Causes segfault when introspecting maliit-server

Bug #1192049 reported by Christopher Lee on 2013-06-18
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Autopilot Qt Support
High
Michael Zanetti

Bug Description

I'm attempting to introspect the maliit-server (specifically on a Nexus 4).

I encounter consistently encounter segfault when getting to the 3rd level of introspection.

I have attached a python script that displays this behaviour.

To show the segfault, kill maliit-server and restart with -testability argument.
Run the script.

The script should fail and you will see a segfault comment on the terminal where you started maliit-server.

Python script (this is very quick and dirty :-) ):
-------------------
from autopilot.introspection import get_dbus_address_object, make_proxy_object
from autopilot.introspection.constants import AUTOPILOT_PATH

dbus_address_instance = get_dbus_address_object('org.maliit.server', AUTOPILOT_PATH)

print "Getting maliit-server object"
maliit = make_proxy_object(dbus_address_instance, None)

print "Getting QuickView"
quickview = maliit.get_children()[1]

print "Getting keyboard"
keyboard = quickview.get_children()[0]

print "About to segfault maliit-server"
keyboard.get_children()

Related branches

description: updated
Chris Gagnon (chris.gagnon) wrote :

(gdb) file maliit-server
Reading symbols from /usr/bin/maliit-server...done.
(gdb) run -testability
Starting program: /usr/bin/maliit-server -testability
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/arm-linux-gnueabihf/libthread_db.so.1".
starting our own maliit server__pthread_gettid -2
unknown option -- t
unknown option -- e
unknown option -- s
unknown option -- t
unknown option -- a
unknown option -- b
unknown option -- i
unknown option -- l
unknown option -- i
unknown option -- t
unknown option -- y
[New Thread 0x444f6400 (LWP 6075)]
CRITICAL: loading "libmaliit-keyboard-plugin.so"
[New Thread 0x45035400 (LWP 6076)]
[New Thread 0x45045400 (LWP 6077)]
error: empty dic file
Hash Manager Error : 2
[New Thread 0x45bff400 (LWP 6078)]
[New Thread 0x463ff400 (LWP 6079)]
[Thread 0x463ff400 (LWP 6079) exited]

Program received signal SIGSEGV, Segmentation fault.
0x445226fa in QtNode::GetName() const ()
   from /usr/lib/libautopilot_driver_qt5.so.1

Chris Gagnon (chris.gagnon) wrote :

This is the output from the QQuickView from basic dbus introspection

#!/bin/python

import dbus
import gobject
import threading

from dbus.mainloop.glib import DBusGMainLoop

gobject.threads_init()
DBusGMainLoop(set_as_default=True)
loop = gobject.MainLoop()
dbus_iface = "com.canonical.Autopilot.Introspection"
bus = dbus.SessionBus()
object_maliit = bus.get_object("org.maliit.server", "/com/canonical/Autopilot/Introspection")
proxy_maliit = dbus.Interface(object_maliit, dbus_interface=dbus_iface)
thread = threading.Thread(name='glib mainloop', target=loop.run)

print proxy_maliit.GetState("/maliit-server/QQuickView/")

output
[['/maliit-server/QQuickView',
  {'Children': ['QQmlEngine', 'QQmlComponent', 'QQuickRootItem'],
   'color': [0, 0, 0, 0],
   'contentOrientation': 0,
   'flags': 1,
   'height': 589,
   'id': 2,
   'maximumHeight': 16777215,
   'maximumWidth': 16777215,
   'minimumHeight': 0,
   'minimumWidth': 0,
   'modality': 0,
   'objectName': '',
   'resizeMode': 1,
   'role': 7,
   'source': 'file:///usr/share/maliit/plugins/org/maliit/maliit-keyboard.qml',
   'status': 1,
   'title': '',
   'visible': False,
   'width': 720,
   'x': 0,
   'y': 691}],
 ['/maliit-server/QQuickView',
  {'Children': ['QQmlEngine', 'QQuickRootItem'],
   'color': [0, 0, 0, 0],
   'contentOrientation': 0,
   'flags': 2362371,
   'height': 0,
   'id': 3,
   'maximumHeight': 16777215,
   'maximumWidth': 16777215,
   'minimumHeight': 0,
   'minimumWidth': 0,
   'modality': 0,
   'objectName': '',
   'resizeMode': 0,
   'source': '',
   'status': 0,
   'title': '',
   'visible': False,
   'width': 0,
   'x': 0,
   'y': 0}]]

Chris Gagnon (chris.gagnon) wrote :

maliit-server is using QtQuick/QQuickView to create the window, we don't import the class in driver/introspection.cpp

for reference
http://qt-project.org/doc/qt-5.0/qtquick/qquickview.html

Changed in autopilot-qt:
assignee: nobody → Michael Zanetti (mzanetti)
status: Triaged → Fix Committed
status: Fix Committed → In Progress
importance: Medium → High
Michael Zanetti (mzanetti) wrote :

Attached merge request fixes this.

Turns out, maliit-server destroys QtQuickView's rootObject(). I guess that's needed to hide the OSK properly and destroying the whole QtQuickView might not be feasable.

Chris Lee asked me to write a summary how I managed to debug this:

- edited /etc/device-services and removed maliit-server from there
- rebooted the phone
- run maliit-server manually with -testability
- run the python script to reproduce
- installed qdbus-qt5 to be able to reproduce this with a single introspect command:
# qdbus :1.134 /com/canonical/Autopilot/Introspection GetState /maliit-server/QQuickView/Keyboard[id=5]
- run maliit-server in gdb (which just confirmed what Chris Gagnon posted - QtNode::GetName() is the culprit)
- cloned and compiled autopilot-qt on the phone to be able to easily run modified versions with
# LD_LIBRARY_PATH=/path/to/builddir maliit-server -testability
- figured that qDebug() prints are not printed for some reason => tried qWarning() => works!
- asked Thomas, turns out you can enable qDebug() too with "export MALIIT_DEBUG=true"
- hammered in debugs all over the place until I eventually found that QtNode::GetChildren returns a 0-pointer when returning view->rootObject().
=> fixed it.

PS Jenkins bot (ps-jenkins) wrote :

Fix committed into lp:autopilot-qt at revision 63, scheduled for release in autopilot-qt, milestone Unknown

Changed in autopilot-qt:
status: In Progress → Fix Committed
Christopher Lee (veebers) wrote :

Hah awesome, thanks for the rundown.
I was scratching my head at qDebug not printing anything.

Changed in autopilot-qt:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers