https://bugs.kde.org/show_bug.cgi?id=513744
Nicolas Fella <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #6 from Nicolas Fella <[email protected]> --- ==37018==ERROR: AddressSanitizer: heap-use-after-free on address 0x7bfd5261e5e8 at pc 0x7f9d5a64c2a2 bp 0x7ffc28d50580 sp 0x7ffc28d50578 READ of size 8 at 0x7bfd5261e5e8 thread T0 #0 0x7f9d5a64c2a1 in QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> >::get() const /home/nico/workspace/qt6-dev/qtbase/src/corelib/tools/qscopedpointer.h:112 #1 0x7f9d5a64c2a1 in decltype (({parm#1}.get)()) qGetPtrHelper<QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> > >(QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> >&) /home/nico/workspace/qt6-dev/qtbase/src/corelib/global/qtclasshelpermacros.h:137 #2 0x7f9d5a64c2a1 in QObject::d_func() /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qobject.h:110 #3 0x7f9d5a64c2a1 in QObjectPrivate::get(QObject*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qobject_p.h:160 #4 0x7f9d5a64c2a1 in QtSharedPointer::ExternalRefCountData::getAndRef(QObject const*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/tools/qsharedpointer.cpp:1470 #5 0x7f9d618a3137 in QWeakPointer<QObject const>::QWeakPointer<QMimeData const, true>(QMimeData const*, bool) /home/nico/kde-qtdev/usr/include/QtCore/qsharedpointer_impl.h:781 #6 0x7f9d618a29a3 in QPointer<QMimeData const>::QPointer<void>(QMimeData const*) /home/nico/kde-qtdev/usr/include/QtCore/qpointer.h:37 #7 0x7f9d61907035 in KIO::DropJobPrivate::DropJobPrivate(QDropEvent const*, QUrl const&, QFlags<KIO::DropJobFlag>, QFlags<KIO::JobFlag>) /home/nico/kde-qtdev/src/kio/src/widgets/dropjob.cpp:88 #8 0x7f9d61907c75 in KIO::DropJobPrivate::newJob(QDropEvent const*, QUrl const&, QFlags<KIO::DropJobFlag>, QFlags<KIO::JobFlag>) /home/nico/kde-qtdev/src/kio/src/widgets/dropjob.cpp:165 #9 0x7f9d6190147d in KIO::drop(QDropEvent const*, QUrl const&, QFlags<KIO::JobFlag>) /home/nico/kde-qtdev/src/kio/src/widgets/dropjob.cpp:772 #10 0x7f9d64166df9 in Konsole::TerminalDisplay::dropEvent(QDropEvent*) /home/nico/kde-qtdev/src/konsole/src/terminalDisplay/TerminalDisplay.cpp:3052 #11 0x7f9d5d7f35e2 in QWidget::event(QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qwidget.cpp:9234 #12 0x7f9d64164a4f in Konsole::TerminalDisplay::event(QEvent*) /home/nico/kde-qtdev/src/konsole/src/terminalDisplay/TerminalDisplay.cpp:2923 #13 0x7f9d5d68fff2 in QApplicationPrivate::notify_helper(QObject*, QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qapplication.cpp:3276 #14 0x7f9d5d6a7b9e in QApplication::notify(QObject*, QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qapplication.cpp:3038 #15 0x7f9d5a1e6d25 in QCoreApplication::notifyInternal2(QObject*, QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1109 #16 0x7f9d5a1e6ec3 in QCoreApplication::forwardEvent(QObject*, QEvent*, QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1124 #17 0x7f9d5d849916 in QWidgetWindow::handleDropEvent(QDropEvent*) /home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qwidgetwindow.cpp:1064 #18 0x7f9d5d84c146 in QWidgetWindow::event(QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qwidgetwindow.cpp:335 #19 0x7f9d5d68fff2 in QApplicationPrivate::notify_helper(QObject*, QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qapplication.cpp:3276 #20 0x7f9d5d6acae5 in QApplication::notify(QObject*, QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qapplication.cpp:3226 #21 0x7f9d5a1e6d25 in QCoreApplication::notifyInternal2(QObject*, QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1109 #22 0x7f9d5a1e6f10 in QCoreApplication::sendEvent(QObject*, QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1549 #23 0x7f9d5bcb35d7 in QGuiApplicationPrivate::processDrop(QWindow*, QMimeData const*, QPoint const&, QFlags<Qt::DropAction>, QFlags<Qt::MouseButton>, QFlags<Qt::KeyboardModifier>) /home/nico/workspace/qt6-dev/qtbase/src/gui/kernel/qguiapplication.cpp:3576 #24 0x7f9d5be18852 in QWindowSystemInterface::handleDrop(QWindow*, QMimeData const*, QPoint const&, QFlags<Qt::DropAction>, QFlags<Qt::MouseButton>, QFlags<Qt::KeyboardModifier>) /home/nico/workspace/qt6-dev/qtbase/src/gui/kernel/qwindowsysteminterface.cpp:861 #25 0x7f9d5461e795 in QtWaylandClient::QWaylandDataDevice::data_device_drop() /home/nico/workspace/qt6-dev/qtbase/src/plugins/platforms/wayland/qwaylanddatadevice.cpp:199 #26 0x7f9d545e1689 in QtWayland::wl_data_device::handle_drop(void*, wl_data_device*) /home/nico/workspace/qt6-dev/qtbase/src/plugins/platforms/wayland/qwayland-wayland.cpp:984 #27 0x7f9d5b7fbc91 in ffi_call_unix64 ../src/x86/unix64.S:104 #28 0x7f9d5b7f8a25 in ffi_call_int ../src/x86/ffi64.c:676 #29 0x7f9d5b7fb2ad in ffi_call ../src/x86/ffi64.c:713 #30 0x7f9d629b9377 in wl_closure_invoke ../../src/wayland/src/connection.c:1243 #31 0x7f9d629b501b in dispatch_event ../../src/wayland/src/wayland-client.c:1725 #32 0x7f9d629b626a in dispatch_queue ../../src/wayland/src/wayland-client.c:1871 #33 0x7f9d629b626a in wl_display_dispatch_queue_pending ../../src/wayland/src/wayland-client.c:2236 #34 0x7f9d544fbc3c in QtWaylandClient::EventThread::dispatchQueuePending() /home/nico/workspace/qt6-dev/qtbase/src/plugins/platforms/wayland/qwaylanddisplay.cpp:230 #35 0x7f9d5450028b in QtWaylandClient::EventThread::readAndDispatchEvents() /home/nico/workspace/qt6-dev/qtbase/src/plugins/platforms/wayland/qwaylanddisplay.cpp:115 #36 0x7f9d544e8268 in QtWaylandClient::QWaylandDisplay::flushRequests() /home/nico/workspace/qt6-dev/qtbase/src/plugins/platforms/wayland/qwaylanddisplay.cpp:526 #37 0x7f9d5450d846 in QtPrivate::FunctorCall<std::integer_sequence<unsigned long>, QtPrivate::List<>, void, void (QtWaylandClient::QWaylandDisplay::*)()>::call(void (QtWaylandClient::QWaylandDisplay::*)(), QtWaylandClient::QWaylandDisplay*, void**)::{lambda()#1}::operator()() const /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qobjectdefs_impl.h:127 #38 0x7f9d5450f872 in void QtPrivate::FunctorCallBase::call_internal<void, QtPrivate::FunctorCall<std::integer_sequence<unsigned long>, QtPrivate::List<>, void, void (QtWaylandClient::QWaylandDisplay::*)()>::call(void (QtWaylandClient::QWaylandDisplay::*)(), QtWaylandClient::QWaylandDisplay*, void**)::{lambda()#1}>(void**, QtPrivate::FunctorCall<std::integer_sequence<unsigned long>, QtPrivate::List<>, void, void (QtWaylandClient::QWaylandDisplay::*)()>::call(void (QtWaylandClient::QWaylandDisplay::*)(), QtWaylandClient::QWaylandDisplay*, void**)::{lambda()#1}&&) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qobjectdefs_impl.h:65 #39 0x7f9d5450f872 in QtPrivate::FunctorCall<std::integer_sequence<unsigned long>, QtPrivate::List<>, void, void (QtWaylandClient::QWaylandDisplay::*)()>::call(void (QtWaylandClient::QWaylandDisplay::*)(), QtWaylandClient::QWaylandDisplay*, void**) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qobjectdefs_impl.h:126 #40 