[Uml-devel] Spurious segfault on click on note or enum widgets in class diagram

Wed May 17 14:29:02 UTC 2006

Hi Achim,
thanks for the patch. However, the real problem isn't in those
methods. Let me explain.

Those methods were wrong, but because I've missed the precondition in
the documentation of the methods. I mean, the code is right, but the
comments should explain that they can't be called with an empty list.
If the precondition is violated, things can (and will) go awry. So
it's responsability for the caller methods to ensure that the
precondition isn't violated.

So, why are they called with an empty list? As far as I can tell, it's
a synchronization problem. Under certain circumstances, the method
which handles the mouse move event is called before the method which
handles the mouse press event has finished. So m_leftButtonDown was
set to true, but selectSingle wasn't executed yet, so no widget was
selected. When the selected widgets list is updated, no widget is
selected so it goes empty, and then the getSmallest/BiggestX/Y methods
crash.

In my humble opinion, this should be controlled in ToolbarState. For
example, queueing incoming events if there's one being processed, and
process the queued ones one at a time once the process of the event
being handled finishes. This way, no simultaneous handling of
different events can occur.

By the way Achim, would you mind sending me the XMI file which causes
the crash? I've already one file which I can use to test this problem,
but I'd prefer a wider test base. If you don't want to do it, no
problem at all, it's only a suggestion :)

2006/5/17, Achim Spangler <A.Spangler at osb-ag.de>:
> Hi again,
> sorry - copy&paste lead to a wrong fix for the last function in this group.
>
> Attached diff fixes this.
>
> Bye,
> Achim
> Am Mittwoch, 17. Mai 2006 18:10 schrieb Achim Spangler:
> > Hi,
> > the current version of umbrello from REPO suffers sometimes a segfault,
> > when simple items like a note or enum widget is clicked.
> >
> > The relevant part of the stacktrace is as follows:
> > [KCrash handler]
> > #6  0x08232efe in UMLWidgetController::getSmallestX ()
> > #7  0x0823319d in UMLWidgetController::updateSelectionBounds ()
> > #8  0x082333c0 in UMLWidgetController::mouseMoveEvent ()
> > #9  0x081b6dd3 in ToolBarState::mouseMove ()
> > #10 0x081b7a56 in ToolBarStateArrow::mouseMove ()
> > #11 0xb7243dc7 in QScrollView::viewportMouseMoveEvent ()
> >
> >
> > The following functions were a little unsafe:
> > int UMLWidgetController::getSmallestX(const UMLWidgetList &widgetList) {
> > int UMLWidgetController::getSmallestY(const UMLWidgetList &widgetList) {
> > int UMLWidgetController::getBiggestX(const UMLWidgetList &widgetList) {
> > int UMLWidgetController::getBiggestY(const UMLWidgetList &widgetList) {
> >
> > The problem was:
> > When the widgetList is empty, so that the function it.toFirst() returns
> > NULL, those functions dereferenced a NULL pointer without any check.
> >
> > I fixed this in the attached patch.
> > I don't know, whether this is the only reason for the segfault. But this
> > was in my opinion in any case a riscy code.
> >
> > Bye,
> > Achim
>
> --
> Achim Spangler
> OSB AG Ingenieur- und IT-Dienstleistungen
> Klenzestraße 38
> 80469 München
> Fon:   +49 (0) 89/23 88 57-49
> Fax:   +49 (0) 89/23 88 57-40
> Mobil: +49 (0)179/29 22 888
> Email: a.spangler at osb-ag.de
> WWW:  http://www.osb-ag.de/
>
>
>