https://bugs.kde.org/show_bug.cgi?id=344192
--- Comment #6 from Kevin Funk <kf...@kde.org> ---
Reproduced.
SUMMARY: AddressSanitizer: undefined-behavior
/home/kfunk/devel/src/kf5/kdevplatform-stable/sublime/document.cpp:64:70 in
=================================================================
==6799==ERROR: AddressSanitizer: heap-use-after-free on address 0x606000ed92e0
at pc 0x7fed1fc9d0eb bp 0x7ffc8f498cb0 sp 0x7ffc8f498ca8
READ of size 8 at 0x606000ed92e0 thread T0
#0 0x7fed1fc9d0ea in
KDevelop::MainWindow::updateTabColor(KDevelop::IDocument*)
/home/kfunk/devel/src/kf5/kdevplatform-stable/shell/mainwindow.cpp:433:41
#1 0x7fed1fcc0e5e in QtPrivate::FunctorCall<QtPrivate::IndexesList<0>,
QtPrivate::List<KDevelop::IDocument*>, void, void
(KDevelop::MainWindow::*)(KDevelop::IDocument*)>::call(void
(KDevelop::MainWindow::*)(KDevelop::IDocument*), KDevelop::MainWindow*, void**)
/usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:501:13
#2 0x7fed1fcc098d in void QtPrivate::FunctionPointer<void
(KDevelop::MainWindow::*)(KDevelop::IDocument*)>::call<QtPrivate::List<KDevelop::IDocument*>,
void>(void (KDevelop::MainWindow::*)(KDevelop::IDocument*),
KDevelop::MainWindow*, void**)
/usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:520:13
#3 0x7fed1fcc0431 in QtPrivate::QSlotObject<void
(KDevelop::MainWindow::*)(KDevelop::IDocument*),
QtPrivate::List<KDevelop::IDocument*>, void>::impl(int,
QtPrivate::QSlotObjectBase*, QObject*, void**, bool*)
/usr/include/x86_64-linux-gnu/qt5/QtCore/qobject_impl.h:143:17
#4 0x7fed19501ea0 in QObject::event(QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b5ea0)
#5 0x7fed19e07cda in QWidget::event(QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x19dcda)
#6 0x7fed19f1dd8a in QMainWindow::event(QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x2b3d8a)
#7 0x7fed1cc1c6a6 in KMainWindow::event(QEvent*)
(/usr/lib/x86_64-linux-gnu/libKF5XmlGui.so.5+0x7a6a6)
#8 0x7fed1cc56964 in KXmlGuiWindow::event(QEvent*)
(/usr/lib/x86_64-linux-gnu/libKF5XmlGui.so.5+0xb4964)
#9 0x7fed19dc505b in QApplicationPrivate::notify_helper(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x15b05b)
#10 0x7fed19dca515 in QApplication::notify(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x160515)
#11 0x7fed194d262a in QCoreApplication::notifyInternal(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x28662a)
#12 0x7fed194d4a25 in QCoreApplicationPrivate::sendPostedEvents(QObject*,
int, QThreadData*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x288a25)
#13 0x7fed19528672 (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2dc672)
#14 0x7fed0c7471a6 in g_main_context_dispatch
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4a1a6)
#15 0x7fed0c7473ff (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4a3ff)
#16 0x7fed0c7474ab in g_main_context_iteration
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4a4ab)
#17 0x7fed19528a7e in
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2dca7e)
#18 0x7fed194cfde9 in
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x283de9)
#19 0x7fed194d7e8b in QCoreApplication::exec()
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x28be8b)
#20 0x5226a7 in main
/home/kfunk/devel/src/kf5/kdevelop-stable/app/main.cpp:745:12
#21 0x7fed17fd982f in __libc_start_main
/build/glibc-GKVZIf/glibc-2.23/csu/../csu/libc-start.c:291
#22 0x424228 in _start
(/home/kfunk/devel/install/kf5-stable/bin/kdevelop+0x424228)
0x606000ed92e0 is located 32 bytes inside of 64-byte region
[0x606000ed92c0,0x606000ed9300)
freed by thread T0 here:
#0 0x4f5f40 in operator delete(void*)
(/home/kfunk/devel/install/kf5-stable/bin/kdevelop+0x4f5f40)
#1 0x7fed1ff19cdf in KDevelop::TextDocument::~TextDocument()
/home/kfunk/devel/src/kf5/kdevplatform-stable/shell/textdocument.cpp:258:1
#2 0x7fed19501ebf in QObject::event(QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b5ebf)
#3 0x7fed19dc505b in QApplicationPrivate::notify_helper(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x15b05b)
previously allocated by thread T0 here:
#0 0x4f5940 in operator new(unsigned long)
(/home/kfunk/devel/install/kf5-stable/bin/kdevelop+0x4f5940)
#1 0x7fed1ff9fd56 in
KDevelop::DocumentControllerPrivate::openDocumentInternal(QUrl const&, QString
const&, KTextEditor::Range const&, QString const&,
QFlags<KDevelop::IDocumentController::DocumentActivation>,
KDevelop::IDocument*)
/home/kfunk/devel/src/kf5/kdevplatform-stable/shell/documentcontroller.cpp:322:27
#2 0x7fed1ff7418c in KDevelop::DocumentController::openDocument(QUrl
const&, KTextEditor::Range const&,
QFlags<KDevelop::IDocumentController::DocumentActivation>, QString const&,
