Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-63647

XmlListModel: memory corruption / occasional crash while parsing XML

    XMLWordPrintable

Details

    Description

      There is a certain possibility of a memory corruption while parsing XML though XmlListModel. I was so far unable to create a simple app that can trigger the crash (I'll continue to try unless this is fixed first). For now here is the use-case that triggers the crash:

      Number of users are experiencing more or less regular KDE plasmashell crashes when using Weather Widget applet:

      https://github.com/kotelnik/plasma-applet-weather-widget

      Specifically when using OpenWeatherMap provider, there are 3 XML files to be parsed (I'm attaching their examples). XmlListModel instances responsible for parsing them are defined in this file:

      https://github.com/kotelnik/plasma-applet-weather-widget/blob/master/package/contents/ui/providers/OpenWeatherMap.qml

      Attaching 3 XMLs as examples of parsed files.

       

      Now the important part, I'm attaching 4 crash dumps. They all have these two signs in common:

      • ListElement::destroy(ListLayout)* (this=0x55b9a736d960, layout=0x55b9a455d4a0) at /tmp/makepkg/qt5-declarative-debug/src/qtdeclarative-opensource-src-5.9.1/src/qml/types/qqmllistmodel.cpp:1138
      • QQuickXmlQueryEngine::run() (this=0x55b9a455c170) at /tmp/makepkg/qt5-declarative-debug/src/qtdeclarative-opensource-src-5.9.1/src/imports/xmllistmodel/qqmlxmllistmodel.cpp:323

      Looking at KDE tracking bug for this https://bugs.kde.org/show_bug.cgi?id=375860 the crashes were there at least since Qt 5.8.

      I realize that it looks like plasmashell or widget problem. But it only triggers when using XmlListModel, which is not used by plasmashell or any other running widget. So weather widget it is to blame - and this widget is using almost exclusively QML (there is a small C++ ext. to write and read a cache file though). QML code itself shouldn't trigger a crash, I suppose. That is why I'm filing a bug here.

      As I said I'll try to create a simple app to replicate the crash, but I already spent some time with that and was unable to trigger it. Any help would be appreciated. If you need more info, I'll gladly provide it.

      Attachments

        1. current.xml
          0.6 kB
          Martin Kostolný
        2. hourByHour.xml
          18 kB
          Martin Kostolný
        3. longTerm.xml
          4 kB
          Martin Kostolný
        4. plasmashell-20170704-160029.kcrash
          20 kB
          Martin Kostolný
        5. plasmashell-20170915-104740.kcrash
          22 kB
          Martin Kostolný
        6. plasmashell-20170921-092612.kcrash
          22 kB
          Martin Kostolný
        7. plasmashell-20171002-230014.kcrash
          40 kB
          Martin Kostolný
        8. plasmashell-20171005-120631.kcrash
          18 kB
          Martin Kostolný
        9. plasmashell-20171010-033548.kcrash
          21 kB
          Martin Kostolný

        Activity

          People

            shausman Simon Hausmann
            clearmartin Martin Kostolný
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: