MASTER [apport] software-properties-kde crashed with SIGSEGV in QTreeWidgetItem::setData()

Bug #102792 reported by mabab on 2007-04-04
298
This bug affects 10 people
Affects Status Importance Assigned to Milestone
software-properties (Ubuntu)
Medium
Unassigned
Nominated for Intrepid by SteBo

Bug Description

ProblemType: Crash
Architecture: i386
Date: Tue Apr 3 13:05:11 2007
DistroRelease: Ubuntu 7.04
ExecutablePath: /usr/bin/software-properties-kde
InterpreterPath: /usr/bin/python2.5
Package: software-properties-kde 0.59.1
PackageArchitecture: all
ProcCmdline: /usr/bin/python /usr/bin/software-properties-kde
ProcCwd: /home/matthias
ProcEnviron:
 LANGUAGE=de_DE:de:en_GB:en
 PATH=/sbin:/bin:/usr/sbin:/usr/bin:/home/matthias/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11:/usr/games
 LANG=de_DE.UTF-8
 SHELL=/bin/bash
Signal: 11
SourcePackage: software-properties
StacktraceTop:
 QTreeWidgetItem::setData () from /usr/lib/libQtGui.so.4
 ?? () from /usr/lib/python2.5/site-packages/PyQt4/QtGui.so
 ?? () from /usr/lib/libQtGui.so.4
 QItemDelegate::editorEvent () from /usr/lib/libQtGui.so.4
 QAbstractItemViewPrivate::sendDelegateEvent ()
Uname: Linux matthias-laptop 2.6.20-13-generic #2 SMP Sun Mar 25 00:21:25 UTC 2007 i686 GNU/Linux
UserGroups:

Related branches

mabab (mabab) wrote :
Changed in software-properties:
importance: Undecided → Medium
description: updated

StacktraceTop:QTreeWidgetItem::setData () from /usr/lib/libQtGui.so.4
?? () from /usr/lib/python2.5/site-packages/PyQt4/QtGui.so
?? () from /usr/lib/libQtGui.so.4
QItemDelegate::editorEvent () from /usr/lib/libQtGui.so.4
QAbstractItemViewPrivate::sendDelegateEvent () from /usr/lib/libQtGui.so.4

Andrew Ash (ash211) on 2007-05-04
Changed in software-properties:
status: Unconfirmed → Confirmed
description: updated
Jonathan Thomas (echidnaman) wrote :

This happens when Third party repos are enabled/disabled in the Third Party Software tab.

Changed in software-properties:
status: Confirmed → Triaged
Steffan Jacobs (steffanjacobs) wrote :

Seems this happened to me on Jaunty Beta today when trying to enable the repository from canonical.

amichair (amichai2) wrote :

reproduced in Karmic release, many times: I open the third-party/other software tab, go to a single checkmark on one of the sources, and check/uncheck it many times in succession. usually the crash is reproduced within 10 seconds or so.

amichair (amichai2) wrote :

Further details on reproducing: I've reproduced this on Intrepid, Jaunty and Karmic, all from amd64 livecds in virtualbox (and also one Jaunty on my desktop):

0. back up /etc/apt/sources.list - better :-) than :'-(
1. boot up
2. alt-f2 -> Konsole
3. kdesudo software-properties-kde
4. go to second tab (third-party/other software)
5. add a bunch of sources (they don't have to be real): click the add button, enter e.g. 'deb http://first distro main'. repeat about 10 times so that the list is well populated.
6. click on one of the checkboxes repeatedly in succession. I usually clicked the last one. alternatively, use the keyboard by bringing focus to the list, then pressing end and spacebar a whole lot, which effectively goes to either the first or last entry and toggles them many times.
7. after anywhere between 1-30 seconds of toggle, it crashes. usually quite quickly. I never saw it survive - it always crashed eventually.

As for investigation:

With each toggle, SoftwarePropertiesKDE.on_isv_source_toggled is called as a handler for the itemChanged event. This in turn calls SoftwareProperties.toggle_source_use, which calls set_modified_sourceslist. Experiment results:

1. if the call to set_modified_sourcelist is commented out, it doesn't crash.
2. if the first line of set_modified_sourclist is changed to 'return', it does crash. (huh?)
3. if the call to set_modified_sourcelist is inlined, it doesn't crash. (huh??)
4. if the itemChanged signal is replaced with any other signal, e.g. itemClicked (the other handler can be disabled), everything is fine. (hmmm...)

The above strangeness behaves like a corrupt call stack or corrupt memory, since it seems unrelated to anything that is or isn't actually performed at the time of crash, which implies the corruption probably occurred in a previous event and only manifested in a crash in a later event. Going back to what may have occurred in a previous event's handling, the culprit quickly converges to show_isv_sources, and within it, the tree widget's clear() method.

I tried replacing the clear() call with doing it manually:

while self.userinterface.treeview_sources.topLevelItemCount() > 0:
      self.userinterface.treeview_sources.takeTopLevelItem(0)

And after this change, I could no longer recreate the crash anywhere. However, I have not actually pinpointed the root cause (pyqt? qt?) but qt's clear method implementation does do a bunch of work, sending events, deleting objects, detaching them, and even carries a related warning in the docs... so maybe it's really there.

So, either it's a bug triggered in qt's qtreewidget.clear specifically when called from within an itemChanged handler on a well populated list, or maybe not. It might be some other inconsistency somewhere, and the workaround above might just be shuffling the call stack a bit so that the true bug is hidden, but still lurking.

Since I'm a python/qt/pyqt noob, It would be great if anyone can give further insight on these symptoms or continue the investigation. At the very least, please try recreating the bug and then seeing if the fix indeed solves it for u.

I hope this helps, and isn't all rubbish :-)

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package software-properties - 0.75.5

---------------
software-properties (0.75.5) lucid; urgency=low

  [ Harald Sitter ]
  * KDE frontend: replace old manual listing of file endings for key import
    with mimetype based model (no need to support old stuff since it is so
    incredibly wrong... ending-wise that is)

  [ Amichai Rothman ]
  * Fix import of keys with non-ascii filename (LP: #350485)
  * Add source line input validation when adding a new source (LP: #116445)
  * Fix selected item and edit/remove button state after toggling a source
  * Fix alternate mirror selection corrupting sources.list (LP: #464707)
  * Fix selected mirror not shown in combobox (LP: #96110)
  * Fix mirror selection dialog error in non-ascii locale (LP: #96201)
  * Fix crash when modifying sources selection (LP: #102792)
  * Fix error handling when ppa key is missing (LP: #475220)
  * Improve keyboard tab order in some dialogs (LP: #464569)
  * Fix and improve mirror test and GUI (LP: #223047)
  * Fix mirror test timeout handling (LP: #456365)
  * Fix i18n, accelerators and styling on all dialogs (LP: #102773)
  * Fix utf8 in edit source dialog comments (LP: #489960)
 -- Amichai Rothman <email address hidden> Mon, 07 Dec 2009 14:46:38 +0200

Changed in software-properties (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.