search

qutebrowser / qutebrowser

A keyboard-driven, vim-like browser based on Python and Qt.
https://www.qutebrowser.org/
GNU General Public License v3.0
9.45k stars 1.01k forks source link

segfault: `hint links run fake-key -g ":download {hint-url}<Return><Return>"` #8232

Open OmegaLambda1998 opened 2 weeks ago

OmegaLambda1998 commented 2 weeks ago

Version info:

https://bpa.st/DP3A

Does the bug happen if you start with --temp-basedir?: Yes

Description

Last few lines of debug log, from `command called: download` to segfault ``` 22:33:28 DEBUG commands command:run:513 command called: download ['https://www.overleaf.com/latex/templates/overleaf-keyboard-shortcuts/pphdnzrwmttk.pdf'] 22:33:28 DEBUG commands command:run:527 Calling qutebrowser.browser.commands.CommandDispatcher.download(, 'https://www.overleaf.com/latex/templates/overleaf-keyboard-shortcuts/pphdnzrwmttk.pdf', mhtml_=False, dest=None) [New Thread 0x7fff424006c0 (LWP 24420)] [New Thread 0x7fff41a006c0 (LWP 24421)] 22:33:28 DEBUG downloads qtnetworkdownloads:fetch:537 fetch: PyQt6.QtCore.QUrl('https://www.overleaf.com/latex/templates/overleaf-keyboard-shortcuts/pphdnzrwmttk.pdf') -> pphdnzrwmttk.pdf 22:33:28 DEBUG downloads downloads:_on_begin_insert_row:1056 _on_begin_insert_row with idx 0, webengine False 22:33:28 DEBUG prompt prompt:ask_question:138 Asking question option=None text='Please enter a location for https://www.overleaf.com/latex/templates/overleaf-keyboard-shortcuts/pphdnzrwmttk.pdf' title='Save file to:'>, blocking False, loops [], queue deque([]) [New Thread 0x7fff410006c0 (LWP 24423)] 22:33:28 DEBUG prompt prompt:_on_show_prompts:323 Displaying prompt qutebrowser.mainwindow.prompt.DownloadFilenamePrompt(question= option=None text='Please enter a location for https://www.overleaf.com/latex/templates/overleaf-keyboard-shortcuts/pphdnzrwmttk.pdf' title='Save file to:'>) 22:33:28 DEBUG modes modeman:enter:360 Entering mode KeyMode.prompt (reason: question asked) 22:33:28 DEBUG statusbar bar:set_mode_active:336 Setting prompt flag to True 22:33:28 DEBUG misc app:on_focus_object_changed:573 Focus object changed: 22:33:28 DEBUG misc mainwindow:_update_overlay_geometry:348 new geometry for : PyQt6.QtCore.QRect(10, 313, 1261, 456) 22:33:28 DEBUG modes modeman:_handle_keypress:309 match: SequenceMatch.ExactMatch, forward_unbound_keys: auto, passthrough: True, is_non_alnum: True, dry_run: False --> filter: True (focused: ) 22:33:28 DEBUG modes modeman:_handle_keyrelease:334 filter: True 22:33:28 DEBUG modes modeman:_handle_keypress:276 got keypress in mode KeyMode.prompt - delegating to passthrough=True supports_count=False win_id=0> 22:33:28 DEBUG commands command:run:513 command called: prompt-accept 22:33:28 DEBUG commands command:run:527 Calling qutebrowser.mainwindow.prompt.PromptContainer.prompt_accept(, None, save=False) 22:33:28 DEBUG modes modeman:leave:428 Leaving mode KeyMode.prompt (reason: :prompt-accept) 22:33:28 DEBUG statusbar bar:set_mode_active:336 Setting prompt flag to False 22:33:28 DEBUG prompt prompt:_on_mode_left:202 Left mode KeyMode.prompt, hiding option=None text='Please enter a location for https://www.overleaf.com/latex/templates/overleaf-keyboard-shortcuts/pphdnzrwmttk.pdf' title='Save file to:'> 22:33:28 DEBUG prompt prompt:_on_show_prompts:298 Deleting old prompt qutebrowser.mainwindow.prompt.DownloadFilenamePrompt(question= option=None text='Please enter a location for https://www.overleaf.com/latex/templates/overleaf-keyboard-shortcuts/pphdnzrwmttk.pdf' title='Save file to:'>) 22:33:28 DEBUG prompt prompt:_on_show_prompts:302 No prompts left, hiding prompt container. 22:33:28 DEBUG modes tabbedbrowser:on_release_focus:874 Focus released, focusing 22:33:28 DEBUG misc app:on_focus_object_changed:573 Focus object changed: 22:33:28 DEBUG misc app:on_focus_object_changed:573 Focus object changed: 22:33:28 DEBUG modes modeman:leave:421 Ignoring leave request for KeyMode.prompt (reason left in other window) as we're in mode KeyMode.normal 22:33:28 DEBUG modes modeman:leave:428 Leaving mode KeyMode.normal (reason: enter normal: restore mode before prompt) 22:33:28 DEBUG downloads downloads:_after_create_parent_question:739 Setting filename to /tmp/qutebrowser-basedir-iacdfxgh/download/pphdnzrwmttk.pdf 22:33:28 DEBUG downloads qtnetworkdownloads:_set_fileobj:263 buffer: 0 bytes 22:33:28 DEBUG modes modeman:_handle_keypress:309 match: SequenceMatch.ExactMatch, forward_unbound_keys: auto, passthrough: True, is_non_alnum: True, dry_run: False --> filter: True (focused: ) 22:33:28 DEBUG modes modeman:_handle_keyrelease:334 filter: True Thread 1 "python3.12" received signal SIGSEGV, Segmentation fault. ```