0x7f9d5450f96a in void QtPrivate::FunctionPointer<void (QtWaylandClient::QWaylandDisplay::*)()>::call<QtPrivate::List<>, void>(void (QtWaylandClient::QWaylandDisplay::*)(), QtWaylandClient::QWaylandDisplay*, void**) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qobjectdefs_impl.h:174 #41 0x7f9d5450f96a in QtPrivate::QCallableObject<void (QtWaylandClient::QWaylandDisplay::*)(), QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qobjectdefs_impl.h:545 #42 0x7f9d5a2f0545 in QtPrivate::QSlotObjectBase::call(QObject*, void**) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qobjectdefs_impl.h:461 #43 0x7f9d5a2f0545 in QMetaCallEvent::placeMetaCall(QObject*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qobject.cpp:546 #44 0x7f9d5a303445 in QObject::event(QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qobject.cpp:1479 #45 0x7f9d5d68fff2 in QApplicationPrivate::notify_helper(QObject*, QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qapplication.cpp:3276 #46 0x7f9d5d6acae5 in QApplication::notify(QObject*, QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qapplication.cpp:3226 #47 0x7f9d5a1e6d25 in QCoreApplication::notifyInternal2(QObject*, QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1109 #48 0x7f9d5a1e6f10 in QCoreApplication::sendEvent(QObject*, QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1549 #49 0x7f9d5a1e92cb in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1904 #50 0x7f9d5a1e95fd in QCoreApplication::sendPostedEvents(QObject*, int) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1757 #51 0x7f9d5ab1edcd in postEventSourceDispatch /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:246 #52 0x7f9d55f06b35 in g_main_dispatch ../glib/gmain.c:3565 #53 0x7f9d55f06b35 in g_main_context_dispatch_unlocked ../glib/gmain.c:4425 #54 0x7f9d55f09a27 in g_main_context_iterate_unlocked ../glib/gmain.c:4490 #55 0x7f9d55f0a26b in g_main_context_iteration ../glib/gmain.c:4556 #56 0x7f9d5ab1d1bd in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:399 #57 0x7f9d5ccd4ac7 in QPAEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) /home/nico/workspace/qt6-dev/qtbase/src/gui/platform/unix/qeventdispatcher_glib.cpp:90 #58 0x7f9d5a207aa7 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qeventloop.cpp:104 #59 0x7f9d5a2090a2 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qeventloop.cpp:186 #60 0x7f9d5a1f15ce in QCoreApplication::exec() /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1452 #61 0x7f9d5bc81b81 in QGuiApplication::exec() /home/nico/workspace/qt6-dev/qtbase/src/gui/kernel/qguiapplication.cpp:1977 #62 0x7f9d5d68cc40 in QApplication::exec() /home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qapplication.cpp:2546 #63 0x000000408079 in main /home/nico/kde-qtdev/src/konsole/src/main.cpp:288 #64 0x7f9d5962b2fa in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 #65 0x7f9d5962b3ca in __libc_start_main_impl ../csu/libc-start.c:360 #66 0x000000405884 in _start ../sysdeps/x86_64/start.S:115 0x7bfd5261e5e8 is located 8 bytes inside of 56-byte region [0x7bfd5261e5e0,0x7bfd5261e618) freed by thread T0 here: #0 0x7f9d6492369b in operator delete(void*, unsigned long) ../../../../libsanitizer/asan/asan_new_delete.cpp:155 #1 0x7f9d546269d1 in QtWaylandClient::QWaylandMimeData::~QWaylandMimeData() /home/nico/workspace/qt6-dev/qtbase/src/plugins/platforms/wayland/qwaylanddataoffer.cpp:158 #2 0x7f9d544e34c9 in