'[frameworks-frameworkintegration] [Bug 343976] New: Segfault in SysTray triggered by Trojita'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-bugs-dist
Subject:    [frameworks-frameworkintegration] [Bug 343976] New: Segfault in SysTray triggered by Trojita
From:       Jan Kundrát <jkt () kde ! org>
Date:       2015-02-09 19:12:01
Message-ID: bug-343976-17878 () http ! bugs ! kde ! org/
[Download RAW message or body]

https://bugs.kde.org/show_bug.cgi?id=343976

            Bug ID: 343976
           Summary: Segfault in SysTray triggered by Trojita
           Product: frameworks-frameworkintegration
           Version: unspecified
          Platform: Other
                OS: Linux
            Status: UNCONFIRMED
          Severity: crash
          Priority: NOR
         Component: general
          Assignee: kdelibs-bugs@kde.org
          Reporter: jkt@kde.org

Three users reported earlier today crashes during the first run of a Qt5 build
Trojita (extragear/pim/trojita) which does not use KDE or KF5 libraries. Here's
a report from Valgrind (also at
https://gist.github.com/eliasp/4f0ea86a45c117b8ed22, courtesy of eliasp on
IRC):

==9425== Invalid read of size 8
==9425== at 0x4FC39D2: QWidget::removeAction(QAction*) (qscopedpointer.h:135)
==9425== by 0x1706AC32: SystemTrayMenu::removeMenuItem(QPlatformMenuItem*)
(kdeplatformsystemtrayicon.cpp:93)
==9425== by 0x50DEBEE: QMenu::actionEvent(QActionEvent*) (qmenu.cpp:3054)
==9425== by 0x4FCB724: QWidget::event(QEvent*) (qwidget.cpp:9022)
==9425== by 0x50E3F7A: QMenu::event(QEvent*) (qmenu.cpp:2515)
==9425== by 0x4F8BF0B: QApplicationPrivate::notify_helper(QObject*, QEvent*)
(qapplication.cpp:3722)
==9425== by 0x4F90F1F: QApplication::notify(QObject*, QEvent*)
(qapplication.cpp:3505)
==9425== by 0x84C13E4: QCoreApplication::notifyInternal(QObject*, QEvent*)
(qcoreapplication.cpp:932)
==9425== by 0x4FC3A4A: QWidget::removeAction(QAction*) (qcoreapplication.h:228)
==9425== by 0x4F82960: QAction::~QAction() (qaction.cpp:573)
==9425== by 0x4F82AC8: QAction::~QAction() (qaction.cpp:592)
==9425== by 0x84EF5BB: QObjectPrivate::deleteChildren() (qobject.cpp:1950)
==9425== Address 0x219318a8 is 8 bytes inside a block of size 48 free'd
==9425== at 0x4C2A55C: operator delete(void*) (vg_replace_malloc.c:502)
==9425== by 0x17E6A9A7: KStatusNotifierItem::~KStatusNotifierItem()
(kstatusnotifieritem.cpp:71)
==9425== by 0x17E6AE68: KStatusNotifierItem::~KStatusNotifierItem()
(kstatusnotifieritem.cpp:74)
==9425== by 0x1706A072: KDEPlatformSystemTrayIcon::cleanup()
(kdeplatformsystemtrayicon.cpp:264)
==9425== by 0x52C040A: QSystemTrayIcon::~QSystemTrayIcon()
(qsystemtrayicon.cpp:144)
==9425== by 0x52C0428: QSystemTrayIcon::~QSystemTrayIcon()
(qsystemtrayicon.cpp:145)
==9425== by 0x441CA5: Gui::MainWindow::removeSysTray() (Window.cpp:784)
==9425== by 0x45235F: Gui::MainWindow::slotShowSettings() (Window.cpp:1147)
==9425== by 0x45EAF9: Gui::MainWindow::qt_static_metacall(QObject*,
QMetaObject::Call, int, void**) (moc_Window.cpp:393)
==9425== by 0x84F1A35: QObject::event(QEvent*) (qobject.cpp:1245)
==9425== by 0x4FCB423: QWidget::event(QEvent*) (qwidget.cpp:9083)
==9425== by 0x50B970A: QMainWindow::event(QEvent*) (qmainwindow.cpp:1495) 

This is what Trojita is doing with the systray. The code calls removeSysTray()
followed by a toggleSysTray() during the initial setup:

void MainWindow::createSysTray()
{
    if (m_trayIcon)
        return;

    qApp->setQuitOnLastWindowClosed(false);

    m_trayIcon = new QSystemTrayIcon(this);
    handleTrayIconChange();

    QAction* quitAction = new QAction(tr("&Quit"), m_trayIcon);
    connect(quitAction, SIGNAL(triggered()), qApp, SLOT(quit()));

    QMenu *trayIconMenu = new QMenu(this);
    trayIconMenu->addAction(quitAction);
    m_trayIcon->setContextMenu(trayIconMenu);

    // QMenu cannot be a child of QSystemTrayIcon, and we don't want the QMenu
in MainWindow scope.
    connect(m_trayIcon, SIGNAL(destroyed()), trayIconMenu,
SLOT(deleteLater()));

    connect(m_trayIcon, SIGNAL(activated(QSystemTrayIcon::ActivationReason)),
            this, SLOT(slotIconActivated(QSystemTrayIcon::ActivationReason)));
    connect(imapModel(), SIGNAL(messageCountPossiblyChanged(QModelIndex)),
this, SLOT(handleTrayIconChange()));
    m_trayIcon->setVisible(true);
    m_trayIcon->show();
}

void MainWindow::removeSysTray()
{
    delete m_trayIcon;
    m_trayIcon = 0;

    qApp->setQuitOnLastWindowClosed(true);
}

void MainWindow::slotToggleSysTray()
{
    bool showSystray = m_settings->value(Common::SettingsNames::guiShowSystray,
QVariant(true)).toBool();
    if (showSystray && !m_trayIcon) {
        createSysTray();
    } else if (!showSystray && m_trayIcon) {
        removeSysTray();
    }
}

Reproducible: Always

Steps to Reproduce:
1. Build Qt5 version of Trojita (cmake -DWITH_QT5=ON)
2. rm -f ~/.config/flaska.net/trojita-mehwtf.conf
3. `trojita --profile mehwtf`, type "localhost" in IMAP -> Server and SMTP ->
Server, press OK, wittness the crash



I do not think that the QSysTrayIcon dance we're doing is correct because it
used to work just fine in Qt4, and it also works well with a git Qt 5.4.1 (a
couple weeks old) when run within Plasma4. On the other hand, three users
reported crashes under Plasma5, two on Gentoo, one on Arch.

-- 
You are receiving this mail because:
You are watching all bug changes.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic