https://bugs.kde.org/show_bug.cgi?id=400499
--- Comment #7 from Matt Fagnani <matthew.fagn...@utoronto.ca> --- I ran valgrind on ksysguard three times. valgrind showed invalid reads and writes each time after I closed ksysguard. 97 invalid reads and 23 invalid writes were listed on both of the first and third runs. 89 invalid reads and 19 invalid writes were listed on the second run. All the invalid reads and writes I looked at involved lines like "Address 0x1133204c is 36 bytes inside a block of size 132 free'd". I think that line meant that memory was being used after it had been freed or use-after-frees had been detected. Invalid reads/writes with similar traces to the segmentation faults which I reported before were shown. Invalid reads with a similar trace to the segmentation faults at operator==(QString const&, QString const&) (s1=..., s2=...) at tools/qstring.cpp:3153 were shown twice per run as in the following example ==3167== Invalid read of size 4 ==3167== at 0x67F9BAA: operator==(QString const&, QString const&) (qstring.cpp:3153) ==3167== by 0x5C6AF8E: QLabel::setText(QString const&) (qlabel.cpp:287) ==3167== by 0x48DD49B: TopLevel::answerReceived(int, QList<QByteArray> const&) (ksysguard.cpp:450) ==3167== by 0x5231924: KSGRD::SensorAgent::processAnswer(char const*, int) (SensorAgent.cpp:186) ==3167== by 0x5238E8D: KSGRD::SensorShellAgent::msgRcvd() (SensorShellAgent.cpp:93) ==3167== by 0x6959B43: call (qobjectdefs_impl.h:376) ==3167== by 0x6959B43: QMetaObject::activate(QObject*, int, int, void**) (qobject.cpp:3754) ==3167== by 0x695A050: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3633) ==3167== by 0x68C70F4: QProcess::readyReadStandardOutput(QProcess::QPrivateSignal) (moc_qprocess.cpp:362) ==3167== by 0x68CC8AA: QProcessPrivate::tryReadFromChannel(QProcessPrivate::Channel*) (qprocess.cpp:1070) ==3167== by 0x68CCE86: _q_canReadStandardOutput (qprocess.cpp:1081) ==3167== by 0x68CCE86: QProcess::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (moc_qprocess.cpp:207) ==3167== by 0x6959A15: QMetaObject::activate(QObject*, int, int, void**) (qobject.cpp:3771) ==3167== by 0x695A050: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3633) ==3167== Address 0xe976c28 is 328 bytes inside a block of size 404 free'd ==3167== at 0x4836D85: operator delete(void*, unsigned int) (vg_replace_malloc.c:581) ==3167== by 0x5C6962A: QLabelPrivate::~QLabelPrivate() (qlabel.cpp:110) ==3167== by 0x6960D9B: cleanup (qscopedpointer.h:60) ==3167== by 0x6960D9B: ~QScopedPointer (qscopedpointer.h:107) ==3167== by 0x6960D9B: QObject::~QObject() (qobject.cpp:884) ==3167== by 0x5B5C095: QWidget::~QWidget() (qwidget.cpp:1564) ==3167== by 0x5C171A0: QFrame::~QFrame() (qframe.cpp:262) ==3167== by 0x5C6A5AA: QLabel::~QLabel() (qlabel.cpp:239) ==3167== by 0x5C6A5ED: QLabel::~QLabel() (qlabel.cpp:243) ==3167== by 0x695FEF2: QObjectPrivate::deleteChildren() (qobject.cpp:1997) ==3167== by 0x5B5BFFF: QWidget::~QWidget() (qwidget.cpp:1705) ==3167== by 0x5CECD5B: QStatusBar::~QStatusBar() (qstatusbar.cpp:251) ==3167== by 0x5CECD9D: QStatusBar::~QStatusBar() (qstatusbar.cpp:256) ==3167== by 0x695FEF2: QObjectPrivate::deleteChildren() (qobject.cpp:1997) ==3167== Block was alloc'd at ==3167== at 0x4835C89: operator new(unsigned int) (vg_replace_malloc.c:328) ==3167== by 0x5C69A6F: QLabel::QLabel(QWidget*, QFlags<Qt::WindowType>) (qlabel.cpp:213) ==3167== by 0x48DB080: TopLevel::TopLevel() (ksysguard.cpp:105) ==3167== by 0x48DEF92: kdemain (ksysguard.cpp:588) ==3167== by 0x1090CA: main (in /usr/bin/ksysguard) Invalid reads with a similar trace to the segmentation faults at QLabelPrivate::clearContents() at widgets/qlabel.cpp specifically at