[Konsole-devel] Review Request 119004: Fix crash caused by dereferencing a deleted submenu

Arjun Ak arjunak234 at gmail.com
Tue Jul 1 12:52:53 UTC 2014



> On July 1, 2014, 6:17 p.m., Kurt Hindenburg wrote:
> > Aaccording to the KDE api (4.x):
> > 
> > KMenu * KActionMenu::menu	(		)	
> > Returns this action's menu as a KMenu, if it is one.
> > If none exists, one will be created.
> > 
> > Can you provide any instances where the current code actually crashes?

Thread 1 (Thread 0x7ffc34b698c0 (LWP 8160)):
[KCrash Handler]
#6  0x00007ffc3715c5d6 in QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> >::data (this=0x8) at ../../include/QtCore/qscopedpointer.h:143
#7  0x00007ffc371bb3b5 in qGetPtrHelper<QScopedPointer<QObjectData> > (p=...) at ../../include/QtCore/qglobal.h:941
#8  0x00007ffc371bc31c in QWidget::d_func (this=0x0) at ../../include/QtWidgets/qwidget.h:129
#9  0x00007ffc371a6580 in QWidget::actions (this=0x0) at kernel/qwidget.cpp:3039
#10 0x00007ffc3732a01b in QMenu::clear (this=0x0) at widgets/qmenu.cpp:1800
#11 0x00007ffc3d533466 in Konsole::MainWindow::profileListChanged (this=0x1fb06e0, sessionActions=...) at /home/arjun/kde5-src/kde/applications/konsole/src/MainWindow.cpp:399
#12 0x00007ffc3d53d326 in QtPrivate::FunctorCall<QtPrivate::IndexesList<0>, QtPrivate::List<QList<QAction*> const&>, void, void (Konsole::MainWindow::*)(QList<QAction*> const&)>::call (f=(void (Konsole::MainWindow::*)(Konsole::MainWindow * const, const QList<QAction*> &)) 0x7ffc3d533406 <Konsole::MainWindow::profileListChanged(QList<QAction*> const&)>, o=0x1fb06e0, arg=0x7fffebd7e550) at /home/arjun/qt5/qtbase/include/QtCore/qobjectdefs_impl.h:508
#13 0x00007ffc3d53c2bd in QtPrivate::FunctionPointer<void (Konsole::MainWindow::*)(QList<QAction*> const&)>::call<QtPrivate::List<QList<QAction*> const&>, void> (f=(void (Konsole::MainWindow::*)(Konsole::MainWindow * const, const QList<QAction*> &)) 0x7ffc3d533406 <Konsole::MainWindow::profileListChanged(QList<QAction*> const&)>, o=0x1fb06e0, arg=0x7fffebd7e550) at /home/arjun/qt5/qtbase/include/QtCore/qobjectdefs_impl.h:527
#14 0x00007ffc3d53b41f in QtPrivate::QSlotObject<void (Konsole::MainWindow::*)(QList<QAction*> const&), QtPrivate::List<QList<QAction*> const&>, void>::impl (which=1, this_=0x1fe42b0, r=0x1fb06e0, a=0x7fffebd7e550, ret=0x0) at /home/arjun/qt5/qtbase/include/QtCore/qobject_impl.h:151
#15 0x00007ffc3634dcad in QtPrivate::QSlotObjectBase::call (this=0x1fe42b0, r=0x1fb06e0, a=0x7fffebd7e550) at ../../include/QtCore/qobject_impl.h:132
#16 0x00007ffc3634ae5f in QMetaObject::activate (sender=0x20095b0, signalOffset=3, local_signal_index=1, argv=0x7fffebd7e550) at kernel/qobject.cpp:3666
#17 0x00007ffc3634a77a in QMetaObject::activate (sender=0x20095b0, m=0x7ffc3d50cb40 <Konsole::ProfileList::staticMetaObject>, local_signal_index=1, argv=0x7fffebd7e550) at kernel/qobject.cpp:3546
#18 0x00007ffc3d29d755 in Konsole::ProfileList::actionsChanged (this=0x20095b0, _t1=...) at /home/arjun/kde5-build/kde/applications/konsole/src/moc_ProfileList.cpp:173
#19 0x00007ffc3d22b1ad in Konsole::ProfileList::favoriteChanged (this=0x20095b0, profile=..., isFavorite=true) at /home/arjun/kde5-src/kde/applications/konsole/src/ProfileList.cpp:146
#20 0x00007ffc3d22c701 in QtPrivate::FunctorCall<QtPrivate::IndexesList<0, 1>, QtPrivate::List<KSharedPtr<Konsole::Profile>, bool>, void, void (Konsole::ProfileList::*)(KSharedPtr<Konsole::Profile>, bool)>::call (f=(void (Konsole::ProfileList::*)(Konsole::ProfileList * const, KSharedPtr<Konsole::Profile>, bool)) 0x7ffc3d22af40 <Konsole::ProfileList::favoriteChanged(KSharedPtr<Konsole::Profile>, bool)>, o=0x20095b0, arg=0x7fffebd7e930) at /home/arjun/qt5/qtbase/include/QtCore/qobjectdefs_impl.h:508