gdb.txt ``` #0 0x00005555567f3ca0 in ??? () #1 0x00007ffff239eadd in QFileInfoGatherer::getInfo (this=0x55555674b690, fileInfo=...) at /usr/src/debug/qt6-base/qtbase/src/gui/itemmodels/qfileinfogatherer.cpp:349 #2 0x00007ffff23ab8ab in QFileSystemModelPrivate::_q_fileSystemChanged (this=0x555556773300, path=, updates=) at /usr/src/debug/qt6-base/qtbase/src/gui/itemmodels/qfilesystemmodel.cpp:1928 #3 0x00007ffff618c0ff in QObject::event (this=this@entry=0x55555674b5f0, e=e@entry=0x7ffe3000a980) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qobject.cpp:1452 #4 0x00007ffff239f998 in QFileSystemModel::event (this=this@entry=0x55555674b5f0, event=event@entry=0x7ffe3000a980) at /usr/src/debug/qt6-base/qtbase/src/gui/itemmodels/qfilesystemmodel.cpp:1746 #5 0x00007ffff174d42c in sipQFileSystemModel::event (this=0x55555674b5f0, a0=0x7ffe3000a980) at /usr/src/debug/pyqt6/PyQt6-6.7.0/build/QtGui/sipQtGuiQFileSystemModel.cpp:391 #6 0x00007ffff28fc55c in QApplicationPrivate::notify_helper (this=this@entry=0x0, receiver=0x55555674b5f0, e=e@entry=0x7ffe3000a980) at /usr/src/debug/qt6-base/qtbase/src/widgets/kernel/qapplication.cpp:3287 #7 0x00007ffff2900cfb in QApplication::notify (this=this@entry=0x555555c7f9c0, receiver=receiver@entry=0x55555674b5f0, e=e@entry=0x7ffe3000a980) at /usr/src/debug/qt6-base/qtbase/src/widgets/kernel/qapplication.cpp:3049 #8 0x00007ffff32b8df7 in sipQApplication::notify (this=0x555555c7f9c0, a0=0x55555674b5f0, a1=0x7ffe3000a980) at /usr/src/debug/pyqt6/PyQt6-6.7.0/build/QtWidgets/sipQtWidgetsQApplication.cpp:249 #9 0x00007ffff6144e38 in QCoreApplication::notifyInternal2 (receiver=0x55555674b5f0, event=event@entry=0x7ffe3000a980) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qcoreapplication.cpp:1142 #10 0x00007ffff61451fb in QCoreApplication::sendEvent (receiver=, event=0x7ffe3000a980) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qcoreapplication.cpp:1583 #11 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x5555557a6290) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qcoreapplication.cpp:1940 #12 0x00007ffff63a460c in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qcoreapplication.cpp:1797 #13 postEventSourceDispatch (s=0x5555555bd5d0) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:244 #14 0x00007ffff690ea89 in g_main_dispatch (context=0x7fffcc000fb0) at ../glib/glib/gmain.c:3344 #15 0x00007ffff69709b7 in g_main_context_dispatch_unlocked (context=0x7fffcc000fb0) at ../glib/glib/gmain.c:4152 #16 g_main_context_iterate_unlocked.isra.0 (context=context@entry=0x7fffcc000fb0, block=block@entry=1, dispatch=dispatch@entry=1, self=) at ../glib/glib/gmain.c:4217 #17 0x00007ffff690df95 in g_main_context_iteration (context=0x7fffcc000fb0, may_block=1) at ../glib/glib/gmain.c:4282 #18 0x00007ffff63a28dd in QEventDispatcherGlib::processEvents (this=0x555555a36290, flags=...) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:394 #19 0x00007ffff614f10e in QEventLoop::processEvents (this=0x7fffffffced0, flags=...) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qeventloop.cpp:100 #20 QEventLoop::exec (this=0x7fffffffced0, flags=...) at /usr/src/debug/qt6-base/qtbase/src/corelib/kernel/qeventloop.cpp:182 #21 0x00007ffff614945d in QCoreApplication::exec () at /usr/src/debug/qt6-base/qtbase/src/corelib/global/qflags.h:74 #22 0x00007ffff28f83fa in QApplication::exec () at /usr/src/debug/qt6-base/qtbase/src/widgets/kernel/qapplication.cpp:2555 #23 0x00007ffff32b55e0 in meth_QApplication_exec (sipSelf=, sipArgs=) at /usr/src/debug/pyqt6/PyQt6-6.7.0/build/QtWidgets/sipQtWidgetsQApplication.cpp:1289 #24 0x00007ffff79a52ed in cfunction_call (func=0x7fffd47442c0, args=0x7ffff7dc5148 <_PyRuntime+76264>, kwargs=0x0) at Objects/methodobject.c:548 #25 0x00007ffff798550b in _PyObject_MakeTpCall (tstate=0x7ffff7e22ae8 <_PyRuntime+459656>, callable=0x7fffd47442c0, args=, nargs=0, keywords=0x0) at Objects/call.c:240 #26 0x00007ffff788bdfa in _PyEval_EvalFrameDefault (tstate=, frame=0x7ffff7fb8338, throwflag=) at Python/bytecodes.c:2706 #27 0x00007ffff7a3d767 in PyEval_EvalCode (co=0x7ffff6d188f0, globals=, locals=0x7ffff760ac40) at Python/ceval.c:578 #28 0x00007ffff7a57a15 in builtin_exec_impl (module=, closure=, locals=0x7ffff760ac40, globals=0x7ffff760ac40, source=0x7ffff6d188f0) at Python/bltinmodule.c:1096 #29 builtin_exec (module=, args=, nargs=, kwnames=) at Python/clinic/bltinmodule.c.h:586 #30 0x00007ffff799a98e in cfunction_vectorcall_FASTCALL_KEYWORDS (func=, args=0x7ffff7fb8180, nargsf=, kwnames=0x0) at Objects/methodobject.c:438 #31 0x00007ffff799a844 in _PyObject_VectorcallTstate (kwnames=0x0, nargsf=9223372036854775810, args=0x7ffff7fb8180, callable=0x7ffff75a9e40, tstate=0x7ffff7e22ae8 <_PyRuntime+459656>) at ./Include/internal/pycore_call.h:92 #32 PyObject_Vectorcall (callable=0x7ffff75a9e40, args=0x7ffff7fb8180, nargsf=9223372036854775810, kwnames=0x0) at Objects/call.c:325 #33 0x00007ffff788bdfa in _PyEval_EvalFrameDefault (tstate=, frame=0x7ffff7fb80d8, throwflag=) at Python/bytecodes.c:2706 #34 0x00007ffff7a6d2fe in pymain_run_module (modname=, set_argv0=set_argv0@entry=1) at Modules/main.c:300 #35 0x00007ffff7a6cd45 in pymain_run_python (exitcode=0x7fffffffd544) at Modules/main.c:623 #36 Py_RunMain () at Modules/main.c:709 #37 0x00007ffff7a28fab in Py_BytesMain (argc=, argv=) at Modules/main.c:763 #38 0x00007ffff7639c88 in __libc_start_call_main (main=main@entry=0x555555555120
, argc=argc@entry=5, argv=argv@entry=0x7fffffffd7d8) at ../sysdeps/nptl/libc_start_call_main.h:58 #39 0x00007ffff7639d4c in __libc_start_main_impl (main=0x555555555120
, argc=5, argv=0x7fffffffd7d8, init=, fini=, rtld_fini=, stack_end=0x7fffffffd7c8) at ../csu/libc-start.c:360 #40 0x0000555555555045 in _start () ```

