[kmail2] [Bug 368766] New: KMail crashes when moving mail in reference counting code

Stephan Diestelhorst via KDE Bugzilla bugzilla_noreply at kde.org
Tue Sep 13 22:26:53 BST 2016 

https://bugs.kde.org/show_bug.cgi?id=368766

            Bug ID: 368766
           Summary: KMail crashes when moving mail in reference counting
                    code
           Product: kmail2
           Version: unspecified
          Platform: Neon Packages
                OS: Linux
            Status: UNCONFIRMED
          Severity: grave
          Priority: NOR
         Component: message list
          Assignee: kdepim-bugs at kde.org
          Reporter: stephan.diestelhorst at gmail.com

Version 5.3.0 (QtWebEngine)
Using:
KDE Frameworks 5.25.0
Qt 5.7.0 (built against 5.7.0)
The xcb windowing system
--
Project Neon User
--
I am using threaded view, but was moving a non-threaded message to a different
folder.  This smells like a race condition to me, maybe someone is free-ing
memory while the reference counter is non-zero, and someone still has a
reference to it and tries to set that to zero?
--
Related: bug 368496 and bug 364994.
Thread 1 "kmail" received signal SIGSEGV, Segmentation fault.
0x00007ffff2160efc in ?? () from
/usr/lib/x86_64-linux-gnu/libKF5MimeTreeParser.so.5
(gdb) bt                                                                        
#0  std::__atomic_base<int>::load (__m=std::memory_order_relaxed, this=<error
reading variable: Cannot access memory at address 0xb8>)
    at /usr/include/c++/5/bits/atomic_base.h:396                                
#1  QAtomicOps<int>::load<int> (_q_value=<error reading variable: Cannot access
memory at address 0xb8>)               
    at /usr/include/x86_64-linux-gnu/qt5/QtCore/qatomic_cxx11.h:103             
#2  QBasicAtomicInteger<int>::load (this=<error reading variable: Cannot access
memory at address 0xb8>)               
    at /usr/include/x86_64-linux-gnu/qt5/QtCore/qbasicatomic.h:99               
#3  QtPrivate::RefCount::ref (this=<error reading variable: Cannot access
memory at address 0xb8>)                     
    at /usr/include/x86_64-linux-gnu/qt5/QtCore/qrefcount.h:55                  
#4  QVector<QSharedPointer<MimeTreeParser::Interface::MessagePart> >::QVector
(v=..., this=<synthetic pointer>)        
    at /usr/include/x86_64-linux-gnu/qt5/QtCore/qvector.h:363                   
#5 
QForeachContainer<QVector<QSharedPointer<MimeTreeParser::Interface::MessagePart>
> const>::QForeachContainer (t=...,                
    this=<synthetic pointer>) at
/usr/include/x86_64-linux-gnu/qt5/QtCore/qglobal.h:944                          
#6  MimeTreeParser::toplevelTextNode (messageTree=...) at
/workspace/build/mimetreeparser/src/bodyformatter/utils.cpp:55                
#7  0x00007ffff216127a in MimeTreeParser::toplevelTextNode (messageTree=...)    
    at /workspace/build/mimetreeparser/src/bodyformatter/utils.cpp:64           
#8  0x00007ffff2175d04 in MimeTreeParser::ObjectTreeParser::parseObjectTree
(this=this at entry=0x7fffffffcd80, node=node at entry=0x2b63550)
    at /workspace/build/mimetreeparser/src/viewer/objecttreeparser.cpp:185
#9  0x00007ffff2ab4d27 in MessageViewer::ViewerPrivate::parseContent
(this=this at entry=0xae7670, content=0x2b63550)
    at /workspace/build/messageviewer/src/viewer/viewer_p.cpp:969
#10 0x00007ffff2ab531d in MessageViewer::ViewerPrivate::displayMessage
(this=this at entry=0xae7670)
    at /workspace/build/messageviewer/src/viewer/viewer_p.cpp:842
#11 0x00007ffff2ab5d8a in MessageViewer::ViewerPrivate::updateReaderWin
(this=0xae7670)
    at /workspace/build/messageviewer/src/viewer/viewer_p.cpp:2133
#12 0x00007ffff5ea9f36 in QMetaObject::activate(QObject*, int, int, void**) ()
from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#13 0x00007ffff5eb64e8 in QTimer::timerEvent(QTimerEvent*) () from
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#14 0x00007ffff5eaaa93 in QObject::event(QEvent*) () from
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#15 0x00007ffff676a89c in QApplicationPrivate::notify_helper(QObject*, QEvent*)
() from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#16 0x00007ffff6772296 in QApplication::notify(QObject*, QEvent*) () from
/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#17 0x00007ffff5e7eda8 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
() from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#18 0x00007ffff5ed123e in QTimerInfoList::activateTimers() () from
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#19 0x00007ffff5ed1771 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#20 0x00007fffea2b71a7 in g_main_context_dispatch () from
/lib/x86_64-linux-gnu/libglib-2.0.so.0
#21 0x00007fffea2b7400 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#22 0x00007fffea2b74ac in g_main_context_iteration () from
/lib/x86_64-linux-gnu/libglib-2.0.so.0
#23 0x00007ffff5ed22ef in
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
   from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#24 0x00007ffff5e7cd9a in
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#25 0x00007ffff5e853ac in QCoreApplication::exec() () from
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#26 0x0000000000403984 in ?? ()
#27 0x00007ffff52b7830 in __libc_start_main (main=0x4028d0, argc=1,
argv=0x7fffffffded8, init=<optimised out>, fini=<optimised out>, 
    rtld_fini=<optimised out>, stack_end=0x7fffffffdec8) at
../csu/libc-start.c:291
#28 0x0000000000404079 in _start ()
(gdb) q


Reproducible: Sometimes

Steps to Reproduce:
1. (Not sure: enable threaded view)
2. Move a few messages to other folders


Actual Results:  
KMail crashes with the backtrace above.

Expected Results:  
KMail just moves my message ;)

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the Kdepim-bugs mailing list