[Qt-interest] QImage X11 bitmap crash

Thomi Richards thomir at gmail.com
Fri Jul 31 10:59:51 CEST 2009 

Hi,

I'm writing an application for Linux using Qt 4.5. In my application I
need to grab the application icon for other applications running in
the same X11 session. Right now I'm retrieving the icon using the X11
"_NET_WM_ICON" property. This all seems to work fairly well. I want to
load this bitmap data into a QImage and then use it in my application.
Everything seems to work for a while, but then I get a crash. I know
that the problem is in one function (since when I don't call the
function everything works fine). The code involved is:


<snip>
QImage CSoftwareInfoLinux::getIcon(Window w)
{
	QImage img;
	Atom a = XInternAtom(m_pDisplay, "_NET_WM_ICON" , true);
	Atom actualType;
	int format;
	unsigned long numItems, bytesAfter;
	unsigned char *data =0;

	int status = XGetWindowProperty(m_pDisplay,  //< m_pDisplay is the
Display* ptr currently connected to the X11 server
								w,
								a,
								0L,
								(~0L),
								false,
								AnyPropertyType,
								&actualType,
								&format,
								&numItems,
								&bytesAfter,
								&data);

	if (status >= Success && numItems)
	{
		quint32 *array = (quint32*) data;
		// success - we have data: Format should always be 32:
		Q_ASSERT(format == 32);
		Q_ASSERT(numItems > 2);
		// first two bytes are x & y:
		quint32 nWidth = array[0];
		quint32 nHeight = array[1];
		{
			QImage tmp((uchar*) (array + 2), nWidth, nHeight, QImage::Format_ARGB32);
			if (tmp.width() > 16)
			{
				tmp = tmp.scaledToWidth(16);
			}
// POSSIBLY THE PROBLEM IS HERE?
			img = tmp;
			img.detach();
			img.save(QString("%1.bmp").arg((int) w));
		}
	}
	XFree(data);
	return img;
}
</snip>


I'm a little concerned by the implicit sharing in QImage. The QImage
constructor I'm using states that:

"The buffer must remain valid throughout the life of the QImage. The
image does not delete the buffer at destruction."

I'm trying to get around this by making a copy of the image (to
'img'), then calling "detach()", which i believe will cause a deep
copy to take place. Then, the original image I constructed ("tmp")
goes out of scope before I delete the buffer using XFree.

Can anyone spot a flaw in my logic here? When my app crashes, the
crash report I get looks like this:

