[kmail2] [Bug 488265] New: Segfault when double-clicking on a draft (KMEditItemCommand)

Stefan Walter bugzilla_noreply at kde.org
Sun Jun 9 21:31:42 BST 2024 

https://bugs.kde.org/show_bug.cgi?id=488265

            Bug ID: 488265
           Summary: Segfault when double-clicking on a draft
                    (KMEditItemCommand)
    Classification: Applications
           Product: kmail2
           Version: 5.24.5
          Platform: Kubuntu
                OS: Linux
            Status: REPORTED
          Severity: crash
          Priority: NOR
         Component: commands and actions
          Assignee: kdepim-bugs at kde.org
          Reporter: kde at stefanw.anonaddy.com
  Target Milestone: ---

Created attachment 170299
  --> https://bugs.kde.org/attachment.cgi?id=170299&action=edit
Backtrace of the destructor being called too early

Double-clicking on a draft results in a segfault every time on my fresh Kubuntu
24.04 install.

ANALYSIS

The location varies slightly, but is always in KMCommand::completed
(https://github.com/KDE/kmail/blob/v23.08.5/src/kmcommands.cpp#L263). The
reason is that the KMCommand has already been destroyed in KMCommand::execute
(https://github.com/KDE/kmail/blob/v23.08.5/src/kmcommands.cpp#L259), as can be
seen from the other backtrace I attached.

The KMEditItemCommand starts an asynchronous job and queues its own destruction
at the finishing of that job
(https://github.com/KDE/kmail/blob/v23.08.5/src/kmcommands.cpp#L583 and
https://github.com/KDE/kmail/blob/v23.08.5/src/kmcommands.cpp#L626). The
assumption seems to be that that can happen only after the rest of the code is
executed, but actually the destruction occurs in win->setMessage
(https://github.com/KDE/kmail/blob/v23.08.5/src/kmcommands.cpp#L589).

This happens because PIM Messagelib gives back control by using a QEventLoop
(https://invent.kde.org/pim/messagelib/-/blob/v23.08.5/mimetreeparser/src/memento/compositememento.cpp?ref_type=tags#L47).
Maybe Messagelib behaved differently before this commit
(https://invent.kde.org/pim/messagelib/-/commit/938fab622b7eb258f89f9b1492a3a264c260be58),
but I haven't checked it.


STEPS TO REPRODUCE
1. Create a draft by clicking on "New" and pressing Ctrl+s
2. Go to the drafts folder and double-click on the draft.

OBSERVED RESULT
Crash (Segfault)

EXPECTED RESULT
Draft opens for editing


SOFTWARE/OS VERSIONS

Operating System: Ubuntu 24.04
KDE Plasma Version: 5.27.11
KDE Frameworks Version: 5.115.0
Qt Version: 5.15.13
Kernel Version: 6.8.0-35-generic (64-bit)
Graphics Platform: Wayland
Processors: 12 × 13th Gen Intel® Core™ i5-1335U
Memory: 15,3 GiB of RAM
Graphics Processor: Mesa Intel® Graphics
Manufacturer: HP
Product Name: HP EliteBook 860 16 inch G10 Notebook PC
System Version: SBKPF

BACKTRACE

(see also the attached backtrace where the destructor is called before the
crash)

