argument was extracted from the 
d->m_urls list itself. That means it is invalidated when the erase method 
is called.

>Unfortunately it doesn't seem to help and now I'm clueless. The code in
>this method looks correct, still it corrupts KURL. Later down in the
>same method there is a line:
>    d->m_urls.insert( title, u );
>
>After this line the "url" is corrupted.

Indeed. You're not supposed to use "url" at all after the erase call 
above.

>"url" is passed as "const KURL& 
>url", those it is corrupted also in the method where it might be used,
>so the crash can happen anytime after a KRecentFilesAction::addURL call
>where the url argument is used.
>
>Does anyone have a clue what can happen here? I may try valgrind if it
>works on x86_64, but only with addrcheck.

I think it is now fixed. David fix it a week ago. I came up with a similar 
solution today and only found out about David's fix when I tried to 
commit and got an error of out-of-date sources.

The point is: addURL modifies the d->m_urls list. Therefore, one should 
not keep references to elements in the list accross calls to addURL. That 
is all.
-- 
  Thiago Macieira  -  thiago (AT) macieira.info - thiago (AT) kde.org
    PGP/GPG: 0x6EF45358; fingerprint:
    E067 918B B660 DBD1 105C  966C 33F5 F005 6EF4 5358

5. Swa he géanhwearf tó timbran, and hwonne he cóm, lá! Unix cwæð "Hello, 
World". Ǽfre ǽghwilc wæs glæd and seo woruld wæs fréo.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20051220/deda6653/attachment.sig>

More information about the kde-core-devel mailing list