Double object deletion in KHTMLPart dtor

Andras Mantia amantia at kde.org
Tue Dec 9 15:42:13 GMT 2003 

Laurent Montel wrote:

> On Tuesday 09 December 2003 15:36, Dirk Mueller wrote:
>> On Monday 08 December 2003 18:58, Andras Mantia wrote:
>> > Conclusion: I would like to remove the delete->m_find; from the dtor.
>> > Agreed?
>>
>> which other path deletes it?
>>
>> BTW, please ask laurent, he committed this as memleak fix.

CVS annotate shown me that it was a commit by dfaure when the new KFind was introduced.

> I don't see problem.
> I delete it into destructor and write after "d->m_find = 0;"
> so it's not a double deletion.
> 
> And I don't see where it deleted into code.
> 
> I tested into all khtml_part, and there is not a deleteLater for
> d->m_find. So I don't understand where is the double-deletion.
> I don't success to obtain crash into konqueror/quanta....

I modified meantime the Quanta code, and I will retest if it still crashes or not. What I saw:
- crash on exit in Quanta when the KHTML part was destroyed
- sometimes there was a crash, other times a printout to console that said "Double QObject deletion detected"
- valgrind indicated the double deletion in ~KHTMLPart, ~KFind (this is what I remember), but as I said my kdelibs was not compiled with debug info, so no exact line numbers were given. But from the above it means that it crashed when a KFind object was deleted, which lead me to that line in ~KHTMLPart.

Tested with current Quanta BE, and yes, it crashes on exit. And now I don't insert the KHTMLPart GUI in the main window, but execute the find action directly.
Reproducing: invoke the context help on a tag (eg. html), search in the documentation and close Quanta. 
valgrind reports:

==10678== Invalid read of size 4
==10678==    at 0x4056B48F: KHTMLPart::~KHTMLPart() (/development/sources/kde-head/kdelibs/khtml/khtml_part.cpp:409)
==10678==    by 0x8117F50: WHTMLPart::~WHTMLPart() (/home/andris/development/quanta/quanta-be/quanta/widgets/whtmlpart.cpp:44)
==10678==    by 0x4092D239: KParts::Part::slotWidgetDestroyed() (in /opt/kde-cvs/lib/libkparts.so.2.1.0)
==10678==    by 0x4092F838: KParts::Part::qt_invoke(int, QUObject*) (in /opt/kde-cvs/lib/libkparts.so.2.1.0)
==10678==    Address 0x4E685C0C is 0 bytes inside a block of size 80 free'd
==10678==    at 0x40028C2D: __builtin_delete (vg_replace_malloc.c:233)
==10678==    by 0x40028C4B: operator delete(void*) (vg_replace_malloc.c:242)
==10678==    by 0x40982730: KFind::~KFind() (/development/sources/kde-head/kdelibs/kutils/kfind.cpp:99)
==10678==    by 0x415B1929: QWidget::~QWidget() (kernel/qwidget.cpp:922)
==10678==
==10678== Invalid write of size 4
==10678==    at 0x4157D7FB: QObject::~QObject() (kernel/qobject.cpp:436)
==10678==    by 0x4056B4A3: KHTMLPart::~KHTMLPart() (/development/sources/kde-head/kdelibs/khtml/khtml_part.cpp:409)
==10678==    by 0x8117F50: WHTMLPart::~WHTMLPart() (/home/andris/development/quanta/quanta-be/quanta/widgets/whtmlpart.cpp:44)
==10678==    by 0x4092D239: KParts::Part::slotWidgetDestroyed() (in /opt/kde-cvs/lib/libkparts.so.2.1.0)
==10678==    Address 0x4E685C0C is 0 bytes inside a block of size 80 free'd
==10678==    at 0x40028C2D: __builtin_delete (vg_replace_malloc.c:233)
==10678==    by 0x40028C4B: operator delete(void*) (vg_replace_malloc.c:242)
==10678==    by 0x40982730: KFind::~KFind() (/development/sources/kde-head/kdelibs/kutils/kfind.cpp:99)
==10678==    by 0x415B1929: QWidget::~QWidget() (kernel/qwidget.cpp:922)
==10678==
==10678== Invalid read of size 1
==10678==    at 0x4157D800: QObject::~QObject() (kernel/qobject.cpp:437)
==10678==    by 0x4056B4A3: KHTMLPart::~KHTMLPart() (/development/sources/kde-head/kdelibs/khtml/khtml_part.cpp:409)
==10678==    by 0x8117F50: WHTMLPart::~WHTMLPart() (/home/andris/development/quanta/quanta-be/quanta/widgets/whtmlpart.cpp:44)
==10678==    by 0x4092D239: KParts::Part::slotWidgetDestroyed() (in /opt/kde-cvs/lib/libkparts.so.2.1.0)
==10678==    Address 0x4E685C10 is 4 bytes inside a block of size 80 free'd
==10678==    at 0x40028C2D: __builtin_delete (vg_replace_malloc.c:233)
==10678==    by 0x40028C4B: operator delete(void*) (vg_replace_malloc.c:242)
==10678==    by 0x40982730: KFind::~KFind() (/development/sources/kde-head/kdelibs/kutils/kfind.cpp:99)
==10678==    by 0x415B1929: QWidget::~QWidget() (kernel/qwidget.cpp:922)
Double QObject deletion detected.
==10678==
==10678== Invalid free() / delete / delete[]
==10678==    at 0x40028C2D: __builtin_delete (vg_replace_malloc.c:233)
==10678==    by 0x40028C4B: operator delete(void*) (vg_replace_malloc.c:242)
==10678==    by 0x4157DBA9: QObject::~QObject() (kernel/qobject.cpp:503)
==10678==    by 0x4056B4A3: KHTMLPart::~KHTMLPart() (/development/sources/kde-head/kdelibs/khtml/khtml_part.cpp:409)
==10678==    Address 0x4E685C0C is 0 bytes inside a block of size 80 free'd
==10678==    at 0x40028C2D: __builtin_delete (vg_replace_malloc.c:233)
==10678==    by 0x40028C4B: operator delete(void*) (vg_replace_malloc.c:242)
==10678==    by 0x40982730: KFind::~KFind() (/development/sources/kde-head/kdelibs/kutils/kfind.cpp:99)
==10678==    by 0x415B1929: QWidget::~QWidget() (kernel/qwidget.cpp:922)
==10678== discard syms in /usr/lib/gconv/ISO8859-1.so due to munmap()
==10678== discard syms in /lib/libnss_files.so.2 due to munmap()
==10678==
==10678== ERROR SUMMARY: 83 errors from 9 contexts (suppressed: 706 from 10)
==10678== malloc/free: in use at exit: 6272815 bytes in 238938 blocks.
==10678== malloc/free: 3720150 allocs, 3481213 frees, 111555120 bytes allocated.
==10678== For a detailed leak analysis,  rerun with: --leak-check=yes
==10678== For counts of detected errors, rerun with: -v


Andras

-- 
Quanta Plus developer - http://quanta.sourceforge.net
K Desktop Environment - http://www.kde.org

More information about the kfm-devel mailing list