#21 0x00007ffc3d22c433 in QtPrivate::FunctionPointer<void (Konsole::ProfileList::*)(KSharedPtr<Konsole::Profile>, bool)>::call<QtPrivate::List<KSharedPtr<Konsole::Profile>, bool>, void> (f=(void (Konsole::ProfileList::*)(Konsole::ProfileList * const, KSharedPtr<Konsole::Profile>, bool)) 0x7ffc3d22af40 <Konsole::ProfileList::favoriteChanged(KSharedPtr<Konsole::Profile>, bool)>, o=0x20095b0, arg=0x7fffebd7e930) at /home/arjun/qt5/qtbase/include/QtCore/qobjectdefs_impl.h:527
#22 0x00007ffc3d22bf91 in QtPrivate::QSlotObject<void (Konsole::ProfileList::*)(KSharedPtr<Konsole::Profile>, bool), QtPrivate::List<KSharedPtr<Konsole::Profile>, bool>, void>::impl (which=1, this_=0x2000240, r=0x20095b0, a=0x7fffebd7e930, ret=0x0) at /home/arjun/qt5/qtbase/include/QtCore/qobject_impl.h:151
#23 0x00007ffc3634dcad in QtPrivate::QSlotObjectBase::call (this=0x2000240, r=0x20095b0, a=0x7fffebd7e930) at ../../include/QtCore/qobject_impl.h:132
#24 0x00007ffc3634ae5f in QMetaObject::activate (sender=0x1feec30, signalOffset=3, local_signal_index=3, argv=0x7fffebd7e930) at kernel/qobject.cpp:3666
#25 0x00007ffc3634a77a in QMetaObject::activate (sender=0x1feec30, m=0x7ffc3d50cb80 <Konsole::ProfileManager::staticMetaObject>, local_signal_index=3, argv=0x7fffebd7e930) at kernel/qobject.cpp:3546
#26 0x00007ffc3d29dcc4 in Konsole::ProfileManager::favoriteStatusChanged (this=0x1feec30, _t1=..., _t2=true) at /home/arjun/kde5-build/kde/applications/konsole/src/moc_ProfileManager.cpp:200
#27 0x00007ffc3d23013f in Konsole::ProfileManager::setFavorite (this=0x1feec30, profile=..., favorite=true) at /home/arjun/kde5-src/kde/applications/konsole/src/ProfileManager.cpp:449
#28 0x00007ffc3d21c428 in Konsole::ManageProfilesDialog::createProfile (this=0x237ad60) at /home/arjun/kde5-src/kde/applications/konsole/src/ManageProfilesDialog.cpp:346
#29 0x00007ffc3d2223e0 in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (Konsole::ManageProfilesDialog::*)()>::call(void (Konsole::ManageProfilesDialog::*)(), Konsole::ManageProfilesDialog*, void**) (f=(void (Konsole::ManageProfilesDialog::*)(Konsole::ManageProfilesDialog * const)) 0x7ffc3d21c03a <Konsole::ManageProfilesDialog::createProfile()>, o=0x237ad60, arg=0x7fffebd7eda0) at /home/arjun/qt5/qtbase/include/QtCore/qobjectdefs_impl.h:508


- Arjun


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/119004/#review61384
-----------------------------------------------------------


On June 29, 2014, 1:13 a.m., Arjun Ak wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://git.reviewboard.kde.org/r/119004/
> -----------------------------------------------------------
> 
> (Updated June 29, 2014, 1:13 a.m.)
> 
> 
> Review request for Konsole.
> 
> 
> Repository: konsole
> 
> 
> Description
> -------
> 
> Submenu of new "newTabMenuAction" is dereferenced in multiple places without first checking whether it is null or not which can lead to a crash, especially since we delete it (https://projects.kde.org/projects/kde/applications/konsole/repository/revisions/c4f7f512f3bbd8235947defc8f3f848244d7ca1b/entry/src/MainWindow.cpp#L422) if there is only one profile to be shown.
> 
> 
> Diffs
> -----
> 
>   src/MainWindow.cpp 86d04de 
> 
> Diff: https://git.reviewboard.kde.org/r/119004/diff/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Arjun Ak
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/konsole-devel/attachments/20140701/bd117162/attachment.html>


More information about the konsole-devel mailing list