Thread 1 "kmail" received signal SIGSEGV, Segmentation fault.
0x000075f37fa82646 in QQmlData::isSignalConnected (d=0xbc350e8e, index=4) at
qml/qqmlengine.cpp:849
849         if (ddata->ownedByQml1)
(gdb) bt
#0  0x000075f37fa82646 in QQmlData::isSignalConnected (d=0xbc350e8e, index=4)
at qml/qqmlengine.cpp:849
#1  0x000075f382d126fe in QObjectPrivate::isDeclarativeSignalConnected
(signal_index=4, this=<optimized out>) at kernel/qobject_p.h:110
#2  doActivate<false> (sender=0x599118280310, signal_index=4,
argv=0x7ffd94ddcc90) at kernel/qobject.cpp:3814
#3  0x000075f382d0b697 in QMetaObject::activate
(sender=sender at entry=0x599118280310, m=m at entry=0x75f38c53cc00
<KMCommand::staticMetaObject>, local_signal_index=local_signal_index at entry=1,
argv=argv at entry=0x7ffd94ddcc90) at kernel/qobject.cpp:3985
#4  0x000075f38c304cd4 in KMCommand::completed (this=this at entry=0x599118280310,
_t1=<optimized out>, _t1 at entry=0x599118280310) at
/usr/src/kmail-4:23.08.5-0ubuntu5/obj-x86_64-linux-gnu/src/kmailprivate_autogen/EWIEGA46WW/moc_kmcommands.cpp:201
#5  0x000075f38c41dc93 in KMCommand::slotPostTransfer (this=0x599118280310,
result=KMCommand::OK) at
/usr/src/kmail-4:23.08.5-0ubuntu5/src/kmcommands.cpp:263
#6  0x000075f382d12e16 in QtPrivate::QSlotObjectBase::call (a=0x7ffd94ddcdf0,
r=0x599118280310, this=0x5991187bf4f0) at
../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#7  doActivate<false> (sender=0x599118280310, signal_index=3,
argv=0x7ffd94ddcdf0) at kernel/qobject.cpp:3925
#8  0x000075f382d0b697 in QMetaObject::activate (sender=<optimized out>,
m=m at entry=0x75f38c53cc00 <KMCommand::staticMetaObject>,
local_signal_index=local_signal_index at entry=0, argv=argv at entry=0x7ffd94ddcdf0)
at kernel/qobject.cpp:3985
#9  0x000075f38c304c70 in KMCommand::messagesTransfered (this=<optimized out>,
_t1=<optimized out>) at
/usr/src/kmail-4:23.08.5-0ubuntu5/obj-x86_64-linux-gnu/src/kmailprivate_autogen/EWIEGA46WW/moc_kmcommands.cpp:194
#10 0x000075f382d12e16 in QtPrivate::QSlotObjectBase::call (a=0x7ffd94ddcf00,
r=0x599118280310, this=0x599118c59990) at
../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#11 doActivate<false> (sender=0x5991182c3850, signal_index=6,
argv=0x7ffd94ddcf00) at kernel/qobject.cpp:3925
#12 0x000075f382d0b697 in QMetaObject::activate
(sender=sender at entry=0x5991182c3850, m=<optimized out>,
local_signal_index=local_signal_index at entry=3, argv=argv at entry=0x7ffd94ddcf00)
at kernel/qobject.cpp:3985
#13 0x000075f383fa8266 in KJob::result (this=this at entry=0x5991182c3850,
_t1=<optimized out>, _t1 at entry=0x5991182c3850, _t2=...) at
/usr/src/kcoreaddons-5.115.0-0ubuntu5/obj-x86_64-linux-gnu/src/lib/KF5CoreAddons_autogen/include/moc_kjob.cpp:633
#14 0x000075f383fae0eb in KJob::finishJob (this=0x5991182c3850,
emitResult=<optimized out>) at
/usr/src/kcoreaddons-5.115.0-0ubuntu5/src/lib/jobs/kjob.cpp:98
#15 0x000075f382d06343 in QObject::event (this=0x5991182c3850,
e=0x5991173f1470) at kernel/qobject.cpp:1347
#16 0x000075f38396bd45 in QApplicationPrivate::notify_helper (this=<optimized
out>, receiver=0x5991182c3850, e=0x5991173f1470) at
kernel/qapplication.cpp:3640
#17 0x000075f382cd8118 in QCoreApplication::notifyInternal2
(receiver=0x5991182c3850, event=0x5991173f1470) at
kernel/qcoreapplication.cpp:1064
#18 0x000075f382cd8332 in QCoreApplication::sendEvent (receiver=<optimized
out>, event=<optimized out>) at kernel/qcoreapplication.cpp:1462
#19 0x000075f382cdb94b in QCoreApplicationPrivate::sendPostedEvents
(receiver=0x0, event_type=0, data=0x5991168d8070) at
kernel/qcoreapplication.cpp:1821
#20 0x000075f382cdbebd in QCoreApplication::sendPostedEvents
(receiver=<optimized out>, event_type=<optimized out>) at
kernel/qcoreapplication.cpp:1680
#21 0x000075f382d35c0f in postEventSourceDispatch (s=s at entry=0x599116906ed0) at
kernel/qeventdispatcher_glib.cpp:277
#22 0x000075f37e8075b5 in g_main_dispatch (context=0x75f370000ed0) at
../../../glib/gmain.c:3344
#23 0x000075f37e866717 in g_main_context_dispatch_unlocked
(context=0x75f370000ed0) at ../../../glib/gmain.c:4152
#24 g_main_context_iterate_unlocked.isra.0
(context=context at entry=0x75f370000ed0, block=block at entry=1,
dispatch=dispatch at entry=1, self=<optimized out>) at ../../../glib/gmain.c:4217
#25 0x000075f37e806a53 in g_main_context_iteration (context=0x75f370000ed0,
may_block=1) at ../../../glib/gmain.c:4282
#26 0x000075f382d35279 in QEventDispatcherGlib::processEvents
(this=0x5991168caab0, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#27 0x000075f382cd6a7b in QEventLoop::exec (this=this at entry=0x7ffd94ddd330,
flags=..., flags at entry=...) at
../../include/QtCore/../../src/corelib/global/qflags.h:69
#28 0x000075f382cdf3e8 in QCoreApplication::exec () at
../../include/QtCore/../../src/corelib/global/qflags.h:121
#29 0x000075f383138ecd in QGuiApplication::exec () at
kernel/qguiapplication.cpp:1863
#30 0x000075f38396bcb9 in QApplication::exec () at kernel/qapplication.cpp:2832
#31 0x0000599114c661b9 in main (argc=<optimized out>, argv=<optimized out>) at
/usr/src/kmail-4:23.08.5-0ubuntu5/src/main.cpp:188

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the Kdepim-bugs mailing list