QDialog on stack+exec and dbus quit crash is no more

Jan Kundrát jkt at flaska.net
Mon Nov 11 20:04:35 GMT 2013 

On Monday, 11 November 2013 19:17:22 CEST, Albert Astals Cid wrote:
> Not sure you're understanding what i say, we have an explicit check about 
> QDialog on stack+exec that says "it will crash if you dbus quit".

We've chatted about this with Albert on IRC. My understanding of this is 
that there are many situations which can trigger destruction of the parent 
object; one of them involves triggering the QAction "game_quit" via DBUS. 
As such, I consider the EBN check a valid warning, similar to compiler 
warning about other dubious code constructs like no parentheses around && 
and ||, or unused variables -- might be valid in some circumstances, but 
should raise an eyebrow during review, and it might make sense to strive to 
make the code warning-free.

However, there's another bug, probably in the kdeui code. When I trigger 
that QAction, this is what valgrind reports:

==355524== Invalid write of size 1
==355524==    at 0x5E3A6D7: 
QMenuPrivate::activateCausedStack(QList<QPointer<QWidget> > const&, 
QAction*, QAction::ActionEvent, bool) (qobject_p.h:321)
==355524==    by 0x5E412F2: QMenuPrivate::activateAction(QAction*, 
QAction::ActionEvent, bool) (qmenu.cpp:1130)
==355524==    by 0x5424A1A: KMenu::mouseReleaseEvent(QMouseEvent*) 
(kmenu.cpp:464)
==355524==    by 0x5A000DB: QWidget::event(QEvent*) (qwidget.cpp:8376)
==355524==    by 0x5E429DA: QMenu::event(QEvent*) (qmenu.cpp:2481)
==355524==    by 0x59A03BB: QApplicationPrivate::notify_helper(QObject*, 
QEvent*) (qapplication.cpp:4562)
==355524==    by 0x59A6168: QApplication::notify(QObject*, QEvent*) 
(qapplication.cpp:4105)
==355524==    by 0x533F265: KApplication::notify(QObject*, QEvent*) 
(kapplication.cpp:311)
==355524==    by 0x712AA3B: QCoreApplication::notifyInternal(QObject*, 
QEvent*) (qcoreapplication.cpp:949)
==355524==    by 0x59A1461: QApplicationPrivate::sendMouseEvent(QWidget*, 
QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool) 
(qcoreapplication.h:231)
==355524==    by 0x5A31BA0: QETWidget::translateMouseEvent(_XEvent const*) 
(qapplication_x11.cpp:4451)
==355524==    by 0x5A303B9: QApplication::x11ProcessEvent(_XEvent*) 
(qapplication_x11.cpp:3640)
==355524==  Address 0x165b1d21 is 529 bytes inside a block of size 728 
free'd
==355524==    at 0x4C2AE0C: operator delete(void*) 
(vg_replace_malloc.c:480)
==355524==    by 0x714715F: QObject::~QObject() (qscopedpointer.h:62)
==355524==    by 0x59FA0C9: QWidget::~QWidget() (qwidget.cpp:1554)
==355524==    by 0x54248CC: KMenu::~KMenu() (kmenu.cpp:168)
==355524==    by 0x7140783: QObjectPrivate::deleteChildren() 
(qobject.cpp:1907)
==355524==    by 0x59FA02C: QWidget::~QWidget() (qwidget.cpp:1679)
==355524==    by 0x5421315: KMainWindow::~KMainWindow() 
(kmainwindow.cpp:467)
==355524==    by 0x11A5AE: KMinesMainWindow::~KMinesMainWindow() (in 
/home/jkt/work/prog/kde/kmines/kmines)
==355524==    by 0x7147AC7: QObject::event(QEvent*) (qobject.cpp:1175)
==355524==    by 0x59FFDFA: QWidget::event(QEvent*) (qwidget.cpp:8846)
==355524==    by 0x5E13C8A: QMainWindow::event(QEvent*) 
(qmainwindow.cpp:1478)
==355524==    by 0x546E0C7: KXmlGuiWindow::event(QEvent*) 
(kxmlguiwindow.cpp:126)

I have no idea why the DBUS calls to QAction are handled as mouse events, 
but I suspect something fishy is going on here.

Cheers,
Jan

-- 
Trojitá, a fast Qt IMAP e-mail client -- http://trojita.flaska.net/

More information about the kde-core-devel mailing list