[amarok] [Bug 356855] New: Crash in scriptengine (MetaTypeExporter)

Gustaw Smolarczyk via KDE Bugzilla Thu, 17 Dec 2015 16:03:07 -0800

https://bugs.kde.org/show_bug.cgi?id=356855


            Bug ID: 356855
           Summary: Crash in scriptengine (MetaTypeExporter)
           Product: amarok
           Version: 2.8.90 (2.9 beta)
          Platform: Gentoo Packages
                OS: Linux
            Status: UNCONFIRMED
          Severity: crash
          Priority: NOR
         Component: Tools/Script Manager
          Assignee: amarok-bugs-d...@kde.org
          Reporter: wielkie...@gmail.com
                CC: darthco...@gmail.com

Hello,

In amarok 2.8 beta, I have found a problem with the MetaTrackPrototype class
after investigating a SIGSEGV due to one of the custom amarok scripts I use (to
be more precise it's amarokontrol). Since my understanding of amarok codebase
as well as my time is limited, I wanted to just point out an obvious mistake
without any patch that could fix it.

The mentioned class has a private QScriptEngine* m_engine field. However, it is
never assigned. It is then read in imagePixmap() method and then the SIGSEGV
occurs.

The problem doesn't occur in amarok 2.8, but if I understand correctly this
class has been introduced after 2.8.

Reproducible: Always

Steps to Reproduce:
1. Install amarokontrol script
(http://kde-apps.org/content/show.php?content=161189) along with an associated
android client application
2. Configure the android application
3. Poke inside the android application, change the song a few times, etc.

Actual Results:  
Crash in AmarokScript::MetaTrackPrototype::imagePixmap().

