https://bugs.kde.org/show_bug.cgi?id=488265
Bug ID: 488265
Summary: Segfault when double-clicking on a draft
(KMEditItemCommand)
Classification: Applications
Product: kmail2
Version: 5.24.5
Platform: Kubuntu
OS: Linux
Status: REPORTED
Severity: crash
Priority: NOR
Component: commands and actions
Assignee: kdepim-bugs@kde.org
Reporter: k...@stefanw.anonaddy.com
Target Milestone: ---
Created attachment 170299
--> https://bugs.kde.org/attachment.cgi?id=170299&action=edit
Backtrace of the destructor being called too early
Double-clicking on a draft results in a segfault every time on my fresh Kubuntu
24.04 install.
ANALYSIS
The location varies slightly, but is always in KMCommand::completed
(https://github.com/KDE/kmail/blob/v23.08.5/src/kmcommands.cpp#L263). The
reason is that the KMCommand has already been destroyed in KMCommand::execute
(https://github.com/KDE/kmail/blob/v23.08.5/src/kmcommands.cpp#L259), as can be
seen from the other backtrace I attached.
The KMEditItemCommand starts an asynchronous job and queues its own destruction
at the finishing of that job
(https://github.com/KDE/kmail/blob/v23.08.5/src/kmcommands.cpp#L583 and
https://github.com/KDE/kmail/blob/v23.08.5/src/kmcommands.cpp#L626). The
assumption seems to be that that can happen only after the rest of the code is
executed, but actually the destruction occurs in win->setMessage
(https://github.com/KDE/kmail/blob/v23.08.5/src/kmcommands.cpp#L589).
This happens because PIM Messagelib gives back control by using a QEventLoop
(https://invent.kde.org/pim/messagelib/-/blob/v23.08.5/mimetreeparser/src/memento/compositememento.cpp?ref_type=tags#L47).
Maybe Messagelib behaved differently before this commit
(https://invent.kde.org/pim/messagelib/-/commit/938fab622b7eb258f89f9b1492a3a264c260be58),
but I haven't checked it.
STEPS TO REPRODUCE
1. Create a draft by clicking on "New" and pressing Ctrl+s
2. Go to the drafts folder and double-click on the draft.
OBSERVED RESULT
Crash (Segfault)
EXPECTED RESULT
Draft opens for editing
SOFTWARE/OS VERSIONS
Operating System: Ubuntu 24.04
KDE Plasma Version: 5.27.11
KDE Frameworks Version: 5.115.0
Qt Version: 5.15.13
Kernel Version: 6.8.0-35-generic (64-bit)
Graphics Platform: Wayland
Processors: 12 × 13th Gen Intel® Core™ i5-1335U
Memory: 15,3 GiB of RAM
Graphics Processor: Mesa Intel® Graphics
Manufacturer: HP
Product Name: HP EliteBook 860 16 inch G10 Notebook PC
System Version: SBKPF
BACKTRACE
(see also the attached backtrace where the destructor is called before the
crash)
Thread 1 "kmail" received signal SIGSEGV, Segmentation fault.
0x75f37fa82646 in QQmlData::isSignalConnected (d=0xbc350e8e, index=4) at
qml/qqmlengine.cpp:849
849 if (ddata->ownedByQml1)
(gdb) bt
#0 0x75f37fa82646 in QQmlData::isSignalConnected (d=0xbc350e8e, index=4)
at qml/qqmlengine.cpp:849
#1 0x75f382d126fe in QObjectPrivate::isDeclarativeSignalConnected
(signal_index=4, this=) at kernel/qobject_p.h:110
#2 doActivate (sender=0x599118280310, signal_index=4,
argv=0x7ffd94ddcc90) at kernel/qobject.cpp:3814
#3 0x75f382d0b697 in QMetaObject::activate
(sender=sender@entry=0x599118280310, m=m@entry=0x75f38c53cc00
, local_signal_index=local_signal_index@entry=1,
argv=argv@entry=0x7ffd94ddcc90) at kernel/qobject.cpp:3985
#4 0x75f38c304cd4 in KMCommand::completed (this=this@entry=0x599118280310,
_t1=, _t1@entry=0x599118280310) at
/usr/src/kmail-4:23.08.5-0ubuntu5/obj-x86_64-linux-gnu/src/kmailprivate_autogen/EWIEGA46WW/moc_kmcommands.cpp:201
#5 0x75f38c41dc93 in KMCommand::slotPostTransfer (this=0x599118280310,
result=KMCommand::OK) at
/usr/src/kmail-4:23.08.5-0ubuntu5/src/kmcommands.cpp:263
#6 0x75f382d12e16 in QtPrivate::QSlotObjectBase::call (a=0x7ffd94ddcdf0,
r=0x599118280310, this=0x5991187bf4f0) at
../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#7 doActivate (sender=0x599118280310, signal_index=3,
argv=0x7ffd94ddcdf0) at kernel/qobject.cpp:3925
#8 0x75f382d0b697 in QMetaObject::activate (sender=,
m=m@entry=0x75f38c53cc00 ,
local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7ffd94ddcdf0)
at kernel/qobject.cpp:3985
#9 0x75f38c304c70 in KMCommand::messagesTransfered (this=,
_t1=) at
/usr/src/kmail-4:23.08.5-0ubuntu5/obj-x86_64-linux-gnu/src/kmailprivate_autogen/EWIEGA46WW/moc_kmcommands.cpp:194
#10 0x75f382d12e16 in QtPrivate::QSlotObjectBase::call (a=0x7ffd94ddcf00,
r=0x599118280310, this=0x599118c59990) at
../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#11 doActivate (sender=0x5991182c3850, signal_index=6,
argv=0x7ffd94ddcf00) at kernel/qobject.cpp:3925
#12 0x75f382d0b697 in QMetaObject::activate
(sender=sender@entry=0x5991182c3850, m=,
local_signal_index=local_signal_index@entry=3, argv=argv@entry=0x7ffd94ddcf00)
at kernel/qobject.cpp:3985
#13 0
