Bug#969546: freecad: Freecad crashes when placing beam in Arch workbench
Dear Maintainer, I could reproduce this crash and first lines of the backtrace with full debug symbols shows like in [1], while trying to dereference a null pointer. This might be a use after free because when trying to reverse execute to the point where the memory holding the null pointer is last written, we end in [2], which seems destroying the container pyObj=0x7f987942c7c0. Full backtraces and starting from a minimal VM in attached file. Kind regards, Bernhard [1] (rr) bt #0 0x7f98dcb21a5f in Shiboken::Object::cppPointers (pyObj=0x7f987942c7c0) at /usr/include/c++/9/bits/stl_vector.h:1040 #1 0x7f98dcc0f73a in Sbkshiboken2Module_getCppPointer (self=, pyArg=0x7f987942c7c0) at ./pyside3_build/py3.8-qt5.14.2-64bit-relwithdebinfo/shiboken2/shibokenmodule/shiboken2/shiboken2_module_wrapper.cpp:278 #2 0x7f98e5fc1f06 in cfunction_vectorcall_O (func=func@entry=0x7f98dcba1450, args=0x7f9879a6bbc8, nargsf=nargsf@entry=1, kwnames=) at ../Objects/methodobject.c:482 #3 0x7f98e5f7e0bc in PyVectorcall_Call (callable=0x7f98dcba1450, tuple=, kwargs=) at ../Objects/call.c:199 #4 0x7f98e5f7e26f in PyObject_Call (callable=, args=, kwargs=) at ../Objects/call.c:227 #5 0x7f98e5f7edf1 in PyEval_CallObjectWithKeywords (callable=, args=, kwargs=kwargs@entry=0x0) at ../Objects/call.c:809 #6 0x7f98e5f7ee67 in PyObject_CallObject (callable=, args=) at ../Objects/call.c:817 #7 0x7f98e7041d07 in Py::Callable::apply (args=..., this=0x7ffdc1b3a8f0) at ./src/CXX/Python3/Objects.hxx:3156 #8 Gui::qt_getCppPointer (pyobject=..., shiboken=, unwrap=) at ./src/Gui/WidgetFactory.cpp:273 #9 0x7f98e6f72950 in Gui::TaskView::TaskDialogPython::TaskDialogPython (this=0x55dcb312bd10, o=...) at ./src/CXX/Python3/Objects.hxx:185 #10 0x7f98e6f72d0d in Gui::TaskView::ControlPy::showDialog (this=, args=...) at ./src/CXX/Python3/Objects.hxx:177 #11 0x7f98e6f736b1 in Py::PythonExtension::method_varargs_call_handler (_self_and_name_tuple=, _args=) at ./src/CXX/Python3/Objects.hxx:177 #12 0x7f98e5f7d947 in cfunction_call_varargs (func=0x7f987943c590, args=, kwargs=) at ../Objects/call.c:757 #13 0x7f98e5f7e797 in _PyObject_MakeTpCall (callable=0x7f987943c590, args=, nargs=, keywords=0x0) at ../Objects/call.c:159 #14 0x7f98e5f59cd3 in _PyObject_Vectorcall (kwnames=0x0, nargsf=, args=, callable=0x7f987943c590) at ../Include/cpython/abstract.h:125 ... [2] (rr) bt #0 Shiboken::Object::destroy (self=0x7f987942c7c0, cppData=0x55dcaf4f8900) at ./sources/shiboken2/libshiboken/basewrapper.cpp:1479 #1 0x7f98d4b17403 in QWidgetWrapper::~QWidgetWrapper (this=0x55dcaf4f8900, __in_chrg=) at ./pyside3_build/py3.8-qt5.14.2-64bit-relwithdebinfo/pyside2/PySide2/QtWidgets/PySide2/QtWidgets/qwidget_wrapper.cpp:1794 #2 0x7f98d4b17429 in QWidgetWrapper::~QWidgetWrapper (this=0x55dcaf4f8900, __in_chrg=) at ./pyside3_build/py3.8-qt5.14.2-64bit-relwithdebinfo/pyside2/PySide2/QtWidgets/PySide2/QtWidgets/qwidget_wrapper.cpp:1791 #3 0x7f98e55efb0e in QObjectPrivate::deleteChildren (this=this@entry=0x55dcaf320a10) at kernel/qobject.cpp:2123 #4 0x7f98e59f4ce6 in QWidget::~QWidget (this=0x55dcaf31d800, __in_chrg=) at kernel/qwidget.cpp:1530 #5 0x7f98e6f7da71 in QSint::TaskGroup::~TaskGroup (this=0x55dcaf31d800, __in_chrg=) at ./src/Gui/QSint/actionpanel/taskgroup_p.h:22 #6 QSint::TaskGroup::~TaskGroup (this=0x55dcaf31d800, __in_chrg=) at ./src/Gui/QSint/actionpanel/taskgroup_p.h:22 #7 0x7f98e55efb0e in QObjectPrivate::deleteChildren (this=this@entry=0x55dcaf312a30) at kernel/qobject.cpp:2123 #8 0x7f98e59f4ce6 in QWidget::~QWidget (this=0x55dcaf312980, __in_chrg=) at kernel/qwidget.cpp:1530 #9 0x7f98e6f6c8d9 in Gui::TaskView::TaskBox::~TaskBox (this=0x55dcaf312980, __in_chrg=) at ./src/Gui/TaskView/TaskView.cpp:241 #10 0x7f98e6f6dab6 in Gui::TaskView::TaskDialog::~TaskDialog (this=0x55dcaf516440, __in_chrg=) at /usr/include/c++/9/bits/stl_iterator.h:819 #11 0x7f98e6f6eed4 in Gui::TaskView::TaskDialogPython::~TaskDialogPython (this=0x55dcaf516440, __in_chrg=) at ./src/CXX/Python3/Objects.hxx:163 #12 0x7f98e6f6ef09 in Gui::TaskView::TaskDialogPython::~TaskDialogPython (this=0x55dcaf516440, __in_chrg=) at ./src/Gui/TaskView/TaskDialogPython.cpp:314 #13 0x7f98e6f6a48b in Gui::TaskView::TaskView::removeDialog (this=0x55dcacf00840) at ./src/Gui/TaskView/TaskView.cpp:649 #14 0x7f98e6f6dfb2 in Gui::TaskView::ControlPy::closeDialog (this=) at ./src/Gui/Control.h:133 #15 0x7f98e6f736b1 in Py::PythonExtension::method_varargs_call_handler (_self_and_name_tuple=, _args=) at ./src/CXX/Python3/Objects.hxx:177 #16 0x7f98e5f7d947 in cfunction_call_varargs (func=0x7f9879427900, args=, kwargs=) at ../Objects/call.c:757 #17 0x7f98e5f7e797 in _PyObject_MakeTpCall (callable=0x7f9879427900, args=, nargs=, keywords=0x0) at ../Objects/call.c:159 #18 0x7f98e5f59cd3 in _PyObject_Vectorcall (kwnames=0x0, nargsf=,
Bug#969546: freecad: Freecad crashes when placing beam in Arch workbench
Package: freecad Version: 0.18.4+dfsg2-5 Severity: normal Tags: upstream X-Debbugs-Cc: tylerschw...@gmail.com Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation? Attempting to use the Arch workbench in Freecad. * What exactly did you do (or not do) that was effective (or ineffective)? Open a new document. Switch to the Arch workbench. Click the Structure button. Switch to Beam. Optionally, set the material and preset. Place the beam. * What was the outcome of this action? Freecad crashes with the below segfault. * What outcome did you expect instead? A new beam. *** End of the template - remove these template lines *** Program received signal SIGSEGV, Segmentation fault. #0 /lib/x86_64-linux-gnu/libc.so.6(+0x3be30) [0x7f2ef531fe30] #1 0x7f2ed9773a5f in Shiboken::Object::cppPointers(SbkObject*) from /usr/lib/x86_64-linux-gnu/libshiboken2.cpython-38-x86_64-linux-gnu.so.5.15+0xdf #2 /usr/lib/python3/dist-packages/shiboken2/shiboken2.cpython-38-x86_64-linux- gnu.so(+0x273a) [0x7f2eec17573a] #3 /usr/lib/x86_64-linux-gnu/libpython3.8.so.1.0(+0xe5f66) [0x7f2ef632cf66] #4 /usr/lib/x86_64-linux-gnu/libpython3.8.so.1.0(PyVectorcall_Call+0x5c) [0x7f2ef62e913c] #5 0x7f2ef73ccd07 in Gui::qt_getCppPointer(Py::Object const&, char const*, char const*) from /usr/lib/freecad-python3/lib/libFreeCADGui.so+0x2c7 #6 0x7f2ef72fd950 in Gui::TaskView::TaskDialogPython::TaskDialogPython(Py::Object const&) from /usr/lib/freecad-python3/lib/libFreeCADGui.so+0x7d0 #7 0x7f2ef72fdd0d in Gui::TaskView::ControlPy::showDialog(Py::Tuple const&) from /usr/lib/freecad-python3/lib/libFreeCADGui.so+0x8d #8 0x7f2ef72fe6b1 in Py::PythonExtension::method_varargs_call_handler(_object*, _object*) from /usr/lib/freecad-python3/lib/libFreeCADGui.so+0x1b1 #9 /usr/lib/x86_64-linux-gnu/libpython3.8.so.1.0(+0xa19c7) [0x7f2ef62e89c7] #10 /usr/lib/x86_64-linux-gnu/libpython3.8.so.1.0(_PyObject_MakeTpCall+0xa7) [0x7f2ef62e9817] #11 /usr/lib/x86_64-linux-gnu/libpython3.8.so.1.0(+0x7dcd3) [0x7f2ef62c4cd3] #12 /usr/lib/x86_64-linux- gnu/libpython3.8.so.1.0(_PyEval_EvalFrameDefault+0x1292) [0x7f2ef62bc552] #13 /usr/lib/x86_64-linux-gnu/libpython3.8.so.1.0(+0x73073) [0x7f2ef62ba073] #14 /usr/lib/x86_64-linux-gnu/libpython3.8.so.1.0(PyVectorcall_Call+0x5c) [0x7f2ef62e913c] #15 0x7f2ed9279dc8 in PySide::SignalManager::callPythonMetaMethod(QMetaMethod const&, void**, _object*, bool) from /usr/lib/x86_64-linux- gnu/libpyside2.cpython-38-x86_64-linux-gnu.so.5.15+0x98 #16 /usr/lib/x86_64-linux-gnu/libpyside2.cpython-38-x86_64-linux- gnu.so.5.15(+0x142ae) [0x7f2ed927e2ae] #17 /usr/lib/x86_64-linux-gnu/libQt5Core.so.5(+0x2d6610) [0x7f2ef5968610] #18 0x7f2ef596c24a in QTimer::timeout(QTimer::QPrivateSignal) from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x3a #19 /usr/lib/python3/dist-packages/PySide2/QtCore.cpython-38-x86_64-linux- gnu.so(+0x2b85bf) [0x7f2ed95585bf] #20 0x7f2ef595ee5f in QObject::event(QEvent*) from /usr/lib/x86_64-linux- gnu/libQt5Core.so.5+0x1cf #21 /usr/lib/python3/dist-packages/PySide2/QtCore.cpython-38-x86_64-linux- gnu.so(+0x2b8167) [0x7f2ed9558167] #22 0x7f2ef5d2403f in QApplicationPrivate::notify_helper(QObject*, QEvent*) from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x7f #23 0x7f2ef7108cf8 in Gui::GUIApplication::notify(QObject*, QEvent*) from /usr/lib/freecad-python3/lib/libFreeCADGui.so+0x88 #24 0x7f2ef5933b62 in QCoreApplication::notifyInternal2(QObject*, QEvent*) from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x182 #25 0x7f2ef59886c3 in QTimerInfoList::activateTimers() from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x3e3 #26 /usr/lib/x86_64-linux-gnu/libQt5Core.so.5(+0x2f6f44) [0x7f2ef5988f44] #27 /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0(g_main_context_dispatch+0x27d) [0x7f2ef32255fd] #28 /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0(+0x50880) [0x7f2ef3225880] #29 /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0(g_main_context_iteration+0x2f) [0x7f2ef322590f] #30 0x7f2ef59892ff in QEventDispatcherGlib::processEvents(QFlags) from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x5f #31 0x7f2ef59324db in QEventLoop::exec(QFlags) from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x12b #32 0x7f2ef593a782 in QCoreApplication::exec() from /usr/lib/x86_64-linux- gnu/libQt5Core.so.5+0x92 #33 0x7f2ef709a77b in Gui::Application::runApplication() from /usr/lib/freecad-python3/lib/libFreeCADGui.so+0x165b #34 freecad(main+0x6a6) [0x55aaaefdf726] #35 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xea) [0x7f2ef530acca] #36 freecad(_start+0x2a) [0x55aaaefdfa1a] Segmentation fault -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (990, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.7.0-2-amd64 (SMP w/8 CPU threads) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8
