Bug#923720: plasma-discover: Plasma-discover segfaults on Stretch
Control: reassign 923720 libappstreamqt2/0.10.6-2
Control: affects 923720 plasma-discover
Control: fixed 923720 libappstreamqt2/0.11.3-1
Control: fixed 923720 plasma-discover/5.10.5-1
Control: tags 923720 + upstream fixed-upstream patch
Hello Everyone,
tried to get some more information from the backtrace.
I could not reproduce it but I think in this case method
AppStream::Pool::load got called with strerror being a null
pointer and for some reason the pool could not be loaded,
therefore line 77 was reached, trying to dereference strerror.
(gdb) list AppStream::Pool::load(QString*)
71
72 bool Pool::load(QString* strerror)
73 {
74 g_autoptr(GError) error = nullptr;
75 bool ret = as_pool_load (d->m_pool, NULL, &error);
76 if (!ret && error) {
77 *strerror = QString::fromUtf8(error->message); <<<<<<<
78 }
79 return ret;
80 }
81
This led to upstream fix in package appstream, available since 0.11.3: [1] [2]
Another fix was done in discover before, available since v5.10.5: [3] [4]
Therefore I assume this just affects Stretch.
Kind regards,
Bernhard
[1] https://github.com/ximion/appstream/pull/126
[2] https://github.com/ximion/appstream/commit/32f1445fd3f348598edd5e24e29ad3644c299639
[3] https://bugs.kde.org/show_bug.cgi?id=382916
[4] https://cgit.kde.org/discover.git/commit/?id=3a718124d45d60c49bb586e14d348f233178b34b
# Stretch amd64 qemu VM
apt update
apt dist-upgrade
apt install devscripts dpkg-dev systemd-coredump gdb xserver-xorg sddm plasma-desktop muon libappstreamqt2-dbgsym plasma-discover-dbgsym libglib2.0-0-dbg
systemctl start sddm
mkdir /tmp/source/appstream/orig -p
cd /tmp/source/appstream/orig
apt source appstream
cd
###########
export DISPLAY=:0
# plasma-discover
gdb -q --args plasma-discover
set width 0
set pagination off
directory /tmp/source/appstream/orig/appstream-0.10.6
display/i $pc
break AppStream::Pool::load
y
run
disa 1.1
disa 1.3
disa 1.4
cont
bt
############
benutzer@debian:~$ gdb -q --args plasma-discover
Reading symbols from plasma-discover...Reading symbols from /usr/lib/debug/.build-id/8e/af6f71ec2d372a44c646c9eb0311f4bb45dd50.debug...done.
done.
(gdb) set width 0
(gdb) set pagination off
(gdb) directory /tmp/source/appstream/orig/appstream-0.10.6
Source directories searched: /tmp/source/appstream/orig/appstream-0.10.6:$cdir:$cwd
(gdb) display/i $pc
1: x/i $pc
<error: No registers.>
(gdb) break AppStream::Pool::load
Function "AppStream::Pool::load" not defined.
Make breakpoint pending on future shared library load? (y or [n]) y
Breakpoint 1 (AppStream::Pool::load) pending.
(gdb) run
Starting program: /usr/bin/plasma-discover
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffe66c2700 (LWP 2475)]
[New Thread 0x7fffe5a39700 (LWP 2476)]
[New Thread 0x7fffe5238700 (LWP 2478)]
[New Thread 0x7fffd278d700 (LWP 2479)]
[New Thread 0x7fffd1f8c700 (LWP 2480)]
[New Thread 0x7fffd178b700 (LWP 2481)]
[New Thread 0x7fffd0f8a700 (LWP 2482)]
[New Thread 0x7fffd0789700 (LWP 2483)]
[New Thread 0x7fffcff88700 (LWP 2484)]
[New Thread 0x7fffcf787700 (LWP 2485)]
[New Thread 0x7fffcef86700 (LWP 2486)]
[New Thread 0x7fffce01e700 (LWP 2487)]
[New Thread 0x7fffcd81c700 (LWP 2488)]
file:///usr/lib/x86_64-linux-gnu/qt5/qml/org/kde/kirigami/GlobalDrawer.qml:213:9: QML Flickable: Binding loop detected for property "contentWidth"
invalid kns backend! "" because: "Couldn't find knsrc file: comic.knsrc"
Thread 1 "plasma-discover" hit Breakpoint 1, 0x00007fffc77e3cd0 in AppStream::Pool::load()@plt () from /usr/lib/x86_64-linux-gnu/qt5/plugins/discover/packagekit-backend.so
1: x/i $pc
=> 0x7fffc77e3cd0 <_ZN9AppStream4Pool4loadEv@plt>: jmpq *0x2305ca(%rip) # 0x7fffc7a142a0
(gdb) disa 1.1
(gdb) disa 1.3
(gdb) disa 1.4
(gdb) cont
Continuing.