<snip>
*** glibc detected *** ./ABClient: corrupted double-linked list:
0x08bc2b08 ***
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6[0xb7030604]
/lib/tls/i686/cmov/libc.so.6[0xb70335d2]
/lib/tls/i686/cmov/libc.so.6(__libc_malloc+0x95)[0xb70349c5]
/usr/lib/libQtCore.so.4(_Z7qMallocj+0x1d)[0xb72b30bd]
/usr/lib/libQtCore.so.4(_ZN7QString17fromLatin1_helperEPKci+0x4d)[0xb72fe4bd]
/usr/lib/libQtCore.so.4(_ZN7QString10fromLatin1EPKci+0x2c)[0xb72fe57c]
/usr/lib/libQtGui.so.4[0xb77c458d]
/usr/lib/libQtGui.so.4(_ZN12QImageWriterC1ERK7QStringRK10QByteArray+0x37)[0xb77c47f7]
/usr/lib/libQtGui.so.4(_ZNK6QImage4saveERK7QStringPKci+0x6b)[0xb77ade6b]
/home/thomi/work/app/binary/libabOsal.so.7(_ZN18CSoftwareInfoLinux7getIconEm+0x293)[0xb7ff860d]
/home/thomi/work/app/binary/libabOsal.so.7(_ZN18CSoftwareInfoLinux16getWindowDetailsEm+0x11c)[0xb7ff8cbe]
/home/thomi/work/app/binary/libabOsal.so.7(_ZN18CSoftwareInfoLinux21getTopLevelWindowListEv+0x1ad)[0xb7ff92cd]
./ABClient[0x8066ab9]
./ABClient[0x8065523]
./ABClient[0x80681e5]
/usr/lib/libQtCore.so.4(_ZN11QMetaObject8activateEP7QObjectiiPPv+0x228)[0xb73c2ca8]
/usr/lib/libQtCore.so.4(_ZN11QMetaObject8activateEP7QObjectPKS_iPPv+0x52)[0xb73c3932]
/usr/lib/libQtCore.so.4(_ZN9QIODevice9readyReadEv+0x37)[0xb73fc7b7]
/usr/lib/libQtNetwork.so.4[0xb75407f2]
/usr/lib/libQtNetwork.so.4[0xb752d77b]
/usr/lib/libQtNetwork.so.4[0xb752ead6]
/usr/lib/libQtGui.so.4(_ZN19QApplicationPrivate13notify_helperEP7QObjectP6QEvent+0xbc)[0xb7700e9c]
/usr/lib/libQtGui.so.4(_ZN12QApplication6notifyEP7QObjectP6QEvent+0xbe)[0xb770919e]
/usr/lib/libQtCore.so.4(_ZN16QCoreApplication14notifyInternalEP7QObjectP6QEvent+0x7b)[0xb73aca3b]
/usr/lib/libQtCore.so.4[0xb73d86ca]
/usr/lib/libglib-2.0.so.0(g_main_context_dispatch+0x1e8)[0xb6e16b88]
/usr/lib/libglib-2.0.so.0[0xb6e1a0eb]
/usr/lib/libglib-2.0.so.0(g_main_context_iteration+0x68)[0xb6e1a268]
/usr/lib/libQtCore.so.4(_ZN20QEventDispatcherGlib13processEventsE6QFlagsIN10QEventLoop17ProcessEventsFlagEE+0x58)[0xb73d8438]
/usr/lib/libQtGui.so.4[0xb77a2365]
/usr/lib/libQtCore.so.4(_ZN10QEventLoop13processEventsE6QFlagsINS_17ProcessEventsFlagEE+0x4a)[0xb73ab06a]
/usr/lib/libQtCore.so.4(_ZN10QEventLoop4execE6QFlagsINS_17ProcessEventsFlagEE+0xea)[0xb73ab4aa]
/usr/lib/libQtCore.so.4(_ZN16QCoreApplication4execEv+0xb9)[0xb73ad959]
/usr/lib/libQtGui.so.4(_ZN12QApplication4execEv+0x27)[0xb7700d17]
./ABClient[0x804eb8a]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0xb6fd7775]
./ABClient[0x804e041]
======= Memory map: ========
08048000-0806e000 r-xp 00000000 08:01 2957961    /home/thomi/work/abc/binary/app
0806e000-0806f000 r--p 00025000 08:01 2957961    /home/thomi/work/abc/binary/app
0806f000-08070000 rw-p 00026000 08:01 2957961    /home/thomi/work/abc/binary/app
08070000-0808b000 rw-p 08070000 00:00 0
08b07000-08bf7000 rw-p 08b07000 00:00 0          [heap]
b5e00000-b5e21000 rw-p b5e00000 00:00 0
b5e21000-b5f00000 ---p b5e21000 00:00 0
b5fbd000-b5fc1000 r-xp 00000000 08:01 606887
/usr/lib/kde4/plugins/imageformats/kimg_xview.so
b5fc1000-b5fc2000 r--p 00003000 08:01 606887
/usr/lib/kde4/plugins/imageformats/kimg_xview.so
b5fc2000-b5fc3000 rw-p 00004000 08:01 606887
/usr/lib/kde4/plugins/imageformats/kimg_xview.so
b5fc3000-b5fd3000 r-xp 00000000 08:01 606886
/usr/lib/kde4/plugins/imageformats/kimg_xcf.so
