[BUG]: Crash in Downloader::finished()

[guihkx]

Brief description of the issue

(Note: I'm sorry I don't have the debug output, so if you think this bug report is useless without it, feel free to close it).

Anyway, I don't think I've experienced this crash before, and so reproduction steps are unclear at this point. The only thing I have that might be useful is a gdb stack trace...

I'm not a C++ programmer but it looks like a classic case of null pointer dereference (m_activeReply is null?)

How to reproduce the bug?

N/A

What was the expected result?

No crash.

What actually happened?

Crashes with segmentation fault.

Debug log

gdb's info threads:

  Id   Target Id                          Frame 
* 1    Thread 0x788ca90006c0 (LWP 70796)  0x0000788cdef95239 in QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> >::get (this=<optimized out>, this=<optimized out>) at /usr/src/debug/qt6-base/qtbase/src/corelib/tools/qscopedpointer.h:112
  2    Thread 0x788cb7e006c0 (LWP 70786)  0x0000788cdf51a63d in __GI___poll (fds=fds@entry=0x788cb7df7328, nfds=nfds@entry=1, timeout=timeout@entry=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
  3    Thread 0x788cbd0e6100 (LWP 70781)  0x0000788cd99e9d58 in consume_data (cinfo=0x584d84e37570) at /usr/src/debug/libjpeg-turbo/libjpeg-turbo-3.0.3/jdcoefct.c:206
  4    Thread 0x788cbca006c0 (LWP 70785)  0x0000788cdf51a63d in __GI___poll (fds=0x584d855f7160, nfds=5, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
  5    Thread 0x788caae006c0 (LWP 71161)  0x0000788cdf49fa19 in __futex_abstimed_wait_common64 (private=0, futex_word=0x788c880019a0, expected=0, op=393, abstime=0x0, cancel=true) at futex-internal.c:57
  6    Thread 0x788caa4006c0 (LWP 70793)  0x0000788cdf51a63d in __GI___poll (fds=0x584d853627d0, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
  7    Thread 0x788ca34006c0 (LWP 71164)  0x0000788cdf49fa19 in __futex_abstimed_wait_common64 (private=0, futex_word=0x788c88002610, expected=0, op=393, abstime=0x0, cancel=true) at futex-internal.c:57
  8    Thread 0x788ca9a006c0 (LWP 71159)  0x0000788cdf49fa19 in __futex_abstimed_wait_common64 (private=0, futex_word=0x788c90012304, expected=0, op=393, abstime=0x0, cancel=true) at futex-internal.c:57
  9    Thread 0x788c834006c0 (LWP 151901) 0x0000788cdf51a63d in __GI___poll (fds=0x788c3003f270, nfds=2, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
  10   Thread 0x788ca1a006c0 (LWP 71165)  0x0000788cdf49fa19 in __futex_abstimed_wait_common64 (private=0, futex_word=0x788c88002c94, expected=0, op=393, abstime=0x0, cancel=true) at futex-internal.c:57
  11   Thread 0x788c8f4006c0 (LWP 151897) 0x0000788cdf51a63d in __GI___poll (fds=fds@entry=0x788c2803ab60, nfds=nfds@entry=2, timeout=timeout@entry=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
  12   Thread 0x788cab8006c0 (LWP 71162)  0x0000788cdf49fa19 in __futex_abstimed_wait_common64 (private=0, futex_word=0x788c88001c84, expected=0, op=393, abstime=0x0, cancel=true) at futex-internal.c:57
  13   Thread 0x788ca24006c0 (LWP 71160)  0x0000788cdf49fa19 in __futex_abstimed_wait_common64 (private=0, futex_word=0x788c880016c0, expected=0, op=393, abstime=0x0, cancel=true) at futex-internal.c:57
  14   Thread 0x788ca3e006c0 (LWP 71163)  0x0000788cdf49fa19 in __futex_abstimed_wait_common64 (private=0, futex_word=0x788c88001f90, expected=0, op=393, abstime=0x0, cancel=true) at futex-internal.c:57
  15   Thread 0x788c8cc006c0 (LWP 151910) 0x0000788cdf51a63d in __GI___poll (fds=fds@entry=0x788c48023820, nfds=nfds@entry=2, timeout=timeout@entry=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
  16   Thread 0x788ca10006c0 (LWP 71166)  0x0000788cdf49fa19 in __futex_abstimed_wait_common64 (private=0, futex_word=0x788c88003314, expected=0, op=393, abstime=0x0, cancel=true) at futex-internal.c:57
  17   Thread 0x788c80c006c0 (LWP 229921) 0x0000788cdf49fa19 in __futex_abstimed_wait_common64 (private=0, futex_word=0x584d85370d34, expected=0, op=137, abstime=0x788c80bf7380, cancel=true) at futex-internal.c:57
  18   Thread 0x788c534006c0 (LWP 234800) 0x0000788cdf51a63d in __GI___poll (fds=0x788bec04a040, nfds=5, timeout=16643) at ../sysdeps/unix/sysv/linux/poll.c:29
  19   Thread 0x788c53e006c0 (LWP 229920) 0x0000788cdf49fa19 in __futex_abstimed_wait_common64 (private=0, futex_word=0x584d85370624, expected=0, op=137, abstime=0x788c53df7380, cancel=true) at futex-internal.c:57
  20   Thread 0x788c692006c0 (LWP 229923) 0x0000788cdf49fa19 in __futex_abstimed_wait_common64 (private=0, futex_word=0x584d85622a00, expected=0, op=137, abstime=0x788c691f7380, cancel=true) at futex-internal.c:57
  21   Thread 0x788c8ea006c0 (LWP 229922) 0x0000788cdf49fa19 in __futex_abstimed_wait_common64 (private=0, futex_word=0x584d85371370, expected=0, op=137, abstime=0x788c8e9f7380, cancel=true) at futex-internal.c:57

