Autopilot Qt Support

Causes segfault when introspecting maliit-server

Bug #1192049 reported by Christopher Lee
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Autopilot Qt Support
Fix Released
High
Michael Zanetti

Bug Description

I'm attempting to introspect the maliit-server (specifically on a Nexus 4).

I encounter consistently encounter segfault when getting to the 3rd level of introspection.

I have attached a python script that displays this behaviour.

To show the segfault, kill maliit-server and restart with -testability argument.
Run the script.

The script should fail and you will see a segfault comment on the terminal where you started maliit-server.

Python script (this is very quick and dirty :-) ):
-------------------
from autopilot.introspection import get_dbus_address_object, make_proxy_object
from autopilot.introspection.constants import AUTOPILOT_PATH

dbus_address_instance = get_dbus_address_object('org.maliit.server', AUTOPILOT_PATH)

print "Getting maliit-server object"
maliit = make_proxy_object(dbus_address_instance, None)

print "Getting QuickView"
quickview = maliit.get_children()[1]

print "Getting keyboard"
keyboard = quickview.get_children()[0]

print "About to segfault maliit-server"
keyboard.get_children()

See original description

Related branches

lp:~mzanetti/autopilot-qt/fix-crash-with-maliit
Chris Gagnon (community): Approve
PS Jenkins bot: Approve (continuous-integration)
Diff: 25 lines (+7/-1)
2 files modified
debian/changelog (+6/-0)
driver/qtnode.cpp (+1/-1)
Christopher Lee (veebers)
description: updated
Revision history for this message
Chris Gagnon (chris.gagnon) wrote :

(gdb) file maliit-server
Reading symbols from /usr/bin/maliit-server...done.
(gdb) run -testability
Starting program: /usr/bin/maliit-server -testability
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/arm-linux-gnueabihf/libthread_db.so.1".
starting our own maliit server__pthread_gettid -2
unknown option -- t
unknown option -- e
unknown option -- s
unknown option -- t
unknown option -- a
unknown option -- b
unknown option -- i
unknown option -- l
unknown option -- i
unknown option -- t
unknown option -- y
[New Thread 0x444f6400 (LWP 6075)]
CRITICAL: loading "libmaliit-keyboard-plugin.so"
[New Thread 0x45035400 (LWP 6076)]
[New Thread 0x45045400 (LWP 6077)]
error: empty dic file
Hash Manager Error : 2
[New Thread 0x45bff400 (LWP 6078)]
[New Thread 0x463ff400 (LWP 6079)]
[Thread 0x463ff400 (LWP 6079) exited]

Program received signal SIGSEGV, Segmentation fault.
0x445226fa in QtNode::GetName() const ()
   from /usr/lib/libautopilot_driver_qt5.so.1

Revision history for this message
Chris Gagnon (chris.gagnon) wrote :

This is the output from the QQuickView from basic dbus introspection

#!/bin/python

import dbus
import gobject
import threading

from dbus.mainloop.glib import DBusGMainLoop

gobject.threads_init()
DBusGMainLoop(set_as_default=True)
loop = gobject.MainLoop()
dbus_iface = "com.canonical.Autopilot.Introspection"
bus = dbus.SessionBus()
object_maliit = bus.get_object("org.maliit.server", "/com/canonical/Autopilot/Introspection")
proxy_maliit = dbus.Interface(object_maliit, dbus_interface=dbus_iface)
thread = threading.Thread(name='glib mainloop', target=loop.run)

print proxy_maliit.GetState("/maliit-server/QQuickView/")

output
[['/maliit-server/QQuickView',
  {'Children': ['QQmlEngine', 'QQmlComponent', 'QQuickRootItem'],
   'color': [0, 0, 0, 0],
   'contentOrientation': 0,
   'flags': 1,
   'height': 589,
   'id': 2,
   'maximumHeight': 16777215,
   'maximumWidth': 16777215,
   'minimumHeight': 0,
   'minimumWidth': 0,
   'modality': 0,
   'objectName': '',
   'resizeMode': 1,
   'role': 7,
   'source': 'file:///usr/share/maliit/plugins/org/maliit/maliit-keyboard.qml',
   'status': 1,
   'title': '',
   'visible': False,
   'width': 720,
   'x': 0,
   'y': 691}],
 ['/maliit-server/QQuickView',
  {'Children': ['QQmlEngine', 'QQuickRootItem'],
   'color': [0, 0, 0, 0],
   'contentOrientation': 0,
   'flags': 2362371,
   'height': 0,
   'id': 3,
   'maximumHeight': 16777215,
   'maximumWidth': 16777215,
   'minimumHeight': 0,
   'minimumWidth': 0,
   'modality': 0,
   'objectName': '',
   'resizeMode': 0,
   'source': '',
   'status': 0,
   'title': '',
   'visible': False,
   'width': 0,
   'x': 0,
   'y': 0}]]

Revision history for this message
Chris Gagnon (chris.gagnon) wrote :

maliit-server is using QtQuick/QQuickView to create the window, we don't import the class in driver/introspection.cpp

for reference
http://qt-project.org/doc/qt-5.0/qtquick/qquickview.html

Michael Zanetti (mzanetti)
Changed in autopilot-qt:
assignee: nobody → Michael Zanetti (mzanetti)
status: Triaged → Fix Committed
status: Fix Committed → In Progress
importance: Medium → High
Revision history for this message
Michael Zanetti (mzanetti) wrote :

Attached merge request fixes this.

Turns out, maliit-server destroys QtQuickView's rootObject(). I guess that's needed to hide the OSK properly and destroying the whole QtQuickView might not be feasable.

Chris Lee asked me to write a summary how I managed to debug this:

- edited /etc/device-services and removed maliit-server from there
- rebooted the phone
- run maliit-server manually with -testability
- run the python script to reproduce
- installed qdbus-qt5 to be able to reproduce this with a single introspect command:
# qdbus :1.134 /com/canonical/Autopilot/Introspection GetState /maliit-server/QQuickView/Keyboard[id=5]
- run maliit-server in gdb (which just confirmed what Chris Gagnon posted - QtNode::GetName() is the culprit)
- cloned and compiled autopilot-qt on the phone to be able to easily run modified versions with
# LD_LIBRARY_PATH=/path/to/builddir maliit-server -testability
- figured that qDebug() prints are not printed for some reason => tried qWarning() => works!
- asked Thomas, turns out you can enable qDebug() too with "export MALIIT_DEBUG=true"
- hammered in debugs all over the place until I eventually found that QtNode::GetChildren returns a 0-pointer when returning view->rootObject().
=> fixed it.

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

Fix committed into lp:autopilot-qt at revision 63, scheduled for release in autopilot-qt, milestone Unknown

Changed in autopilot-qt:
status: In Progress → Fix Committed
Revision history for this message
Christopher Lee (veebers) wrote :

Hah awesome, thanks for the rundown.
I was scratching my head at qDebug not printing anything.

Michael Zanetti (mzanetti)
Changed in autopilot-qt:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.