[plasmashell] [Bug 359664] xembedsniproxy random crashes (w/core dumps)

Tue, 02 May 2017 14:01:28 -0700 

https://bugs.kde.org/show_bug.cgi?id=359664

Bernhard Übelacker <bernha...@mailbox.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |bernha...@mailbox.org

--- Comment #3 from Bernhard Übelacker <bernha...@mailbox.org> ---
I received a similar crash in Debian Stretch with plasma-workspace and
plasma-workspace-dbgsym in version 4:5.8.6-2.
At the time it crashed I assume just kradio4 tray icon was running
additionally to the default ones. (Saw just later the crash in dmesg.)


# coredumpctl gdb
Core was generated by `/usr/bin/xembedsniproxy'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  SNIProxy::getImageNonComposite (this=this@entry=0x5636e8f4b460) at
./xembed-sni-proxy/sniproxy.cpp:273
273         QImage naiveConversion = QImage(image->data, image->width,
image->height, QImage::Format_ARGB32);
[Current thread is 1 (Thread 0x7f15c8ff25c0 (LWP 1559))]
(gdb) bt
#0  SNIProxy::getImageNonComposite (this=this@entry=0x5636e8f4b460) at
./xembed-sni-proxy/sniproxy.cpp:273
#1  0x00005636e7509507 in SNIProxy::update (this=0x5636e8f4b460) at
./xembed-sni-proxy/sniproxy.cpp:214
#2  0x00005636e7506583 in FdoSelectionManager::nativeEventFilter
(this=0x7fff86289810, eventType=..., message=<optimized out>, result=<optimized
out>) at ./xembed-sni-proxy/fdoselectionmanager.cpp:154
#3  0x00007f15c7b0ab0f in
QAbstractEventDispatcher::filterNativeEvent(QByteArray const&, void*, long*) ()
from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#4  0x00007f15beaa2334 in QXcbConnection::handleXcbEvent(xcb_generic_event_t*)
() from /usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5
#5  0x00007f15beaa3015 in QXcbConnection::processXcbEvents() () from
/usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5
#6  0x00007f15c7b3a499 in QObject::event(QEvent*) () from
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#7  0x00007f15c7b0d87a in QCoreApplication::notify(QObject*, QEvent*) () from
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#8  0x00007f15c7b0d9e0 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
() from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#9  0x00007f15c7b1016d in QCoreApplicationPrivate::sendPostedEvents(QObject*,
int, QThreadData*) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#10 0x00007f15c7b61c43 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#11 0x00007f15c3b757f7 in g_main_context_dispatch () from
/lib/x86_64-linux-gnu/libglib-2.0.so.0
#12 0x00007f15c3b75a60 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#13 0x00007f15c3b75b0c in g_main_context_iteration () from
/lib/x86_64-linux-gnu/libglib-2.0.so.0
#14 0x00007f15c7b6204f in
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#15 0x00007f15c7b0b9ca in
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#16 0x00007f15c7b1413c in QCoreApplication::exec() () from
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#17 0x00005636e7503972 in main (argc=<optimized out>, argv=<optimized out>) at
./xembed-sni-proxy/main.cpp:68


(gdb) list SNIProxy::getImageNonComposite
...
270         xcb_image_t *image = xcb_image_get(c, m_windowId, 0, 0,
geom->width, geom->height, 0xFFFFFFFF, XCB_IMAGE_FORMAT_Z_PIXMAP);
271
272         // Don't hook up cleanup yet, we may use a different QImage after
all
273         QImage naiveConversion = QImage(image->data, image->width,
image->height, QImage::Format_ARGB32);


(gdb) print/x image
$1 = <optimized out>


(gdb) disassemble SNIProxy::getImageNonComposite
...
   0x00005636e750922a <+106>:   mov    %rax,%r12
   0x00005636e750922d <+109>:   callq  0x5636e7502bf0 <xcb_image_get@plt>
=> 0x00005636e7509232 <+114>:   movzwl 0x2(%rax),%ecx
   0x00005636e7509236 <+118>:   movzwl (%rax),%edx


(gdb) print/x $ecx
$3 = 0xc6f61ffa
(gdb) print/x $rax
$4 = 0x0


As far as I found the callq instruction is supposed to write the
return value into the rax register.

So I assume function xcb_image_get returned a NULL pointer.
Shouldn't there be a "if (image)" before
the QImage construction?

Are some more informations needed from the core dump?

Kind regards,
Bernhard

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to