b5fd3000-b5fd4000 r--p 0000f000 08:01 606886
/usr/lib/kde4/plugins/imageformats/kimg_xcf.so
b5fd4000-b5fd5000 rw-p 00010000 08:01 606886
/usr/lib/kde4/plugins/imageformats/kimg_xcf.so
b5fd5000-b5fd9000 rw-p b5fd5000 00:00 0
b5fd9000-b5fe3000 r-xp 00000000 08:01 606884
/usr/lib/kde4/plugins/imageformats/kimg_rgb.so
b5fe3000-b5fe4000 r--p 00009000 08:01 606884
/usr/lib/kde4/plugins/imageformats/kimg_rgb.so
b5fe4000-b5fe5000 rw-p 0000a000 08:01 606884
/usr/lib/kde4/plugins/imageformats/kimg_rgb.so
b5fe5000-b602a000 r-xp 00000000 08:01 575292     /usr/lib/libjasper.so.1.0.0
b602a000-b602b000 r--p 00044000 08:01 575292     /usr/lib/libjasper.so.1.0.0
b602b000-b602e000 rw-p 00045000 08:01 575292     /usr/lib/libjasper.so.1.0.0
b602e000-b6034000 rw-p b602e000 00:00 0
b6038000-b603d000 r-xp 00000000 08:01 606885
/usr/lib/kde4/plugins/imageformats/kimg_tga.so
b603d000-b603e000 r--p 00004000 08:01 606885
/usr/lib/kde4/plugins/imageformats/kimg_tga.so
b603e000-b603f000 rw-p 00005000 08:01 606885
/usr/lib/kde4/plugins/imageformats/kimg_tga.so
b603f000-b6043000 r-xp 00000000 08:01 606883
/usr/lib/kde4/plugins/imageformats/kimg_psd.so
b6043000-b6044000 r--p 00003000 08:01 606883
/usr/lib/kde4/plugins/imageformats/kimg_psd.so
b6044000-b6045000 rw-p 00004000 08:01 606883
/usr/lib/kde4/plugins/imageformats/kimg_psd.so
b6045000-b604b000 r-xp 00000000 08:01 574810     /usr/lib/libIlmThread.so.6.0.0
b604b000-b604c000 r--p 00005000 08:01 574810     /usr/lib/libIlmThread.so.6.0.0
b604c000-b604d000 rw-p 00006000 08:01 574810     /usr/lib/libIlmThread.so.6.0.0
b604d000-b608f000 r-xp 00000000 08:01 574799     /usr/lib/libHalf.so.6.0.0
b608f000-b6090000 r--p 00041000 08:01 574799     /usr/lib/libHalf.so.6.0.0
b6090000-b6091000 rw-p 00042000 08:01 574799     /usr/lib/libHalf.so.6.0.0
b6091000-b60a5000 r-xp 00000000 08:01 574806     /usr/lib/libIex.so.6.0.0
b60a5000-b60a7000 r--p 00013000 08:01 574806     /usr/lib/libIex.so.6.0.0
b60a7000-b60a8000 rw-p 00015000 08:01 574806     /usr/lib/libIex.so.6.0.0
b60a8000-b6164000 r-xp 00000000 08:01 574808     /usr/lib/libIlmImf.so.6.0.0
b6164000-b6166000 r--p 000bb000 08:01 574808     /usr/lib/libIlmImf.so.6.0.0
b6166000-b6167000 rw-p 000bd000 08:01 574808     /usr/lib/libIlmImf.so.6.0.0
b6167000-b616b000 r-xp 00000000 08:01 574812     /usr/lib/libImath.so.6.0.0
b616b000-b616c000 r--p 00003000 08:01 574812     /usr/lib/libImath.so.6.0.0
b616c000-b616d000 rw-p 00004000 08:01 574812     /usr/lib/libImath.so.6.0.0
b616e000-b6176000 r-xp 00000000 08:01 606882
/usr/lib/kde4/plugins/imageformats/kimg_pcx.so
b6176000-b6177000 r--p 00007000 08:01 606882
/usr/lib/kde4/plugins/imageformats/kimg_pcx.so
b6177000-b6178000 rw-p 00008000 08:01 606882
/usr/lib/kde4/plugins/imageformats/kimg_pcx.so
b6178000-b617c000 r-xp 00000000 08:01 606881
/usr/lib/kde4/plugins/imageformats/kimg_jp2.so
b617c000-b617d000 r--p 00003000 08:01 606881
/usr/lib/kde4/plugins/imageformats/kimg_jp2.so
b617d000-b617e000 rw-p 00004000 08:01 606881
/usr/lib/kde4/plugins/imageformats/Aborted
</snip>

Can anyone else here see something wrong with this? I realise that
this may be X11-specific, but I still get very similar crashes if I
comment out the X11 calls as well...

I'd be very grateful if someone could point me in the right direction
on this one.


Cheers,

More information about the Qt-interest-old mailing list