Details
-
Bug
-
Resolution: Invalid
-
P1: Critical
-
None
-
5.14.1
-
None
-
I am using QT 5.14.1 on Gentoo Linux.
Description
I am observing a crash in the Trojita mail client. I have reported this issues as https://bugs.kde.org/show_bug.cgi?id=417697 while debugging using gdb I noticed that in a core QT component a potential issue has not been checked for, specifically an empty reply() result. While not experienced with QT development I don't know if this is a QT issue, or trojita issue.
#2 0x00007ffff4239d48 in QNetworkAccessManagerPrivate::_q_replyFinished (this=0x9cf270) at access/qnetworkaccessmanager.cpp:1723 1723 if (reply->request().attribute(QNetworkRequest::AutoDeleteReplyOnFinishAttribute, false).toBool()) (gdb) list 1718 Q_Q(QNetworkAccessManager); 1719 1720 QNetworkReply *reply = qobject_cast<QNetworkReply *>(q->sender()); 1721 if (reply) { 1722 emit q->finished(reply); 1723 if (reply->request().attribute(QNetworkRequest::AutoDeleteReplyOnFinishAttribute, false).toBool()) 1724 QMetaObject::invokeMethod(reply, [reply] { reply->deleteLater(); }, Qt::QueuedConnection); 1725 } 1726 1727 #ifndef QT_NO_BEARERMANAGEMENT (gdb) print reply $5 = (QNetworkReply *) 0x1475770 (gdb) print reply->request() [Thread 0x7fff45ffb700 (LWP 553683) exited] $6 = {d = {d = 0x0}}
From trojita perspective:
Thread 1 "trojita" received signal SIGSEGV, Segmentation fault. 0x00007ffff425915c in QHash<QNetworkRequest::Attribute, QVariant>::value (this=0x18, akey=@0x7fffffffce8c: QNetworkRequest::AutoDeleteReplyOnFinishAttribute, adefaultValue=...) at ../../include/QtCore/../../src/corelib/tools/qhash.h:651 651 if (d->size == 0 || (node = *findNode(akey)) == e) { (gdb) bt #0 0x00007ffff425915c in QHash<QNetworkRequest::Attribute, QVariant>::value(QNetworkRequest::Attribute const&, QVariant const&) const (this=0x18, akey=@0x7fffffffce8c: QNetworkRequest::AutoDeleteReplyOnFinishAttribute, adefaultValue=...) at ../../include/QtCore/../../src/corelib/tools/qhash.h:651 #1 0x00007ffff42559c8 in QNetworkRequest::attribute(QNetworkRequest::Attribute, QVariant const&) const (this=0x7fffffffced8, code=QNetworkRequest::AutoDeleteReplyOnFinishAttribute, defaultValue=...) at access/qnetworkrequest.cpp:689 #2 0x00007ffff4239d48 in QNetworkAccessManagerPrivate::_q_replyFinished() (this=0x9cf270) at access/qnetworkaccessmanager.cpp:1723 #3 0x00007ffff423c130 in QNetworkAccessManager::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (_o=0xa39cf0, _c=QMetaObject::InvokeMetaMethod, _id=9, _a=0x7fffffffd0b0) at .moc/moc_qnetworkaccessmanager.cpp:192 #4 0x00007ffff37f43c0 in () at /usr/lib64/libQt5Core.so.5 #5 0x00007ffff4378213 in QNetworkReply::finished() (this=0x1475770) at .moc/moc_qnetworkreply.cpp:385 #6 0x000000000062078d in Imap::Network::MsgPartNetworkReply::slotMyDataChanged() (this=0x1475770) at /var/tmp/portage/mail-client/trojita-9999/work/trojita-9999/src/Imap/Network/MsgPartNetworkReply.cpp:112 #7 0x00000000005d1fed in Imap::Network::MsgPartNetworkReply::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (_o=0x1475770, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0xb5dd08) at Imap_autogen/PC4PHZCFTR/moc_MsgPartNetworkReply.cpp:81 #8 0x00007ffff37eb746 in QObject::event(QEvent*) () at /usr/lib64/libQt5Core.so.5 #9 0x00007ffff7b79295 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () at /usr/lib64/libQt5Widgets.so.5 #10 0x00007ffff7b6e8d0 in QApplication::notify(QObject*, QEvent*) () at /usr/lib64/libQt5Widgets.so.5 #11 0x00007ffff3813118 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () at /usr/lib64/libQt5Core.so.5 #12 0x00007ffff38132b0 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () at /usr/lib64/libQt5Core.so.5 #13 0x00007ffff37cfcc0 in () at /usr/lib64/libQt5Core.so.5 #14 0x00007ffff12fa7ad in g_main_context_dispatch () at /usr/lib64/libglib-2.0.so.0 #15 0x00007ffff12fb4e8 in () at /usr/lib64/libglib-2.0.so.0 #16 0x00007ffff12fef29 in g_main_context_iteration () at /usr/lib64/libglib-2.0.so.0 #17 0x00007ffff37c9c0e in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib64/libQt5Core.so.5 #18 0x00007ffff374dfd6 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib64/libQt5Core.so.5 #19 0x00007ffff3819106 in QCoreApplication::exec() () at /usr/lib64/libQt5Core.so.5 #20 0x000000000047a357 in main(int, char**) (argc=1, argv=0x7fffffffdd98) at /var/tmp/portage/mail-client/trojita-9999/work/trojita-9999/src/Gui/main.cpp:218 (gdb) up #1 0x00007ffff42559c8 in QNetworkRequest::attribute (this=0x7fffffffced8, code=QNetworkRequest::AutoDeleteReplyOnFinishAttribute, defaultValue=...) at access/qnetworkrequest.cpp:689 689 return d->attributes.value(code, defaultValue); (gdb) up #2 0x00007ffff4239d48 in QNetworkAccessManagerPrivate::_q_replyFinished (this=0x9cf270) at access/qnetworkaccessmanager.cpp:1723 1723 if (reply->request().attribute(QNetworkRequest::AutoDeleteReplyOnFinishAttribute, false).toBool()) (gdb) up #3 0x00007ffff423c130 in QNetworkAccessManager::qt_static_metacall (_o=0xa39cf0, _c=QMetaObject::InvokeMetaMethod, _id=9, _a=0x7fffffffd0b0) at .moc/moc_qnetworkaccessmanager.cpp:192 192 case 9: _t->d_func()->_q_replyFinished(); break; (gdb) up #4 0x00007ffff37f43c0 in ?? () from /usr/lib64/libQt5Core.so.5 (gdb) up #5 0x00007ffff4378213 in QNetworkReply::finished (this=0x1475770) at .moc/moc_qnetworkreply.cpp:385 385 QMetaObject::activate(this, &staticMetaObject, 1, nullptr); (gdb) up #6 0x000000000062078d in Imap::Network::MsgPartNetworkReply::slotMyDataChanged (this=0x1475770) at /var/tmp/portage/mail-client/trojita-9999/work/trojita-9999/src/Imap/Network/MsgPartNetworkReply.cpp:112 112 emit finished(); (gdb) down 1 #5 0x00007ffff4378213 in QNetworkReply::finished (this=0x1475770) at .moc/moc_qnetworkreply.cpp:385 385 QMetaObject::activate(this, &staticMetaObject, 1, nullptr); (gdb) down #4 0x00007ffff37f43c0 in ?? () from /usr/lib64/libQt5Core.so.5 (gdb) down #3 0x00007ffff423c130 in QNetworkAccessManager::qt_static_metacall (_o=0xa39cf0, _c=QMetaObject::InvokeMetaMethod, _id=9, _a=0x7fffffffd0b0) at .moc/moc_qnetworkaccessmanager.cpp:192 192 case 9: _t->d_func()->_q_replyFinished(); break; (gdb) down #2 0x00007ffff4239d48 in QNetworkAccessManagerPrivate::_q_replyFinished (this=0x9cf270) at access/qnetworkaccessmanager.cpp:1723 1723 if (reply->request().attribute(QNetworkRequest::AutoDeleteReplyOnFinishAttribute, false).toBool()) (gdb) down #1 0x00007ffff42559c8 in QNetworkRequest::attribute (this=0x7fffffffced8, code=QNetworkRequest::AutoDeleteReplyOnFinishAttribute, defaultValue=...) at access/qnetworkrequest.cpp:689 689 return d->attributes.value(code, defaultValue); (gdb) down #0 0x00007ffff425915c in QHash<QNetworkRequest::Attribute, QVariant>::value (this=0x18, akey=@0x7fffffffce8c: QNetworkRequest::AutoDeleteReplyOnFinishAttribute, adefaultValue=...) at ../../include/QtCore/../../src/corelib/tools/qhash.h:651 651 if (d->size == 0 || (node = *findNode(akey)) == e) {