problems with theme shadows in initPixmap("shadow-top") lead to krunner crashing

Marius Cirsta mforce2 at gmail.com
Tue May 8 14:46:39 UTC 2012


 Hi

First of all sorry for posting here, not sure if it's the right list
to post to but seems like there's dev activity here.
I'm a maintainer for Qt and KDE for less known distro, Frugalware.

Ever since the latest upgrade to glibc 2.15 we've had krunner crashing
on start with bad_alloc.

 I've managed to track the problem down after a some debugging and the
gdb backtrace is attached.

 Here's a description of what goes wrong.

 It's trying to use this function to get all those shadows:

QPixmap SvgPrivate::findInCache(const QString &elementId, const QSizeF &s)


it gets to :

   if (elementId.isEmpty() || (multipleImages && s.isValid())) {
       size = s.toSize();
   } else {
       size = elementRect(actualElementId).size().toSize();
   }

takes the else branch and size is returned as 0 from here:

QRectF SvgPrivate::findAndCacheElementRect(const QString &elementId)
{
 ........

   QRectF elementRect = renderer->elementExists(elementId) ?

renderer->matrixForElement(elementId).map(renderer->boundsOnElement(elementId)).boundingRect()
:
                        QRectF();

where it just builds a new QRectF with sizes set to 0 ( width and height )

it then all comes back here:

void PanelShadows::Private::initPixmap(const QString &element)
{
#ifdef Q_WS_X11
   QPixmap pix = q->pixmap(element);
   if (pix.handle() == 0) {
       volatile Pixmap xPix = XCreatePixmap(QX11Info::display(),
QX11Info::appRootWindow(), pix.width(), pix.height(), 32);
       QPixmap tempPix = QPixmap::fromX11Pixmap(xPix,
QPixmap::ExplicitlyShared);
       tempPix.fill(Qt::transparent);
       QPainter p(&tempPix);
       p.drawPixmap(QPoint(0, 0), pix);
       m_shadowPixmaps << tempPix;

pix will have 0 width and 0 height so X will error out resulting in an
invalid xPix. Then tempPix will have really weird values for width and
height, things like -123232 or 32555 , invalid ones for sure. When it
gets to  m_shadowPixmaps << tempPix qt will throws that bad_alloc.

I've gotten this far but I'm still not sure what the cause of it is or
how to properly fix it.
My hunch is that all these pixmaps that fail , all these shadows:

   initPixmap("shadow-top");
   initPixmap("shadow-topright");
   initPixmap("shadow-right");
   initPixmap("shadow-bottomright");
   initPixmap("shadow-bottom");
   initPixmap("shadow-bottomleft");
   initPixmap("shadow-left");
   initPixmap("shadow-topleft");

should have been created by the renderer from the theme but somehow
this fails. SVGs are not present , can't be rendered ?  Didn't check
this yet.

Anyway I think there should be a better way for KDE to handle this
even if there is a problem with the theme. I've been able to confirm
that adding these shadows to a theme fixes the crach and also that it
won't happen if the theme already has them. One very simple fix would
be to test for pixmap with width and height 0 in initPixmap but I feel
that more is needed here.

There's also a bug open for Arch users having a problem like this and
my guess is that it's the same one:
https://bugs.kde.org/show_bug.cgi?id=298131