line 1309 were shown once per run as in the following example, although 14-20 other traces per run with QLabelPrivate::clearContents() at different lines of qlabel.cpp at the top of the stack were found. ==3167== Invalid read of size 4 ==3167== at 0x5C6A39D: QLabelPrivate::clearContents() (qlabel.cpp:1309) ==3167== by 0x5C6AFD4: QLabel::setText(QString const&) (qlabel.cpp:293) ==3167== by 0x48DD49B: TopLevel::answerReceived(int, QList<QByteArray> const&) (ksysguard.cpp:450) ==3167== by 0x5231924: KSGRD::SensorAgent::processAnswer(char const*, int) (SensorAgent.cpp:186) ==3167== by 0x5238E8D: KSGRD::SensorShellAgent::msgRcvd() (SensorShellAgent.cpp:93) ==3167== by 0x6959B43: call (qobjectdefs_impl.h:376) ==3167== by 0x6959B43: QMetaObject::activate(QObject*, int, int, void**) (qobject.cpp:3754) ==3167== by 0x695A050: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3633) ==3167== by 0x68C70F4: QProcess::readyReadStandardOutput(QProcess::QPrivateSignal) (moc_qprocess.cpp:362) ==3167== by 0x68CC8AA: QProcessPrivate::tryReadFromChannel(QProcessPrivate::Channel*) (qprocess.cpp:1070) ==3167== by 0x68CCE86: _q_canReadStandardOutput (qprocess.cpp:1081) ==3167== by 0x68CCE86: QProcess::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (moc_qprocess.cpp:207) ==3167== by 0x6959A15: QMetaObject::activate(QObject*, int, int, void**) (qobject.cpp:3771) ==3167== by 0x695A050: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3633) ==3167== Address 0xe976c2c is 332 bytes inside a block of size 404 free'd ==3167== at 0x4836D85: operator delete(void*, unsigned int) (vg_replace_malloc.c:581) ==3167== by 0x5C6962A: QLabelPrivate::~QLabelPrivate() (qlabel.cpp:110) ==3167== by 0x6960D9B: cleanup (qscopedpointer.h:60) ==3167== by 0x6960D9B: ~QScopedPointer (qscopedpointer.h:107) ==3167== by 0x6960D9B: QObject::~QObject() (qobject.cpp:884) ==3167== by 0x5B5C095: QWidget::~QWidget() (qwidget.cpp:1564) ==3167== by 0x5C171A0: QFrame::~QFrame() (qframe.cpp:262) ==3167== by 0x5C6A5AA: QLabel::~QLabel() (qlabel.cpp:239) ==3167== by 0x5C6A5ED: QLabel::~QLabel() (qlabel.cpp:243) ==3167== by 0x695FEF2: QObjectPrivate::deleteChildren() (qobject.cpp:1997) ==3167== by 0x5B5BFFF: QWidget::~QWidget() (qwidget.cpp:1705) ==3167== by 0x5CECD5B: QStatusBar::~QStatusBar() (qstatusbar.cpp:251) ==3167== by 0x5CECD9D: QStatusBar::~QStatusBar() (qstatusbar.cpp:256) ==3167== by 0x695FEF2: QObjectPrivate::deleteChildren() (qobject.cpp:1997) ==3167== Block was alloc'd at ==3167== at 0x4835C89: operator new(unsigned int) (vg_replace_malloc.c:328) ==3167== by 0x5C69A6F: QLabel::QLabel(QWidget*, QFlags<Qt::WindowType>) (qlabel.cpp:213) ==3167== by 0x48DB080: TopLevel::TopLevel() (ksysguard.cpp:105) ==3167== by 0x48DEF92: kdemain (ksysguard.cpp:588) ==3167== by 0x1090CA: main (in /usr/bin/ksysguard) Invalid reads/writes were common at other points in the stack were common. The segmentation faults might've occurred only when freed memory addresses which had already been allocated to other processes were attempted to be used again by ksysguard. ksysguard didn't crash on the three runs I mentioned using valgrind. The commands I ran were valgrind --log-file=valgrind-ksysguard-1.txt ksysguard valgrind --log-file=valgrind-ksysguard-2.txt ksysguard valgrind --read-var-info=yes --log-file=valgrind-ksysguard-3.txt ksysguard The third run had --read-var-info=yes as was suggested by the Valgrind manual section 4.2.1 http://valgrind.org/docs/manual/mc-manual.html#mc-manual.badrw but using that option didn't appear to show more information on the variables involved. I'll attach the log files for the three runs. -- You are receiving this mail because: You are watching all bug changes.