gdb's backtrace full (see frame #4):

#0  0x0000788cdef95239 in QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> >::get (this=<optimized out>, this=<optimized out>) at /usr/src/debug/qt6-base/qtbase/src/corelib/tools/qscopedpointer.h:112
No locals.
#1  qGetPtrHelper<QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> > > (ptr=..., ptr=...) at /usr/src/debug/qt6-base/qtbase/src/corelib/global/qtclasshelpermacros.h:79
No locals.
#2  QObject::d_func (this=<optimized out>) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qobject.h:107
No locals.
#3  QObject::deleteLater (this=0x0) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qobject.cpp:2462
        locker = <optimized out>
        d = <optimized out>
#4  0x0000788ce0b310f2 in Downloader::finished (this=0x584d8555b640) at /usr/src/debug/rssguard/rssguard/src/librssguard/network-web/downloader.cpp:247
        set_cookies_header = {d = {static MaxInternalSize = 24, data = {data = '\000' <repeats 23 times>, shared = 0x0, _forAlignment = 0}, is_shared = 0, is_null = 1, packedType = 0}}
        reply = <optimized out>
        reply_operation = <optimized out>
        original_url = {d = 0x788cb801ace0}
        redirection_url = {d = 0x0}
#5  0x0000788cdefa3397 in QtPrivate::QSlotObjectBase::call (this=<optimized out>, r=<optimized out>, a=<optimized out>, this=<optimized out>, r=<optimized out>, a=<optimized out>) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qobjectdefs_impl.h:469
No locals.
#6  doActivate<false> (sender=<optimized out>, signal_index=<optimized out>, argv=<optimized out>) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qobject.cpp:4086
        obj = {m_slotObject = std::unique_ptr<QtPrivate::QSlotObjectBase> = {get() = 0x788c8401c070}}
        receiver = 0x584d8555b640
        td = <optimized out>
        receiverInSameThread = <optimized out>
        senderData = {previous = 0x0, receiver = 0x584d8555b640, sender = 0x584d87f2e1b0, signal = 12}
        c = 0x788c8401c0a0
        connections = <optimized out>
        list = <optimized out>
        inSenderThread = <optimized out>
        highestConnectionId = <optimized out>
        signalVector = 0x788c8401b6f0
        currentThreadId = <optimized out>
        sp = <optimized out>
        signal_spy_set = 0x0
        empty_argv = {0x0}
        senderDeleted = false
#7  0x0000788cddf39b60 in QNetworkReply::finished (this=0x584d87f2e1b0) at /usr/src/debug/qt6-base/build/src/network/Network_autogen/include/moc_qnetworkreply.cpp:435
No locals.
#8  QNetworkReplyHttpImplPrivate::finished (this=0x788c840196f0) at /usr/src/debug/qt6-base/qtbase/src/network/access/qnetworkreplyhttpimpl.cpp:2147
        q = 0x584d87f2e1b0
        totalSize = {d = {static MaxInternalSize = 24, data = {data = "\243\376\001", '\000' <repeats 20 times>, shared = 0x1fea3, _forAlignment = 6.4585743421305272e-319}, is_shared = 0, is_null = 0, packedType = 33136609048744}}
#9  0x0000788cdef8d89f in QObject::event (this=0x584d87f2e1b0, e=0x788bec06b270) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qobject.cpp:1452
        mce = 0x788bec06b270
        connections = <optimized out>
        sender = {previous = 0x0, receiver = 0x584d87f2e1b0, sender = 0x788c8401a690, signal = 15}
#10 0x0000788ce00fc8cc in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x584d87f2e1b0, e=0x788bec06b270) at /usr/src/debug/qt6-base/qtbase/src/widgets/kernel/qapplication.cpp:3287
        consumed = false