 Thanks for reading this.
-------------- next part --------------
#0  0x00007ffff3beea77 in __cxa_throw () from /usr/lib/libstdc++.so.6
#1  0x00007ffff416cc42 in qBadAlloc () at global/qglobal.cpp:1991
#2  0x00007ffff4d94095 in QX11PixmapData::toImage (this=0x825f60, rect=...) at image/qpixmap_x11.cpp:1555
#3  0x00007ffff4d903ea in QX11PixmapData::toImage (this=<optimized out>) at image/qpixmap_x11.cpp:1584
#4  0x00007ffff4d9070d in QX11PixmapData::copy (this=0x826710, data=0x825f60, rect=...) at image/qpixmap_x11.cpp:2269
#5  0x00007ffff4d7da6a in QPixmap::copy (this=this at entry=0x7fffffffca10, rect=...) at image/qpixmap.cpp:390
#6  0x00007ffff4d7edf7 in QPixmap::QPixmap (this=0x7de4b0, pixmap=...) at image/qpixmap.cpp:303
#7  0x00007ffff734abba in node_construct (t=..., n=0xaaee98, this=<optimized out>) at /usr/include/QtCore/qlist.h:372
#8  QList<QPixmap>::append (this=this at entry=0x821958, t=...) at /usr/include/QtCore/qlist.h:512
#9  0x00007ffff7349a33 in operator<< (t=..., this=0x821958) at /usr/include/QtCore/qlist.h:334
#10 PanelShadows::Private::initPixmap (this=this at entry=0x821950, element=...) at /mnt/aux/packages/kdebase-workspace/src/kde-workspace-4.8.2/libs/plasmagenericshell/panelshadows.cpp:131
#11 0x00007ffff7349cfa in PanelShadows::Private::setupPixmaps (this=this at entry=0x821950) at /mnt/aux/packages/kdebase-workspace/src/kde-workspace-4.8.2/libs/plasmagenericshell/panelshadows.cpp:142
#12 0x00007ffff734a65d in PanelShadows::Private::updateShadows (this=0x821950) at /mnt/aux/packages/kdebase-workspace/src/kde-workspace-4.8.2/libs/plasmagenericshell/panelshadows.cpp:115
#13 0x00007ffff429615f in QMetaObject::activate (sender=0x82b4c0, m=<optimized out>, local_signal_index=<optimized out>, argv=0x0) at kernel/qobject.cpp:3547
#14 0x00007ffff6e2112f in Plasma::SvgPrivate::themeChanged() () from /usr/lib/libplasma.so.3
#15 0x00007ffff6e21389 in Plasma::Svg::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) () from /usr/lib/libplasma.so.3
#16 0x00007ffff429615f in QMetaObject::activate (sender=0x828370, m=<optimized out>, local_signal_index=<optimized out>, argv=0x0) at kernel/qobject.cpp:3547
#17 0x00007ffff6e29e8b in Plasma::ThemePrivate::notifyOfChanged() () from /usr/lib/libplasma.so.3
#18 0x00007ffff6e2a069 in Plasma::Theme::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) () from /usr/lib/libplasma.so.3
#19 0x00007ffff429615f in QMetaObject::activate (sender=0x835730, m=<optimized out>, local_signal_index=<optimized out>, argv=0x0) at kernel/qobject.cpp:3547
#20 0x00007ffff429553c in QObject::event (this=0x835730, e=<optimized out>) at kernel/qobject.cpp:1157
#21 0x00007ffff4c9d341 in QApplicationPrivate::notify_helper (this=this at entry=0x660070, receiver=receiver at entry=0x835730, e=e at entry=0x7fffffffd690) at kernel/qapplication.cpp:4554
#22 0x00007ffff4ca24c9 in QApplication::notify (this=0x654e30, receiver=0x835730, e=0x7fffffffd690) at kernel/qapplication.cpp:4415
#23 0x00007ffff6859d26 in KApplication::notify(QObject*, QEvent*) () from /usr/lib/libkdeui.so.5
#24 0x00007ffff427ebfe in QCoreApplication::notifyInternal (this=0x654e30, receiver=0x835730, event=0x7fffffffd690) at kernel/qcoreapplication.cpp:876
#25 0x00007ffff42b2ee2 in sendEvent (event=0x7fffffffd690, receiver=<optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:231
#26 QTimerInfoList::activateTimers (this=0x660b60) at kernel/qeventdispatcher_unix.cpp:611
#27 0x00007ffff42af804 in timerSourceDispatch (source=<optimized out>) at kernel/qeventdispatcher_glib.cpp:186
#28 timerSourceDispatch (source=source at entry=0x660b00) at kernel/qeventdispatcher_glib.cpp:180
#29 0x00007fffec496c6c in g_main_dispatch (context=0x660920) at gmain.c:2515
#30 g_main_context_dispatch (context=context at entry=0x660920) at gmain.c:3052
#31 0x00007fffec497088 in g_main_context_iterate (context=context at entry=0x660920, block=block at entry=1, dispatch=dispatch at entry=1, self=<error reading variable: Unhandled dwarf expression opcode 0xfa>) at gmain.c:3123
#32 0x00007fffec497144 in g_main_context_iteration (context=0x660920, may_block=1) at gmain.c:3184
#33 0x00007ffff42afff6 in QEventDispatcherGlib::processEvents (this=0x602ad0, flags=...) at kernel/qeventdispatcher_glib.cpp:424
#34 0x00007ffff4d4a70e in QGuiEventDispatcherGlib::processEvents (this=<optimized out>, flags=...) at kernel/qguieventdispatcher_glib.cpp:204
#35 0x00007ffff427d40f in QEventLoop::processEvents (this=this at entry=0x7fffffffd900, flags=...) at kernel/qeventloop.cpp:149
#36 0x00007ffff427d668 in QEventLoop::exec (this=0x7fffffffd900, flags=...) at kernel/qeventloop.cpp:204
#37 0x00007ffff42829a8 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1148
#38 0x00007ffff7ba6876 in kdemain (argc=2, argv=0x7fffffffdb58) at /mnt/aux/packages/kdebase-workspace/src/kde-workspace-4.8.2/krunner/main.cpp:66
#39 0x00007ffff77f7425 in __libc_start_main () from /lib/libc.so.6
#40 0x0000000000400711 in _start ()


More information about the Plasma-devel mailing list