Expected Results:  
No crash

More complete backtrace:
(gdb) bt
#0  QScriptEngine::create (this=0x40, type=type@entry=70,
ptr=ptr@entry=0x7ffd4b680480) at
/var/tmp/portage/dev-qt/qtscript-4.8.7/work/qt-everywhere-opensource-src-4.8.7/src/script/api/qscriptengine.cpp:3000
#1  0x00007fe67ef58166 in qScriptValueFromValue_helper (ptr=0x7ffd4b680480,
type=70, engine=<optimized out>) at
/usr/include/qt4/QtScript/qscriptengine.h:323
#2  qScriptValueFromValue<QImage> (t=..., engine=<optimized out>) at
/usr/include/qt4/QtScript/qscriptengine.h:329
#3  QScriptEngine::toScriptValue<QImage> (value=..., this=<optimized out>) at
/usr/include/qt4/QtScript/qscriptengine.h:215
#4  AmarokScript::MetaTrackPrototype::imagePixmap (this=this@entry=0x41e9aa0,
size=1) at
/var/tmp/portage/media-sound/amarok-2.8.90/work/amarok-2.8.90/src/scripting/scriptengine/exporters/MetaTypeExporter.cpp:267
#5  0x00007fe67ef583f6 in AmarokScript::MetaTrackPrototype::qt_static_metacall
(_o=_o@entry=0x41e9aa0, _id=_id@entry=2, _a=_a@entry=0x7ffd4b680ba0,
_c=QMetaObject::InvokeMetaMethod)
    at
/var/tmp/portage/media-sound/amarok-2.8.90/work/amarok-2.8.90_build/src/MetaTypeExporter.moc:101
#6  0x00007fe67ef586e3 in AmarokScript::MetaTrackPrototype::qt_static_metacall
(_a=0x7ffd4b680ba0, _id=2, _c=QMetaObject::InvokeMetaMethod, _o=0x41e9aa0)
    at
/var/tmp/portage/media-sound/amarok-2.8.90/work/amarok-2.8.90_build/src/MetaTypeExporter.moc:144
#7  AmarokScript::MetaTrackPrototype::qt_metacall (this=0x41e9aa0,
_c=QMetaObject::InvokeMetaMethod, _id=2, _a=0x7ffd4b680ba0) at
/var/tmp/portage/media-sound/amarok-2.8.90/work/amarok-2.8.90_build/src/MetaTypeExporter.moc:145
#8  0x00007fe67b22a63d in QScript::callQtMethod (exec=0x7fe5dcd401f0,
callType=QMetaMethod::Method, thisQObject=0x41e9aa0, scriptArgs=...,
meta=0x7fe67f421940 <AmarokScript::MetaTrackPrototype::staticMetaObject>,
initialIndex=6, 
    maybeOverloaded=true) at
/var/tmp/portage/dev-qt/qtscript-4.8.7/work/qt-everywhere-opensource-src-4.8.7/src/script/bridge/qscriptqobject.cpp:960
#9  0x00007fe67b22b8d7 in QScript::QtFunction::execute (this=0x7ffd4b6804e0,
this@entry=0x7fe5dc9bf000, exec=0x40, thisValue=..., thisValue@entry=...,
scriptArgs=...)
    at
/var/tmp/portage/dev-qt/qtscript-4.8.7/work/qt-everywhere-opensource-src-4.8.7/src/script/bridge/qscriptqobject.cpp:1015
#10 0x00007fe67b22baea in QScript::QtFunction::call (exec=0x7fe5dcd401f0,
callee=0x7fe5dc9bf000, thisValue=..., args=...)
    at
/var/tmp/portage/dev-qt/qtscript-4.8.7/work/qt-everywhere-opensource-src-4.8.7/src/script/bridge/qscriptqobject.cpp:1030
#11 0x00007fe67b12a648 in QTJSC::NativeFuncWrapper::operator()
(this=this@entry=0x7ffd4b680db0, exec=0x7fe5dcd401f0,
jsobj=jsobj@entry=0x7fe5dc9bf000, thisValue=..., argList=...)
    at
/var/tmp/portage/dev-qt/qtscript-4.8.7/work/qt-everywhere-opensource-src-4.8.7/src/3rdparty/javascriptcore/JavaScriptCore/runtime/CallData.cpp:46
#12 0x00007fe67b105790 in QTJSC::cti_op_call_NotJSFunction
(args=0x7ffd4b680e00) at
/var/tmp/portage/dev-qt/qtscript-4.8.7/work/qt-everywhere-opensource-src-4.8.7/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITStubs.cpp:1780
#13 0x00007fe55803c516 in ?? ()
#14 0x000000f600000000 in ?? ()
#15 0x00007fe5dc9bf000 in ?? ()
#16 0x00007fe60000000f in ?? ()
