https://bugs.kde.org/show_bug.cgi?id=516177
Bug ID: 516177
Summary: plasmashell crashes when accessing clipboard data via
Wayland (null pointer in QMimeData::hasImage)
Classification: Plasma
Product: plasmashell
Version First 6.5.5
Reported In:
Platform: Other
OS: Linux
Status: REPORTED
Severity: crash
Priority: NOR
Component: generic-crash
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: 1.0
Created attachment 189721
--> https://bugs.kde.org/attachment.cgi?id=189721&action=edit
Logs
SUMMARY
plasmashell crashes with segmentation fault when handling Wayland clipboard
data
STEPS TO REPRODUCE
1. Start Plasma session under Wayland
2. Copy content (text or image) from any application
3. Either close the source application, or trigger clipboard operations that
cause data transfer via Wayland ext_data_control protocol
OBSERVED RESULT
plasmashell crashes with SIGSEGV. Backtrace shows null pointer dereference in
QMimeData::hasImage() called from DataControlSource::send() via Wayland
clipboard protocol.
EXPECTED RESULT
plasmashell should not crash regardless of clipboard content changes or data
transfer requests.
SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Fedora43 KDE Plasma Edition
KDE Plasma Version: 6.5.5
KDE Frameworks Version: 6.22.0
Qt Version: 6.10.1
ADDITIONAL INFORMATION
Crash backtrace (from coredump):
```
#0 0x00007fc3a02813cc in __pthread_kill_implementation () from
/lib64/libc.so.6
#1 <signal handler called>
#2 0x0000000000000000 in ?? ()
#3 0x00007fc3a0950039 in QMimeData::hasImage() const () at
/lib64/libQt6Core.so.6
#4 0x00007fc3a06d5c57 in
DataControlSource::ext_data_control_source_v1_send(QString const&, int) () at
/lib64/libKF6GuiAddons.so.6
#5 0x00007fc3a06cad54 in QtWayland::ext_data_control_source_v1::handle_send()
() at /lib64/libKF6GuiAddons.so.6
#6 0x00007fc3a00ab056 in ffi_call_unix64 () at /lib64/libffi.so.8
#7 0x00007fc3a00a6d16 in ffi_call_int.lto_priv () at /lib64/libffi.so.8
#8 0x00007fc3a00a97ae in ffi_call () at /lib64/libffi.so.8
#9 0x00007fc3a38e8feb in wl_closure_invoke.constprop () at
/lib64/libwayland-client.so.0
#10 0x00007fc3a38e9e49 in dispatch_event () at /lib64/libwayland-client.so.0
#11 0x00007fc3a38ea243 in wl_display_dispatch_queue_pending () at
/lib64/libwayland-client.so.0
#12 0x00007fc3a38ed9ca in wl_display_dispatch_queue_timeout () at
/lib64/libwayland-client.so.0
#13 0x00007fc3a38eda9f in wl_display_dispatch_queue () at
/lib64/libwayland-client.so.0
#14 0x00007fc3a06cf0e6 in ClipboardThread::run() () at
/lib64/libKF6GuiAddons.so.6
#15 0x00007fc3a0ad19ae in QThreadPrivate::start(void*) () at
/lib64/libQt6Core.so.6
#16 0x00007fc3a027f464 in start_thread () at /lib64/libc.so.6
#17 0x00007fc3a03025ec in __clone3 () at /lib64/libc.so.6
```
The crash appears to be a null pointer dereference (frame #4 is 0x0) when
accessing QMimeData object that may have been already deleted. This likely
occurs due to race condition between clipboard content changes and Wayland data
transfer requests.
--
You are receiving this mail because:
You are watching all bug changes.