KDevelop::IDocument*)
/home/kfunk/devel/src/kf5/kdevplatform-stable/shell/documentcontroller.cpp:703:12
#3 0x7fed1d834caf in KDevelop::IDocumentController::openDocument(QUrl
const&, KTextEditor::Cursor const&,
QFlags<KDevelop::IDocumentController::DocumentActivation>, QString const&)
/home/kfunk/devel/src/kf5/kdevplatform-stable/interfaces/idocumentcontroller.cpp:33:12
#4 0x7fed1fbe353b in KDevelop::WorkingSet::loadToArea(Sublime::Area*,
Sublime::AreaIndex*, KConfigGroup, KConfigGroup, QMultiMap<QString,
Sublime::View*>&)
/home/kfunk/devel/src/kf5/kdevplatform-stable/shell/workingsets/workingset.cpp:328:30
#5 0x7fed1fbdda60 in KDevelop::WorkingSet::loadToArea(Sublime::Area*,
Sublime::AreaIndex*)
/home/kfunk/devel/src/kf5/kdevplatform-stable/shell/workingsets/workingset.cpp:253:5
#6 0x7fed1fba8267 in
KDevelop::WorkingSetController::changedWorkingSet(Sublime::Area*, QString
const&, QString const&)
/home/kfunk/devel/src/kf5/kdevplatform-stable/shell/workingsetcontroller.cpp:300:9
#7 0x7fed1fbcf743 in QtPrivate::FunctorCall<QtPrivate::IndexesList<0, 1,
2>, QtPrivate::List<Sublime::Area*, QString, QString>, void, void
(KDevelop::WorkingSetController::*)(Sublime::Area*, QString const&, QString
const&)>::call(void (KDevelop::WorkingSetController::*)(Sublime::Area*, QString
const&, QString const&), KDevelop::WorkingSetController*, void**)
/usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:501:13
#8 0x7fed1fbcf07d in void QtPrivate::FunctionPointer<void
(KDevelop::WorkingSetController::*)(Sublime::Area*, QString const&, QString
const&)>::call<QtPrivate::List<Sublime::Area*, QString, QString>, void>(void
(KDevelop::WorkingSetController::*)(Sublime::Area*, QString const&, QString
const&), KDevelop::WorkingSetController*, void**)
/usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:520:13
#9 0x7fed1fbceb1f in QtPrivate::QSlotObject<void
(KDevelop::WorkingSetController::*)(Sublime::Area*, QString const&, QString
const&), QtPrivate::List<Sublime::Area*, QString, QString>, void>::impl(int,
QtPrivate::QSlotObjectBase*, QObject*, void**, bool*)
/usr/include/x86_64-linux-gnu/qt5/QtCore/qobject_impl.h:143:17
#10 0x7fed19500e4e in QMetaObject::activate(QObject*, int, int, void**)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b4e4e)
#11 0x7fed1e8acfcc in Sublime::Area::changedWorkingSet(Sublime::Area*,
QString, QString)
/home/kfunk/devel/build/kf5/kdevplatform-stable/sublime/moc_area.cpp:322:5
#12 0x7fed1e676e72 in Sublime::Area::setWorkingSet(QString)
/home/kfunk/devel/src/kf5/kdevplatform-stable/sublime/area.cpp:428:14
#13 0x7fed1e67547f in Sublime::Area::load(KConfigGroup const&)
/home/kfunk/devel/src/kf5/kdevplatform-stable/sublime/area.cpp:353:5
#14 0x7fed1fdc3da0 in KDevelop::UiController::loadArea(Sublime::Area*,
KConfigGroup const&)
/home/kfunk/devel/src/kf5/kdevplatform-stable/shell/uicontroller.cpp:556:5
#15 0x7fed1fdc76d8 in
KDevelop::UiController::loadAllAreas(QExplicitlySharedDataPointer<KSharedConfig>)
/home/kfunk/devel/src/kf5/kdevplatform-stable/shell/uicontroller.cpp:642:17
#16 0x7fed1fd94817 in
KDevelop::CorePrivate::initialize(KDevelop::Core::Setup, QString)
/home/kfunk/devel/src/kf5/kdevplatform-stable/shell/core.cpp:278:9
#17 0x7fed1fd994f6 in KDevelop::Core::initialize(QObject*,
KDevelop::Core::Setup, QString const&)
/home/kfunk/devel/src/kf5/kdevplatform-stable/shell/core.cpp:361:16
#18 0x51a4b9 in main
/home/kfunk/devel/src/kf5/kdevelop-stable/app/main.cpp:631:9
#19 0x7fed17fd982f in __libc_start_main
/build/glibc-GKVZIf/glibc-2.23/csu/../csu/libc-start.c:291
SUMMARY: AddressSanitizer: heap-use-after-free
/home/kfunk/devel/src/kf5/kdevplatform-stable/shell/mainwindow.cpp:433:41 in
KDevelop::MainWindow::updateTabColor(KDevelop::IDocument*)
Shadow bytes around the buggy address:
0x0c0c801d3200: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa
0x0c0c801d3210: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd
0x0c0c801d3220: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fa
0x0c0c801d3230: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa
0x0c0c801d3240: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd
=>0x0c0c801d3250: fd fd fd fa fa fa fa fa fd fd fd fd[fd]fd fd fd
0x0c0c801d3260: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa
0x0c0c801d3270: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd
0x0c0c801d3280: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fd
0x0c0c801d3290: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa
0x0c0c801d32a0: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==6799==ABORTING
--
You are receiving this mail because:
You are watching all bug changes.