#17 0xffff000000000001 in ?? ()
#18 0x00007fe500000003 in ?? ()
#19 0x00007ffd00000010 in ?? ()
#20 0x0000000000000010 in ?? ()
#21 0x00007fe67d438b1f in QAbstractItemView::update (this=<optimized out>,
index=...) at
/var/tmp/portage/dev-qt/qtgui-4.8.7/work/qt-everywhere-opensource-src-4.8.7/src/gui/itemviews/qabstractitemview.cpp:3167
#22 0x00007fe5dcd40000 in ?? ()
#23 0x00007fe5dd65d800 in ?? ()
#24 0x00007fe67b4c1dc8 in QTJSC::ExecutableAllocator::pageSize () from
/usr/lib64/qt4/libQtScript.so.4
#25 0x00000000037e3298 in ?? ()
#26 0x00007fe5dcd40048 in ?? ()
#27 0x00007fe5dd632d10 in ?? ()
#28 0x00007fe67b0bc7a5 in QTJSC::JITCode::execute (exception=0x7fe5dd65ea88,
globalData=0xffff000000000002, callFrame=0x1ff, registerFile=0x7fe5dd65d818,
this=0x7fe5dc8e3b00)
    at
/var/tmp/portage/dev-qt/qtscript-4.8.7/work/qt-everywhere-opensource-src-4.8.7/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITCode.h:79
#29 QTJSC::Interpreter::execute (this=0x7fe5dd65d800,
functionExecutable=0x7fe5dc8e3af0, callFrame=0x7fe5dcd40178,
callFrame@entry=0x37e3298, function=function@entry=0x7fe5dc962240,
thisObj=<optimized out>, args=..., 
    scopeChain=0x7fe5dc8fb8d0, exception=0x7fe5dd65ea88) at
/var/tmp/portage/dev-qt/qtscript-4.8.7/work/qt-everywhere-opensource-src-4.8.7/src/3rdparty/javascriptcore/JavaScriptCore/interpreter/Interpreter.cpp:716
#30 0x00007fe67b157e01 in QTJSC::JSFunction::call (this=0x7fe5dc962240,
exec=exec@entry=0x37e3298, thisValue=..., args=...)
    at
/var/tmp/portage/dev-qt/qtscript-4.8.7/work/qt-everywhere-opensource-src-4.8.7/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSFunction.cpp:122
#31 0x00007fe67b12a68f in QTJSC::call (exec=exec@entry=0x37e3298,
functionObject=..., callType=<optimized out>, callData=..., thisValue=...,
thisValue@entry=..., args=...)
    at
/var/tmp/portage/dev-qt/qtscript-4.8.7/work/qt-everywhere-opensource-src-4.8.7/src/3rdparty/javascriptcore/JavaScriptCore/runtime/CallData.cpp:62
#32 0x00007fe67b22d56f in QScript::QObjectConnectionManager::execute
(this=this@entry=0x42e8750, slotIndex=slotIndex@entry=0,
argv=argv@entry=0x7ffd4b681170)
    at
/var/tmp/portage/dev-qt/qtscript-4.8.7/work/qt-everywhere-opensource-src-4.8.7/src/script/bridge/qscriptqobject.cpp:2163
#33 0x00007fe67b2310c1 in QScript::QObjectConnectionManager::qt_metacall
(this=0x42e8750, _c=QMetaObject::InvokeMetaMethod, _id=0, _a=0x7ffd4b681170)
    at
/var/tmp/portage/dev-qt/qtscript-4.8.7/work/qt-everywhere-opensource-src-4.8.7/src/script/bridge/qscriptqobject.cpp:2066
#34 0x00007fe67ca36d30 in QMetaObject::activate (sender=sender@entry=0x42e7d60,
m=m@entry=0x7fe67cd877c0 <QIODevice::staticMetaObject>,
local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x0)
    at
/var/tmp/portage/dev-qt/qtcore-4.8.7-r1/work/qt-everywhere-opensource-src-4.8.7/src/corelib/kernel/qobject.cpp:3597
#35 0x00007fe67ca80360 in QIODevice::readyRead (this=this@entry=0x42e7d60) at
.moc/release-shared/moc_qiodevice.cpp:104
#36 0x00007fe678a8ffae in QAbstractSocketPrivate::canReadNotification
(this=0x42e7d80) at
/var/tmp/portage/dev-qt/qtcore-4.8.7-r1/work/qt-everywhere-opensource-src-4.8.7/src/network/socket/qabstractsocket.cpp:654
#37 0x00007fe678a9a7fd in QReadNotifier::event (this=<optimized out>,
