130967 – konqueror crashes when doing a save-as

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 130967 - konqueror crashes when doing a save-as

Summary: konqueror crashes when doing a save-as

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	gamin
Sub Component:
Version:	rawhide
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Daniel Veillard
QA Contact:
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	132922 (view as bug list)
Depends On:
Blocks:	FC3Target 131589
TreeView+	depends on / blocked

Reported:	2004-08-26 08:22 UTC by Ellen Shull
Modified:	2013-04-02 04:20 UTC (History)
CC List:	1 user (show)
Fixed In Version:	0.0.9
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2004-09-04 08:32:38 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
gdb trace of the crash (deleted) 2004-08-26 08:23 UTC, Ellen Shull	no flags	Details
View All

Description Ellen Shull 2004-08-26 08:22:02 UTC

Description of problem:
konqueror (other kde progs too?) crashes when doing a save-as, with a 
SIGSEGV in free () from /usr/lib/libkdecore.so.4

Version-Release number of selected component (if applicable):
kdelibs-3.3.0-1

How reproducible:
Always on my system...

Steps to Reproduce:
1.  Start up konqueror, go to a page with stuff to download (I've been
using http://kuoi.asui.uidaho.edu/~wes/images/ since it's mine)
2.  Right-click and save-as something.  (I've been using
"Adam_Osborne.jpg" since it's the first thing there)
  
Actual results:
File downloads, then konq crashes.  For a reason I don't understand,
it just says "Alarm clock", but if you do it in gdb it's actually a
segfault.  See attached gdb output.

Expected results:
File saves, no crash.

Additional info:
Could this actually be a problem with gamin?

Comment 1 Ellen Shull 2004-08-26 08:23:02 UTC

Created attachment 103112 [details]
gdb trace of the crash

Comment 2 Than Ngo 2004-08-30 09:32:38 UTC

it looks like a bug in gamin (fam replacement), which causes this
crash here. It works fine with fam. I reassign it to correct component

Comment 3 Daniel Veillard 2004-08-30 09:38:11 UTC

can you upgrade to gamin-0.0.8 from rawhide and retry ?
There was some serious problem with version 0.0.7

Daniel

Comment 4 Ellen Shull 2004-08-30 11:17:50 UTC

Yes, it still happens with gamin-0.0.8, exact same call trace even.  I
went a little further this time and rebuilt gamin with --enable-debug
to get a better look at what's going bad, so...  near the end of
FAMCancelMonitor:

    /*
     * TODO: check should this *really* be freed ?
     */
    free(fr);

That's the free that it's crashing on.

I also ran my test in konqueror under valgrind memcheck, and it turns
up two spots with fam-related problems:

==13894== Conditional jump or move depends on uninitialised value(s)
==13894==    at 0x1BC40E88: KDirWatchPrivate::checkFAMEvent(FAMEvent*)
(in /usr/lib/libkio.so.4.2.0)
==13894==    by 0x1BC41350: KDirWatchPrivate::famEventReceived() (in
/usr/lib/libkio.so.4.2.0)
==13894==    by 0x1BC4161F: KDirWatchPrivate::qt_invoke(int,
QUObject*) (in /usr/lib/libkio.so.4.2.0)
==13894==    by 0x1C603C9D: QObject::activate_signal(QConnectionList*,
QUObject*) (in /usr/lib/qt-3.3/lib/libqt-mt.so.3.3.3)
==13894==
==13894== Conditional jump or move depends on uninitialised value(s)
==13894==    at 0x1C272400: free (in /usr/lib/libkdecore.so.4.2.0)
==13894==    by 0x1CBD12EA: FAMCancelMonitor (gam_api.c:1182)
==13894==    by 0x1BC3ED34: KDirWatchPrivate::removeEntry(KDirWatch*,
QString const&, KDirWatchPrivate::Entry*) (in /usr/lib/libkio.so.4.2.0)
==13894==    by 0x1BC3EEDE: KDirWatch::removeDir(QString const&) (in
/usr/lib/libkio.so.4.2.0)

Comment 5 Daniel Veillard 2004-08-30 12:18:05 UTC

Okay, the free() should not be done, that's clear now, thanks a lot
I will fix that. However I'm not clear about the one in
KDirWatchPrivate::checkFAMEvent

  1/ I don't know that code
  2/ Conditional jump or move depends on uninitialised value(s)
     can be generated by valgrind when run on optimized code
     whithout it being a real programming mistake. 

But I will try to make sure the full FAMEvent structure as returned
by FAMNextEvent is fully initialized.
I will double-check and commit this to CVs soon. I will probably
make a new release of gamin this week.

Daniel

Comment 6 Daniel Veillard 2004-09-01 08:32:32 UTC

Okay, reproduced the crash, verified that the change fixes the 
problem, this is commited in gamin CVS, and should hit Rawhide soon.

  thanks,

Daniel

Comment 7 Ellen Shull 2004-09-04 08:32:38 UTC

Got the new package from rawhide and tested it; fix works as 
promised.  Thanks, closing this bug now.

Comment 8 Ellen Shull 2004-09-04 08:41:36 UTC

Oh, one last thing...  I noticed you changed the component from 
'gamin' to 'kon2'.  I'm assuming that was an accident and I'm 
changing it back so as not to confuse anyone.

Comment 9 Daniel Veillard 2004-09-04 09:33:25 UTC

yeah, it was a mistake, thanks !

Daniel

Comment 10 Daniel Veillard 2004-09-21 14:19:23 UTC

*** Bug 132922 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.