[Kdelibs-bugs] [BUG] Crash in Download Progress

Dmitry Suzdalev dimsuz at gmail.com
Fri Nov 2 11:17:07 CET 2007 

On Friday 02 November 2007 13:06:37 David Faure wrote:
> On Thursday 01 November 2007, Rafael Fernández López wrote:
> > Attached is a patch. QByteArray is implicitly shared. When you create
> > with the copy constructor another object, they are internally shared, and
> > when one of them is destroyed and the other tries to access, boom !!
>
> This makes no sense to me.
> The whole point of refcounting is that when one of them is destroyed the
> other one is still fine. Do you have an actual valgrind log of this crash,
> or is this just guessing?

Here's the the valgrind log from kmail side (hehe, it doesn't crash under 
valgrind):


==17851== Invalid read of size 4
==17851==    at 0x5A3714A: QListData::isEmpty() const (qlist.h:83)
==17851==    by 0x5A3EEC4: QList<KIO::Task>::isEmpty() const (qlist.h:118)
==17851==    by 0x5A3C699: KIO::ConnectionPrivate::dequeue() 
(connection.cpp:79)
==17851==    by 0x5A3D5DA: KIO::Connection::qt_metacall(QMetaObject::Call, 
int, void**) (connection.moc:71)
==17851==    by 0x4142457: QMetaCallEvent::placeMetaCall(QObject*) 
(qobject.cpp:538)
==17851==    by 0x414719C: QObject::event(QEvent*) (qobject.cpp:1121)
==17851==    by 0x61EF1D6: QApplicationPrivate::notify_helper(QObject*, 
QEvent*) (qapplication.cpp:3558)
==17851==    by 0x61EF4EF: QApplication::notify(QObject*, QEvent*) 
(qapplication.cpp:3117)
==17851==    by 0x54874BE: KApplication::notify(QObject*, QEvent*) 
(kapplication.cpp:319)
==17851==    by 0x413528F: QCoreApplication::notifyInternal(QObject*, QEvent*) 
(qcoreapplication.cpp:532)
==17851==    by 0x4138552: QCoreApplication::sendEvent(QObject*, QEvent*) 
(qcoreapplication.h:202)
==17851==    by 0x4135766: QCoreApplicationPrivate::sendPostedEvents(QObject*, 
int, QThreadData*) (qcoreapplication.cpp:1115)
==17851==  Address 0x7870CA8 is 0 bytes inside a block of size 20 free'd
==17851==    at 0x4024096: operator delete(void*) (vg_replace_malloc.c:244)
==17851==    by 0x5A3D252: KIO::Connection::~Connection() (connection.cpp:386)
==17851==    by 0x5B12684: 
KIO::SlaveInterfacePrivate::~SlaveInterfacePrivate() (slaveinterface_p.h:40)
==17851==    by 0x5B120FD: KIO::SlaveInterface::~SlaveInterface() 
(slaveinterface.cpp:54)
==17851==    by 0x5B047B4: KIO::Slave::~Slave() (slave.cpp:170)
==17851==    by 0x5B03D47: KIO::Slave::deref() (slave.cpp:243)
==17851==    by 0x5B04531: KIO::Slave::gotInput() (slave.cpp:331)
==17851==    by 0x5B05963: KIO::Slave::qt_metacall(QMetaObject::Call, int, 
void**) (slave.moc:74)
==17851==    by 0x41492FD: QMetaObject::activate(QObject*, int, int, void**) 
(qobject.cpp:3080)
==17851==    by 0x4149D08: QMetaObject::activate(QObject*, QMetaObject const*, 
int, void**) (qobject.cpp:3142)
==17851==    by 0x5A3B772: KIO::Connection::readyRead() (connection.moc:83)
==17851==    by 0x5A3C64D: KIO::ConnectionPrivate::dequeue() 
(connection.cpp:77)
==17851==
==17851== Invalid read of size 4
==17851==    at 0x5A37152: QListData::isEmpty() const (qlist.h:83)
==17851==    by 0x5A3EEC4: QList<KIO::Task>::isEmpty() const (qlist.h:118)
==17851==    by 0x5A3C699: KIO::ConnectionPrivate::dequeue() 
(connection.cpp:79)
==17851==    by 0x5A3D5DA: KIO::Connection::qt_metacall(QMetaObject::Call, 
int, void**) (connection.moc:71)
==17851==    by 0x4142457: QMetaCallEvent::placeMetaCall(QObject*) 
(qobject.cpp:538)
==17851==    by 0x414719C: QObject::event(QEvent*) (qobject.cpp:1121)
==17851==    by 0x61EF1D6: QApplicationPrivate::notify_helper(QObject*, 
QEvent*) (qapplication.cpp:3558)
==17851==    by 0x61EF4EF: QApplication::notify(QObject*, QEvent*) 
(qapplication.cpp:3117)
==17851==    by 0x54874BE: KApplication::notify(QObject*, QEvent*) 
(kapplication.cpp:319)
==17851==    by 0x413528F: QCoreApplication::notifyInternal(QObject*, QEvent*) 
(qcoreapplication.cpp:532)
==17851==    by 0x4138552: QCoreApplication::sendEvent(QObject*, QEvent*) 
(qcoreapplication.h:202)
==17851==    by 0x4135766: QCoreApplicationPrivate::sendPostedEvents(QObject*, 
int, QThreadData*) (qcoreapplication.cpp:1115)
==17851==  Address 0x7870CA8 is 0 bytes inside a block of size 20 free'd
==17851==    at 0x4024096: operator delete(void*) (vg_replace_malloc.c:244)
==17851==    by 0x5A3D252: KIO::Connection::~Connection() (connection.cpp:386)
==17851==    by 0x5B12684: 
KIO::SlaveInterfacePrivate::~SlaveInterfacePrivate() (slaveinterface_p.h:40)
==17851==    by 0x5B120FD: KIO::SlaveInterface::~SlaveInterface() 
(slaveinterface.cpp:54)
==17851==    by 0x5B047B4: KIO::Slave::~Slave() (slave.cpp:170)
==17851==    by 0x5B03D47: KIO::Slave::deref() (slave.cpp:243)
==17851==    by 0x5B04531: KIO::Slave::gotInput() (slave.cpp:331)
==17851==    by 0x5B05963: KIO::Slave::qt_metacall(QMetaObject::Call, int, 
void**) (slave.moc:74)
==17851==    by 0x41492FD: QMetaObject::activate(QObject*, int, int, void**) 
(qobject.cpp:3080)
==17851==    by 0x4149D08: QMetaObject::activate(QObject*, QMetaObject const*, 
int, void**) (qobject.cpp:3142)
==17851==    by 0x5A3B772: KIO::Connection::readyRead() (connection.moc:83)
==17851==    by 0x5A3C64D: KIO::ConnectionPrivate::dequeue() 
(connection.cpp:77)


Sending this from kmail being valgrinded, hope it'll arrive just okk :)

Dmitry.

More information about the Kdelibs-bugs mailing list