e=<optimized out>) at
/var/tmp/portage/dev-qt/qtcore-4.8.7-r1/work/qt-everywhere-opensource-src-4.8.7/src/network/socket/qnativesocketengine.cpp:1151
#38 0x00007fe67cf51acc in QApplicationPrivate::notify_helper
(this=this@entry=0x20cfbf0, receiver=receiver@entry=0x42e82a0,
e=e@entry=0x7ffd4b681460)
    at
/var/tmp/portage/dev-qt/qtgui-4.8.7/work/qt-everywhere-opensource-src-4.8.7/src/gui/kernel/qapplication.cpp:4565
#39 0x00007fe67cf58340 in QApplication::notify (this=0x7ffd4b6817a0,
receiver=0x42e82a0, e=0x7ffd4b681460) at
/var/tmp/portage/dev-qt/qtgui-4.8.7/work/qt-everywhere-opensource-src-4.8.7/src/gui/kernel/qapplication.cpp:4351
#40 0x00007fe67e147a1a in KApplication::notify(QObject*, QEvent*) () from
/usr/lib64/libkdeui.so.5
#41 0x00007fe67ca2288d in QCoreApplication::notifyInternal
(this=0x7ffd4b6817a0, receiver=0x42e82a0, event=event@entry=0x7ffd4b681460)
    at
/var/tmp/portage/dev-qt/qtcore-4.8.7-r1/work/qt-everywhere-opensource-src-4.8.7/src/corelib/kernel/qcoreapplication.cpp:955
#42 0x00007fe67ca50c66 in QCoreApplication::sendEvent (event=0x7ffd4b681460,
receiver=<optimized out>) at
/var/tmp/portage/dev-qt/qtcore-4.8.7-r1/work/qt-everywhere-opensource-src-4.8.7/src/corelib/kernel/qcoreapplication.h:231
#43 socketNotifierSourceDispatch (source=0x20c57f0) at
/var/tmp/portage/dev-qt/qtcore-4.8.7-r1/work/qt-everywhere-opensource-src-4.8.7/src/corelib/kernel/qeventdispatcher_glib.cpp:117
#44 0x00007fe6765cbc8d in g_main_context_dispatch () from
/usr/lib64/libglib-2.0.so.0
#45 0x00007fe6765cbf38 in ?? () from /usr/lib64/libglib-2.0.so.0
#46 0x00007fe6765cbfdc in g_main_context_iteration () from
/usr/lib64/libglib-2.0.so.0
#47 0x00007fe67ca5068e in QEventDispatcherGlib::processEvents (this=0x20c5480,
flags=...) at
/var/tmp/portage/dev-qt/qtcore-4.8.7-r1/work/qt-everywhere-opensource-src-4.8.7/src/corelib/kernel/qeventdispatcher_glib.cpp:452
#48 0x00007fe67cff3c06 in QGuiEventDispatcherGlib::processEvents
(this=<optimized out>, flags=...) at
/var/tmp/portage/dev-qt/qtgui-4.8.7/work/qt-everywhere-opensource-src-4.8.7/src/gui/kernel/qguieventdispatcher_glib.cpp:204
#49 0x00007fe67ca214e1 in QEventLoop::processEvents
(this=this@entry=0x7ffd4b6816a0, flags=...) at
/var/tmp/portage/dev-qt/qtcore-4.8.7-r1/work/qt-everywhere-opensource-src-4.8.7/src/corelib/kernel/qeventloop.cpp:149
#50 0x00007fe67ca217f5 in QEventLoop::exec (this=this@entry=0x7ffd4b6816a0,
flags=...) at
/var/tmp/portage/dev-qt/qtcore-4.8.7-r1/work/qt-everywhere-opensource-src-4.8.7/src/corelib/kernel/qeventloop.cpp:204
#51 0x00007fe67ca26ca9 in QCoreApplication::exec () at
/var/tmp/portage/dev-qt/qtcore-4.8.7-r1/work/qt-everywhere-opensource-src-4.8.7/src/corelib/kernel/qcoreapplication.cpp:1227
---Type <return> to continue, or q <return> to quit---
#52 0x00007fe67cf500dc in QApplication::exec () at
/var/tmp/portage/dev-qt/qtgui-4.8.7/work/qt-everywhere-opensource-src-4.8.7/src/gui/kernel/qapplication.cpp:3823
#53 0x0000000000407e72 in main (argc=<optimized out>, argv=0x7ffd4b681918) at
/var/tmp/portage/media-sound/amarok-2.8.90/work/amarok-2.8.90/src/main.cpp:329

-- 
You are receiving this mail because:
You are watching all bug changes.

[amarok] [Bug 356855] New: Crash in scriptengine (MetaTypeExporter)

Reply via email to