Thread 1 "plasma-discover" hit Breakpoint 1, AppStream::Pool::load (this=this@entry=0x555555dcd3c8, strerror=strerror@entry=0x0) at ./qt/pool.cpp:73
73 {
1: x/i $pc
=> 0x7fffc738d020 <AppStream::Pool::load(QString*)>: push %r12
(gdb) next
75 bool ret = as_pool_load (d->m_pool, NULL, &error);
1: x/i $pc
=> 0x7fffc738d038 <AppStream::Pool::load(QString*)+24>: mov 0x10(%rdi),%rax
(gdb)
74 g_autoptr(GError) error = nullptr;
1: x/i $pc
=> 0x7fffc738d03c <AppStream::Pool::load(QString*)+28>: movq $0x0,0x10(%rsp)
(gdb)
75 bool ret = as_pool_load (d->m_pool, NULL, &error);
1: x/i $pc
=> 0x7fffc738d045 <AppStream::Pool::load(QString*)+37>: test %rax,%rax
(gdb)
76 if (!ret && error) {
1: x/i $pc
=> 0x7fffc738d065 <AppStream::Pool::load(QString*)+69>: jne 0x7fffc738d0b8 <AppStream::Pool::load(QString*)+152>
(gdb) bt
#0 0x00007fffc738d065 in AppStream::Pool::load(QString*) (this=this@entry=0x555555dcd3c8, strerror=strerror@entry=0x0) at ./qt/pool.cpp:76
#1 0x00007fffc738d147 in AppStream::Pool::load() (this=this@entry=0x555555dcd3c8) at ./qt/pool.cpp:69
#2 0x00007fffc77ea7f3 in PackageKitBackend::PackageKitBackend(QObject*) (this=0x555555dcd3b0, parent=<optimized out>) at ./libdiscover/backends/PackageKitBackend/PackageKitBackend.cpp:67
#3 0x00007fffc77f0c61 in PackageKitBackendFactory::newInstance(QObject*) const (this=this@entry=0x555555dd2260, parent=0x5555558d9cc0) at ./libdiscover/backends/PackageKitBackend/PackageKitBackend.cpp:52
#4 0x00007ffff73b0085 in DiscoverBackendsFactory::backendForFile(QString const&, QString const&) const (this=this@entry=0x7fffffffdddf, path=..., name=...) at ./libdiscover/DiscoverBackendsFactory.cpp:64
#5 0x00007ffff73b08b0 in DiscoverBackendsFactory::backend(QString const&) const (this=0x7fffffffdddf, name=...) at ./libdiscover/DiscoverBackendsFactory.cpp:46
#6 0x00007ffff73b0a88 in DiscoverBackendsFactory::allBackends() const (this=this@entry=0x7fffffffdddf) at ./libdiscover/DiscoverBackendsFactory.cpp:102
#7 0x00007ffff73a078a in ResourcesModel::registerAllBackends() (this=0x5555558d9cc0) at ./libdiscover/resources/ResourcesModel.cpp:404
#8 0x00007ffff73b8105 in ResourcesModel::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (_o=<optimized out>, _c=<optimized out>, _id=<optimized out>, _a=<optimized out>) at ./obj-x86_64-linux-gnu/libdiscover/DiscoverCommon_automoc.dir/moc_ResourcesModel_NCTDQYLM2TZVLQ.cpp:177
#9 0x00007ffff52f9769 in QObject::event(QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#10 0x00007ffff6240b8c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#11 0x00007ffff6248351 in QApplication::notify(QObject*, QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#12 0x00007ffff52ccd30 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#13 0x00007ffff52cf4cd in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#14 0x00007ffff5320dc3 in () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#15 0x00007fffeff117f7 in g_main_dispatch (context=0x7fffe00016f0) at ././glib/gmain.c:3203
