[krunner] [Bug 437364] krunner shortcuts stopped working (upgrade to plasma-5.21.90)

Wed, 17 Aug 2022 07:43:49 -0700 

https://bugs.kde.org/show_bug.cgi?id=437364

Fabian Vogt <fab...@ritter-vogt.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |CONFIRMED

--- Comment #38 from Fabian Vogt <fab...@ritter-vogt.de> ---
(In reply to Fabian Vogt from comment #37)
> For some reason this now started to fail in openQA tests which upgrade from
> 5.8/5.12/5.18 (Leap 42.x/15.x) -> 5.24 (Tumbleweed). First, kglobalacceld
> crashes and after the automatic restart the situation is as outlined in this
> report: Two entries in kglobalshortcutsrc which don't work. At least in
> openQA this looks like it's reproducible. Unfortunately I wasn't able to get
> a backtrace, but it seems to be heap corruption ("unaligned fastbin chunk
> detected"). The crash is not reproducible manually at least.
> 
> This matches the arrival of Frameworks 5.97 in Tumbleweed. I can't tell how
> much 5.97.0 actually caused this or just exposed it more...
> 
> CC Ahmad, who did the majority of changes in kglobalaccel 5.97.

It's actually fairly simple: kglobalacceld crashes when the kconf_update binary
runs. With valgrind, the cause is obvious:

void GlobalShortcutsRegistry::writeSettings() const
{
    const auto &lst = GlobalShortcutsRegistry::self()->allMainComponents();
    for (const KdeDGlobalAccel::Component *component : lst) {
        KConfigGroup configGroup(&_config, component->uniqueName());
        if (component->allShortcuts().isEmpty()) {
            configGroup.deleteGroup();
            delete component;
        } else {
            component->writeSettings(configGroup);
        }
    }

    _config.sync();
}

That method destroys the component, but leaves it in the m_components vector of
the shortcuts registry, i.e. it generates dangling pointers. This results in
all kinds of fun, in particular double-, triple- and quadruple- frees each time
writeSettings is called. I think it just worked by sheer luck when QHash was
still used. Reverting that commit makes the immediate valgrind complaints stop,
but it still crashes at some point later due to latent memory corruption. I
think this explains the not fully reproducible issues prior to 5.97 well.

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to