Side note, the stacktrace docs might need an update? I got the warning:

(gdb) set logging on
Warning: 'set logging on', an alias for the command 'set logging enabled', is deprecated.
Use 'set logging enabled on'.

How to reproduce

  1. env DEBUGINFOD_URLS="https://debuginfod.archlinux.org/" gdb -ex r --args $(readlink -f $(which python3)) -m qutebrowser --debug --temp-basedir
  2. :open https://www.overleaf.com/latex/templates/overleaf-keyboard-shortcuts/pphdnzrwmttk
  3. :hint links run fake-key -g ":download {hint-url}<Return><Return>"
  4. Select hint
  5. Download statusbar appears, but does not update size, percentage, estimated time, etc. Qutebrowser instance freezes for a few seconds, then segfaults.

I see the exact same behaviour on other websites (Tested duckduckgo.com selecting the ddg logo, and https://arxiv.org/ selecting a link to a pdf and a link to a html view), and with the slightly different command - :hint links run fake-key -g ":download {hint-url}<Return><Ctrl-x>". All tests were with --temp-basedir (though only the first example above has a gdb stack trace).

OmegaLambda1998 commented 2 weeks ago

Another piece of info, running :hint links run fake-key -g :download {hint-url}<Return><Return> (i.e. without the quotes), does not segfault. Instead the hints appear, and after one is selected, the message-error: fake-key: Unrecognized arguments: https://www.overleaf.com/latex/templates/overleaf-keyboard-shortcuts/pphdnzrwmttk.pdf<return><return> gets logged.

The-Compiler commented 2 weeks ago

Thanks for all the details! Reproduced. Not sure off-hand what's happening there, maybe a race condition when the download prompt is closed immediately after being opened or something along those lines.