        filtered = false
#11 0x0000788cdef45aa8 in QCoreApplication::notifyInternal2 (receiver=0x584d87f2e1b0, event=event@entry=0x788bec06b270) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qcoreapplication.cpp:1142
        selfRequired = <optimized out>
        result = false
        cbdata = {0x584d87f2e1b0, 0x788bec06b270, 0x788ca8ff709f}
        d = <optimized out>
        threadData = 0x584d8555bc70
        scopeLevelCounter = {threadData = 0x584d8555bc70}
#12 0x0000788cdef45e6b in QCoreApplication::sendEvent (receiver=<optimized out>, event=0x788bec06b270) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qcoreapplication.cpp:1583
No locals.
#13 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x584d8555bc70) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qcoreapplication.cpp:1940
        e = 0x788bec06b270
        pe = <optimized out>
        r = <optimized out>
        relocker = <optimized out>
        event_deleter = {d = 0x788bec06b270}
        locker = {_M_device = 0x584d8555bcc8, _M_owns = false}
        startOffset = 0
        i = @0x584d8555bcb8: 2
        cleanup = <optimized out>
#14 0x0000788cdf1aa00c in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qcoreapplication.cpp:1797
        data = <optimized out>
#15 postEventSourceDispatch (s=0x788c84000f20) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:244
        source = 0x788c84000f20
#16 0x0000788cddc08299 in g_main_dispatch (context=0x788c84000c60) at ../glib/glib/gmain.c:3344
        dispatch = 0x788cdf1a9fe0 <postEventSourceDispatch(GSource*, GSourceFunc, gpointer)>
        prev_source = 0x0
        begin_time_nsec = 37421357693021
        was_in_call = 0
        user_data = 0x0
        callback = 0x0
        cb_funcs = 0x0
        cb_data = 0x0
        need_destroy = <optimized out>
        source = 0x788c84000f20
        current = 0x788c84001430
        i = 0
        __func__ = "g_main_dispatch"
#17 0x0000788cddc6aec7 in g_main_context_dispatch_unlocked (context=0x788c84000c60) at ../glib/glib/gmain.c:4152
No locals.
#18 g_main_context_iterate_unlocked.isra.0 (context=context@entry=0x788c84000c60, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/glib/gmain.c:4217
        max_priority = 2147483647
        timeout = 4744
        some_ready = 1
        nfds = 1
        allocated_nfds = <optimized out>
        fds = 0x584d8558e8c0
        begin_time_nsec = 37421357656114
#19 0x0000788cddc07795 in g_main_context_iteration (context=0x788c84000c60, may_block=1) at ../glib/glib/gmain.c:4282
        retval = <optimized out>
#20 0x0000788cdf1a82e2 in QEventDispatcherGlib::processEvents (this=0x788c84000b70, flags=...) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:396
        d = 0x788c84000b90
        canWait = true
        savedFlags = {i = 0}
        result = false
#21 0x0000788cdef4ff66 in QEventLoop::processEvents (this=0x788ca8ff7430, flags=...) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qeventloop.cpp:100
        d = <optimized out>
        threadData = <optimized out>
#22 QEventLoop::exec (this=0x788ca8ff7430, flags=...) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qeventloop.cpp:182
        d = 0x788c84001350
        threadData = <optimized out>
        locker = {m_mutex = <optimized out>, m_isLocked = false}
        ref = <optimized out>
        app = 0x7ffed5ac9380
#23 0x0000788cdf03d7a0 in QThread::exec (this=<optimized out>) at /usr/src/debug/qt6-base/qtbase/src/corelib/thread/qthread.cpp:586
        status = <optimized out>
        locker = <optimized out>
        d = <optimized out>
        eventLoop = {<QObject> = {_vptr.QObject = 0x788cdf3f18e8 <vtable for QEventLoop+16>, static staticMetaObject = {d = {superdata = {direct = 0x0}, stringdata = 0x788cdf246860 <_ZN12_GLOBAL__N_1L39qt_meta_stringdata_CLASSQObjectENDCLASSE.lto_priv.0>, data = 0x788cdf23bca0 <_ZL33qt_meta_data_CLASSQObjectENDCLASS.lto_priv.0>, static_metacall = 0x788cdef9a340 <QObject::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>, relatedMetaObjects = 0x0, metaTypes = 0x788cdf3efc40 <_Z27qt_incomplete_metaTypeArrayIN12_GLOBAL__N_141qt_meta_stringdata_CLASSQObjectENDCLASS_tEJN9QtPrivate20TypeAndForceCompleteI7QStringSt17integral_constantIbLb1EEEENS3_I7QObjectS6_EENS3_IvS5_IbLb0EEEENS3_IPS8_SA_EESB_SB_NS3_IRKS4_SA_EESB_SD_EE.lto_priv.0>, extradata = 0x0}}, d_ptr = {d = 0x788c84001350}}, static staticMetaObject = {d = {superdata = {direct = 0x788cdf3efca0 <QObject::staticMetaObject>}, stringdata = 0x788cdf23b000 <_ZN12_GLOBAL__N_1L42qt_meta_stringdata_CLASSQEventLoopENDCLASSE.lto_priv.0>, data = 0x788cdf23af00 <_ZL36qt_meta_data_CLASSQEventLoopENDCLASS.lto_priv.0>, static_metacall = 0x788cdef4bc70 <QEventLoop::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>, relatedMetaObjects = 0x0, metaTypes = 0x788cdf3ef760 <_Z27qt_incomplete_metaTypeArrayIN12_GLOBAL__N_144qt_meta_stringdata_CLASSQEventLoopENDCLASS_tEJN9QtPrivate20TypeAndForceCompleteI6QFlagsIN10QEventLoop17ProcessEventsFlagEESt17integral_constantIbLb1EEEENS3_IS5_S9_EENS3_IvS8_IbLb0EEEENS3_IiSC_EESD_SD_EE.lto_priv.0>, extradata = 0x0}}}
        returnCode = <optimized out>
        d = <optimized out>
        status = <optimized out>
        locker = <optimized out>
        eventLoop = <optimized out>
        returnCode = <optimized out>
#24 QThread::run (this=<optimized out>) at /usr/src/debug/qt6-base/qtbase/src/corelib/thread/qthread.cpp:707
No locals.
#25 0x0000788cdf0cd237 in operator() (__closure=<optimized out>) at /usr/src/debug/qt6-base/qtbase/src/corelib/thread/qthread_unix.cpp:326
        thr = 0x584d8555bc50
        data = <optimized out>
        arg = <optimized out>
        arg = <optimized out>
        thr = <optimized out>
        data = <optimized out>
        locker = <optimized out>
#26 (anonymous namespace)::terminate_on_exception<QThreadPrivate::start(void*)::<lambda()> > (t=...) at /usr/src/debug/qt6-base/qtbase/src/corelib/thread/qthread_unix.cpp:262
No locals.
#27 QThreadPrivate::start (arg=0x584d8555bc50) at /usr/src/debug/qt6-base/qtbase/src/corelib/thread/qthread_unix.cpp:285
        __clframe = {__cancel_routine = <optimized out>, __cancel_arg = 0x584d8555bc50, __do_it = 1, __cancel_type = <optimized out>}
#28 0x0000788cdf4a339d in start_thread (arg=<optimized out>) at pthread_create.c:447
        ret = <optimized out>
        pd = <optimized out>
        out = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {132545526105792, -2880808743047010635, 132545526105792, -328, 2, 140732483275552, -2880808743034427723, -2880719517361641803}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
#29 0x0000788cdf52849c in __GI___clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
No locals.

Operating system and version

RSS Guard

Version: 4.7.3 (built on Linux/x86_64)
Revision: a4e2048-lite
Build date: 7/26/24 9:34 AM
OS: Arch Linux
Qt: 6.7.2 (compiled against 6.7.2)

[martinrotter]

Thanks for great, detailed report. Fixed.