#16 0x00007fffeff117f7 in g_main_context_dispatch (context=context@entry=0x7fffe00016f0) at ././glib/gmain.c:3856
#17 0x00007fffeff11a60 in g_main_context_iterate (context=context@entry=0x7fffe00016f0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ././glib/gmain.c:3929
#18 0x00007fffeff11b0c in g_main_context_iteration (context=0x7fffe00016f0, may_block=1) at ././glib/gmain.c:3990
#19 0x00007ffff53211cf in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#20 0x00007ffff52cad1a in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#21 0x00007ffff52d346c in QCoreApplication::exec() () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#22 0x000055555555ec02 in main(int, char**) (argc=<optimized out>, argv=<optimized out>) at ./discover/main.cpp:148
(gdb) list AppStream::Pool::load(QString*)
71
72 bool Pool::load(QString* strerror)
73 {
74 g_autoptr(GError) error = nullptr;
75 bool ret = as_pool_load (d->m_pool, NULL, &error);
76 if (!ret && error) {
77 *strerror = QString::fromUtf8(error->message);
78 }
79 return ret;
80 }
81
(gdb) print strerror
$1 = (QString *) 0x0
(gdb) disassemble AppStream::Pool::load(QString*)
Dump of assembler code for function AppStream::Pool::load(QString*):
0x00007fffc738d020 <+0>: push %r12
0x00007fffc738d022 <+2>: push %rbp
0x00007fffc738d023 <+3>: push %rbx
0x00007fffc738d024 <+4>: sub $0x20,%rsp
0x00007fffc738d028 <+8>: mov %fs:0x28,%rax
0x00007fffc738d031 <+17>: mov %rax,0x18(%rsp)
0x00007fffc738d036 <+22>: xor %eax,%eax
0x00007fffc738d038 <+24>: mov 0x10(%rdi),%rax
0x00007fffc738d03c <+28>: movq $0x0,0x10(%rsp)
0x00007fffc738d045 <+37>: test %rax,%rax
0x00007fffc738d048 <+40>: je 0x7fffc738d102 <AppStream::Pool::load(QString*)+226>
0x00007fffc738d04e <+46>: mov (%rax),%rdi
0x00007fffc738d051 <+49>: lea 0x10(%rsp),%rdx
0x00007fffc738d056 <+54>: mov %rsi,%rbp
0x00007fffc738d059 <+57>: xor %esi,%esi
0x00007fffc738d05b <+59>: callq 0x7fffc7385920 <as_pool_load@plt>
0x00007fffc738d060 <+64>: test %eax,%eax
0x00007fffc738d062 <+66>: setne %bl
=> 0x00007fffc738d065 <+69>: jne 0x7fffc738d0b8 <AppStream::Pool::load(QString*)+152>
0x00007fffc738d067 <+71>: mov 0x10(%rsp),%rax
0x00007fffc738d06c <+76>: test %rax,%rax
0x00007fffc738d06f <+79>: je 0x7fffc738d0c7 <AppStream::Pool::load(QString*)+167>
0x00007fffc738d071 <+81>: mov 0x8(%rax),%r12
0x00007fffc738d075 <+85>: mov $0xffffffff,%edx
0x00007fffc738d07a <+90>: test %r12,%r12
0x00007fffc738d07d <+93>: je 0x7fffc738d089 <AppStream::Pool::load(QString*)+105>
0x00007fffc738d07f <+95>: mov %r12,%rdi
0x00007fffc738d082 <+98>: callq 0x7fffc73858e0 <strlen@plt>
0x00007fffc738d087 <+103>: mov %eax,%edx
0x00007fffc738d089 <+105>: mov %rsp,%rdi
0x00007fffc738d08c <+108>: mov %r12,%rsi
0x00007fffc738d08f <+111>: callq 0x7fffc7386150 <_ZN7QString15fromUtf8_helperEPKci@plt>