QScopedPointerDeleter<QtWaylandClient::QWaylandMimeData>::cleanup(QtWaylandClient::QWaylandMimeData*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/tools/qscopedpointer.h:24 #3 0x7f9d544e34c9 in QScopedPointer<QtWaylandClient::QWaylandMimeData, QScopedPointerDeleter<QtWaylandClient::QWaylandMimeData> >::~QScopedPointer() /home/nico/workspace/qt6-dev/qtbase/src/corelib/tools/qscopedpointer.h:81 #4 0x7f9d54624273 in QtWaylandClient::QWaylandDataOffer::~QWaylandDataOffer() /home/nico/workspace/qt6-dev/qtbase/src/plugins/platforms/wayland/qwaylanddataoffer.cpp:99 #5 0x7f9d546242d2 in QtWaylandClient::QWaylandDataOffer::~QWaylandDataOffer() /home/nico/workspace/qt6-dev/qtbase/src/plugins/platforms/wayland/qwaylanddataoffer.cpp:99 #6 0x7f9d5462236e in QScopedPointerDeleter<QtWaylandClient::QWaylandDataOffer>::cleanup(QtWaylandClient::QWaylandDataOffer*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/tools/qscopedpointer.h:24 #7 0x7f9d5462236e in QScopedPointer<QtWaylandClient::QWaylandDataOffer, QScopedPointerDeleter<QtWaylandClient::QWaylandDataOffer> >::reset(QtWaylandClient::QWaylandDataOffer*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/tools/qscopedpointer.h:125 #8 0x7f9d5461f7a6 in QtWaylandClient::QWaylandDataDevice::data_device_leave() /home/nico/workspace/qt6-dev/qtbase/src/plugins/platforms/wayland/qwaylanddatadevice.cpp:256 #9 0x7f9d545e15f1 in QtWayland::wl_data_device::handle_leave(void*, wl_data_device*) /home/nico/workspace/qt6-dev/qtbase/src/plugins/platforms/wayland/qwayland-wayland.cpp:954 #10 0x7f9d5b7fbc91 in ffi_call_unix64 ../src/x86/unix64.S:104 previously allocated by thread T0 here: #0 0x7f9d6492273b in operator new(unsigned long) ../../../../libsanitizer/asan/asan_new_delete.cpp:86 #1 0x7f9d5462419a in QtWaylandClient::QWaylandDataOffer::QWaylandDataOffer(QtWaylandClient::QWaylandDisplay*, wl_data_offer*) /home/nico/workspace/qt6-dev/qtbase/src/plugins/platforms/wayland/qwaylanddataoffer.cpp:92 #2 0x7f9d5461d4bb in QtWaylandClient::QWaylandDataDevice::data_device_data_offer(wl_data_offer*) /home/nico/workspace/qt6-dev/qtbase/src/plugins/platforms/wayland/qwaylanddatadevice.cpp:179 #3 0x7f9d545e1552 in QtWayland::wl_data_device::handle_data_offer(void*, wl_data_device*, wl_data_offer*) /home/nico/workspace/qt6-dev/qtbase/src/plugins/platforms/wayland/qwayland-wayland.cpp:919 #4 0x7f9d5b7fbc91 in ffi_call_unix64 ../src/x86/unix64.S:104 SUMMARY: AddressSanitizer: heap-use-after-free /home/nico/workspace/qt6-dev/qtbase/src/corelib/tools/qscopedpointer.h:112 in QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> >::get() const Shadow bytes around the buggy address: 0x7bfd5261e300: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fd 0x7bfd5261e380: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa 0x7bfd5261e400: fd fd fd fd fd fd fd fd fa fa fa fa 00 00 00 00 0x7bfd5261e480: 00 00 00 fa fa fa fa fa fd fd fd fd fd fd fd fd 0x7bfd5261e500: fa fa fa fa 00 00 00 00 00 00 00 fa fa fa fa fa =>0x7bfd5261e580: fd fd fd fd fd fd fd fd fa fa fa fa fd[fd]fd fd 0x7bfd5261e600: fd fd fd fa fa fa fa fa fd fd fd fd fd fd fd fd 0x7bfd5261e680: fa fa fa fa fd fd fd fd fd fd fd fa fa fa fa fa 0x7bfd5261e700: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd 0x7bfd5261e780: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fd 0x7bfd5261e800: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==37018==ABORTING -- You are receiving this mail because: You are watching all bug changes.