0x00007fffc738d094 <+116>: mov 0x0(%rbp),%rax <<<<<<<<<<< Crash from message #5
0x00007fffc738d098 <+120>: mov (%rsp),%rdx
0x00007fffc738d09c <+124>: mov %rax,(%rsp)
0x00007fffc738d0a0 <+128>: mov %rdx,0x0(%rbp)
0x00007fffc738d0a4 <+132>: mov (%rax),%edx
0x00007fffc738d0a6 <+134>: test %edx,%edx
0x00007fffc738d0a8 <+136>: je 0x7fffc738d0e8 <AppStream::Pool::load(QString*)+200>
0x00007fffc738d0aa <+138>: cmp $0xffffffff,%edx
0x00007fffc738d0ad <+141>: je 0x7fffc738d0b8 <AppStream::Pool::load(QString*)+152>
0x00007fffc738d0af <+143>: lock subl $0x1,(%rax)
0x00007fffc738d0b3 <+147>: je 0x7fffc738d0e8 <AppStream::Pool::load(QString*)+200>
0x00007fffc738d0b5 <+149>: nopl (%rax)
0x00007fffc738d0b8 <+152>: mov 0x10(%rsp),%rdi
0x00007fffc738d0bd <+157>: test %rdi,%rdi
0x00007fffc738d0c0 <+160>: je 0x7fffc738d0c7 <AppStream::Pool::load(QString*)+167>
0x00007fffc738d0c2 <+162>: callq 0x7fffc7385900 <g_error_free@plt>
0x00007fffc738d0c7 <+167>: mov 0x18(%rsp),%rcx
0x00007fffc738d0cc <+172>: xor %fs:0x28,%rcx
0x00007fffc738d0d5 <+181>: mov %ebx,%eax
0x00007fffc738d0d7 <+183>: jne 0x7fffc738d0fd <AppStream::Pool::load(QString*)+221>
0x00007fffc738d0d9 <+185>: add $0x20,%rsp
0x00007fffc738d0dd <+189>: pop %rbx
0x00007fffc738d0de <+190>: pop %rbp
0x00007fffc738d0df <+191>: pop %r12
0x00007fffc738d0e1 <+193>: retq
0x00007fffc738d0e2 <+194>: nopw 0x0(%rax,%rax,1)
0x00007fffc738d0e8 <+200>: mov (%rsp),%rdi
0x00007fffc738d0ec <+204>: mov $0x8,%edx
0x00007fffc738d0f1 <+209>: mov $0x2,%esi
0x00007fffc738d0f6 <+214>: callq 0x7fffc73859b0 <_ZN10QArrayData10deallocateEPS_mm@plt>
0x00007fffc738d0fb <+219>: jmp 0x7fffc738d0b8 <AppStream::Pool::load(QString*)+152>
0x00007fffc738d0fd <+221>: callq 0x7fffc73857e0 <__stack_chk_fail@plt>
0x00007fffc738d102 <+226>: lea 0x65ff(%rip),%rsi # 0x7fffc7393708
0x00007fffc738d109 <+233>: lea 0x664d(%rip),%rdi # 0x7fffc739375d
0x00007fffc738d110 <+240>: mov $0x76,%edx
0x00007fffc738d115 <+245>: callq 0x7fffc7385e70 <_Z9qt_assertPKcS0_i@plt>
0x00007fffc738d11a <+250>: mov 0x10(%rsp),%rdi
0x00007fffc738d11f <+255>: mov %rax,%rbx
0x00007fffc738d122 <+258>: test %rdi,%rdi
0x00007fffc738d125 <+261>: je 0x7fffc738d12c <AppStream::Pool::load(QString*)+268>
0x00007fffc738d127 <+263>: callq 0x7fffc7385900 <g_error_free@plt>
0x00007fffc738d12c <+268>: mov %rbx,%rdi
0x00007fffc738d12f <+271>: callq 0x7fffc7385ba0 <_Unwind_Resume@plt>
End of assembler dump.
#########
https://github.com/ximion/appstream/pull/126
https://github.com/ximion/appstream/commit/32f1445fd3f348598edd5e24e29ad3644c299639
https://bugs.kde.org/show_bug.cgi?id=382916
https://cgit.kde.org/discover.git/commit/?id=3a718124d45d60c49bb586e14d348f233178b34b
#########
Fix in appstream released in 0.11.3:
https://github.com/ximion/appstream/commit/35e0f922df6ce01c4d4580be6b893710e734562d
Fix in discover released in v5.10.5
https://cgit.kde.org/discover.git/log/?ofs=1370
Reply to: