https://bugs.kde.org/show_bug.cgi?id=359241
Bug ID: 359241
Summary: Crash on exit [PhpDocumentationWidget::documentLoaded]
Product: kdevelop
Version: 4.90.91
Platform: Other
OS: Linux
Status: UNCONFIRMED
Severity: crash
Priority: NOR
Component: Language Support: PHP
Assignee: kdevelop-bugs-n...@kde.org
Reporter: kf...@kde.org
==6520==ERROR: AddressSanitizer: heap-use-after-free on address 0x6020008c96f0
at pc 0x7f14af82432d bp 0x7ffd7d3d4850 sp 0x7ffd7d3d4848
READ of size 8 at 0x6020008c96f0 thread T0
#0 0x7f14af82432c in PhpDocumentationWidget::documentLoaded()
/home/kfunk/devel/src/kf5/kdev-php-stable/docs/phpdocumentationwidget.cpp:93:66
#1 0x7f14af82925d in QtPrivate::FunctorCall<QtPrivate::IndexesList<>,
QtPrivate::List<>, void, void (PhpDocumentationWidget::*)()>::call(void
(PhpDocumentationWidget::*)(), PhpDocumentationWidget*, void**)
/usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:501:13
#2 0x7f14af828de1 in void QtPrivate::FunctionPointer<void
(PhpDocumentationWidget::*)()>::call<QtPrivate::List<>, void>(void
(PhpDocumentationWidget::*)(), PhpDocumentationWidget*, void**)
/usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:520:13
#3 0x7f14af827b3b in QtPrivate::QSlotObject<void
(PhpDocumentationWidget::*)(), QtPrivate::List<>, void>::impl(int,
QtPrivate::QSlotObjectBase*, QObject*, void**, bool*)
/usr/include/x86_64-linux-gnu/qt5/QtCore/qobject_impl.h:143:17
#4 0x7f14d88d4776 in QMetaObject::activate(QObject*, int, int, void**)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b5776)
#5 0x7f14d3bb81d1 in QWebView::loadFinished(bool)
(/usr/lib/x86_64-linux-gnu/libQt5WebKitWidgets.so.5+0x2d1d1)
#6 0x7f14d3bb90db
(/usr/lib/x86_64-linux-gnu/libQt5WebKitWidgets.so.5+0x2e0db)
#7 0x7f14d88d48e9 in QMetaObject::activate(QObject*, int, int, void**)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b58e9)
#8 0x7f14d3bae9a1 in QWebPage::loadFinished(bool)
(/usr/lib/x86_64-linux-gnu/libQt5WebKitWidgets.so.5+0x239a1)
#9 0x7f14d3bac600
(/usr/lib/x86_64-linux-gnu/libQt5WebKitWidgets.so.5+0x21600)
#10 0x7f14d1bbb0bf (/usr/lib/x86_64-linux-gnu/libQt5WebKit.so.5+0x48b0bf)
#11 0x7f14d1ee90a8 (/usr/lib/x86_64-linux-gnu/libQt5WebKit.so.5+0x7b90a8)
#12 0x7f14d1ee7f85 (/usr/lib/x86_64-linux-gnu/libQt5WebKit.so.5+0x7b7f85)
#13 0x7f14d1ee9ea6 (/usr/lib/x86_64-linux-gnu/libQt5WebKit.so.5+0x7b9ea6)
#14 0x7f14d1ebc077 (/usr/lib/x86_64-linux-gnu/libQt5WebKit.so.5+0x78c077)
#15 0x7f14d1f162ef (/usr/lib/x86_64-linux-gnu/libQt5WebKit.so.5+0x7e62ef)
#16 0x7f14d1f0c7f6 (/usr/lib/x86_64-linux-gnu/libQt5WebKit.so.5+0x7dc7f6)
#17 0x7f14d1ed07cf (/usr/lib/x86_64-linux-gnu/libQt5WebKit.so.5+0x7a07cf)
#18 0x7f14d1ed2357 (/usr/lib/x86_64-linux-gnu/libQt5WebKit.so.5+0x7a2357)
#19 0x7f14d1ee287d (/usr/lib/x86_64-linux-gnu/libQt5WebKit.so.5+0x7b287d)
#20 0x7f14d1ee8c59 (/usr/lib/x86_64-linux-gnu/libQt5WebKit.so.5+0x7b8c59)
#21 0x7f14d1bd4bd0 in QWebPageAdapter::deletePage()
(/usr/lib/x86_64-linux-gnu/libQt5WebKit.so.5+0x4a4bd0)
#22 0x7f14d3baf698
(/usr/lib/x86_64-linux-gnu/libQt5WebKitWidgets.so.5+0x24698)
#23 0x7f14d3baf7b8
(/usr/lib/x86_64-linux-gnu/libQt5WebKitWidgets.so.5+0x247b8)
#24 0x7f14d3bae6e0 in QWebPage::~QWebPage()
(/usr/lib/x86_64-linux-gnu/libQt5WebKitWidgets.so.5+0x236e0)
#25 0x7f14d3bae6f8 in QWebPage::~QWebPage()
(/usr/lib/x86_64-linux-gnu/libQt5WebKitWidgets.so.5+0x236f8)
#26 0x7f14d3bb85bf
(/usr/lib/x86_64-linux-gnu/libQt5WebKitWidgets.so.5+0x2d5bf)
#27 0x7f14d3bb8622
(/usr/lib/x86_64-linux-gnu/libQt5WebKitWidgets.so.5+0x2d622)
#28 0x7f14d3bb7f7a in QWebView::~QWebView()
(/usr/lib/x86_64-linux-gnu/libQt5WebKitWidgets.so.5+0x2cf7a)
#29 0x7f14d52cc841 in
KDevelop::StandardDocumentationView::~StandardDocumentationView()
/home/kfunk/devel/build/kf5/kdevplatform-stable/documentation/../../../../src/kf5/kdevplatform-stable/documentation/standarddocumentationview.h:35:46
#30 0x7f14d52cc841 in
KDevelop::StandardDocumentationView::~StandardDocumentationView()
/home/kfunk/devel/build/kf5/kdevplatform-stable/documentation/../../../../src/kf5/kdevplatform-stable/documentation/standarddocumentationview.h:35
#31 0x7f14d88d2e5a in QObjectPrivate::deleteChildren()
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b3e5a)
#32 0x7f14d91d912f in QWidget::~QWidget()
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x19a12f)
#33 0x7f14af86b919 in PhpDocumentationWidget::~PhpDocumentationWidget()
/home/kfunk/devel/build/kf5/kdev-php-stable/docs/../../../../src/kf5/kdev-php-stable/docs/phpdocumentationwidget.h:37:7
#34 0x7f14af86baa3 in PhpDocumentationWidget::~PhpDocumentationWidget()
/home/kfunk/devel/build/kf5/kdev-php-stable/docs/../../../../src/kf5/kdev-php-stable/docs/phpdocumentationwidget.h:37:7
#35 0x7f14d88d2e5a in QObjectPrivate::deleteChildren()
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b3e5a)
#36 0x7f14d91d912f in QWidget::~QWidget()
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x19a12f)
#37 0x7f14d52cbdab in DocumentationView::~DocumentationView()
/home/kfunk/devel/build/kf5/kdevplatform-stable/documentation/../../../../src/kf5/kdevplatform-stable/documentation/documentationview.h:39:46
#38 0x7f14d52cbdab in DocumentationView::~DocumentationView()
/home/kfunk/devel/build/kf5/kdevplatform-stable/documentation/../../../../src/kf5/kdevplatform-stable/documentation/documentationview.h:39
#39 0x7f14d88d2e5a in QObjectPrivate::deleteChildren()
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b3e5a)
#40 0x7f14d91d912f in QWidget::~QWidget()
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x19a12f)
#41 0x7f14de32475d in Sublime::IdealDockWidget::~IdealDockWidget()
/home/kfunk/devel/src/kf5/kdevplatform-stable/sublime/idealdockwidget.cpp:68:1
#42 0x7f14de32475d in Sublime::IdealDockWidget::~IdealDockWidget()
/home/kfunk/devel/src/kf5/kdevplatform-stable/sublime/idealdockwidget.cpp:67
#43 0x7f14d88d2e5a in QObjectPrivate::deleteChildren()
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b3e5a)
#44 0x7f14d91d912f in QWidget::~QWidget()
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x19a12f)
#45 0x7f14dc097d8f in KMainWindow::~KMainWindow()
(/usr/lib/x86_64-linux-gnu/libKF5XmlGui.so.5+0x77d8f)
#46 0x7f14de2e1c2b in Sublime::MainWindow::~MainWindow()
/home/kfunk/devel/src/kf5/kdevplatform-stable/sublime/mainwindow.cpp:76:1
#47 0x7f14dddebb99 in KDevelop::MainWindow::~MainWindow()
/home/kfunk/devel/src/kf5/kdevplatform-stable/shell/mainwindow.cpp:156:1
#48 0x7f14dddebeb8 in KDevelop::MainWindow::~MainWindow()
/home/kfunk/devel/src/kf5/kdevplatform-stable/shell/mainwindow.cpp:149:1
#49 0x7f14dddebeb8 in KDevelop::MainWindow::~MainWindow()
/home/kfunk/devel/src/kf5/kdevplatform-stable/shell/mainwindow.cpp:149
#50 0x7f14d88d57cf in QObject::event(QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b67cf)
#51 0x7f14d91dd74a in QWidget::event(QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x19e74a)
#52 0x7f14d92f3a4a in QMainWindow::event(QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x2b4a4a)
#53 0x7f14dc09a2a6 in KMainWindow::event(QEvent*)
(/usr/lib/x86_64-linux-gnu/libKF5XmlGui.so.5+0x7a2a6)
#54 0x7f14dc0d2754 in KXmlGuiWindow::event(QEvent*)
(/usr/lib/x86_64-linux-gnu/libKF5XmlGui.so.5+0xb2754)
#55 0x7f14d919a9db in QApplicationPrivate::notify_helper(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x15b9db)
#56 0x7f14d919fea5 in QApplication::notify(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x160ea5)
#57 0x7f14d88a5d7a in QCoreApplication::notifyInternal(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x286d7a)
#58 0x7f14d88a8175 in QCoreApplicationPrivate::sendPostedEvents(QObject*,
int, QThreadData*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x289175)
#59 0x7f14d88fc0e2 (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2dd0e2)
#60 0x7f14cf67dff6 in g_main_context_dispatch
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x49ff6)
#61 0x7f14cf67e24f (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4a24f)
#62 0x7f14cf67e2fb in g_main_context_iteration
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4a2fb)
#63 0x7f14d88fc4ee in
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2dd4ee)
#64 0x7f14d88a3509 in
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x284509)
#65 0x7f14d88ab5eb in QCoreApplication::exec()
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x28c5eb)
#66 0x504cc6 in main
/home/kfunk/devel/src/kf5/kdevelop-stable/app/main.cpp:674:12
#67 0x7f14d73aaa3f in __libc_start_main
/build/buildd/glibc-2.21/csu/libc-start.c:289
#68 0x43d948 in _start
(/home/kfunk/devel/install/kf5-stable/bin/kdevelop+0x43d948)
0x6020008c96f0 is located 0 bytes inside of 16-byte region
[0x6020008c96f0,0x6020008c9700)
freed by thread T0 here:
#0 0x4e43a2 in operator delete(void*)
(/home/kfunk/devel/install/kf5-stable/bin/kdevelop+0x4e43a2)
#1 0x7f14d88d2e5a in QObjectPrivate::deleteChildren()
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b3e5a)
previously allocated by thread T0 here:
#0 0x4e3de2 in operator new(unsigned long)
(/home/kfunk/devel/install/kf5-stable/bin/kdevelop+0x4e3de2)
#1 0x7f14af8221f4 in createStyleSheet(QObject*)
/home/kfunk/devel/src/kf5/kdev-php-stable/docs/phpdocumentationwidget.cpp:37:28
#2 0x7f14af822b3f in
PhpDocumentationWidget::PhpDocumentationWidget(KDevelop::DocumentationFindWidget*,
QUrl const&, PhpDocsPlugin*, QWidget*)
/home/kfunk/devel/src/kf5/kdev-php-stable/docs/phpdocumentationwidget.cpp:51:16
#3 0x7f14af82e52b in
PhpDocumentation::documentationWidget(KDevelop::DocumentationFindWidget*,
QWidget*)
/home/kfunk/devel/src/kf5/kdev-php-stable/docs/phpdocumentation.cpp:50:12
#4 0x7f14d52c2ee1 in DocumentationView::updateView()
/home/kfunk/devel/src/kf5/kdevplatform-stable/documentation/documentationview.cpp:222:20
#5 0x7f14d52c3aab in
DocumentationView::showDocumentation(QExplicitlySharedDataPointer<KDevelop::IDocumentation>
const&)
/home/kfunk/devel/src/kf5/kdevplatform-stable/documentation/documentationview.cpp:167:5
#6 0x7f14d52c341e in DocumentationView::showHome()
/home/kfunk/devel/src/kf5/kdevplatform-stable/documentation/documentationview.cpp:143:5
#7 0x7f14d52c27d7 in DocumentationView::changedProvider(int)
/home/kfunk/devel/src/kf5/kdevplatform-stable/documentation/documentationview.cpp:241:5
#8 0x7f14d52c27d7 in DocumentationView::emptyHistory()
/home/kfunk/devel/src/kf5/kdevplatform-stable/documentation/documentationview.cpp:202
#9 0x7f14d52ca31d in QtPrivate::FunctorCall<QtPrivate::IndexesList<>,
QtPrivate::List<>, void, void (DocumentationView::*)()>::call(void
(DocumentationView::*)(), DocumentationView*, void**)
/usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:501:13
#10 0x7f14d52ca31d in void QtPrivate::FunctionPointer<void
(DocumentationView::*)()>::call<QtPrivate::List<>, void>(void
(DocumentationView::*)(), DocumentationView*, void**)
/usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:520
#11 0x7f14d52ca31d in QtPrivate::QSlotObject<void (DocumentationView::*)(),
QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*,
void**, bool*) /usr/include/x86_64-linux-gnu/qt5/QtCore/qobject_impl.h:143
#12 0x7f14d88d4776 in QMetaObject::activate(QObject*, int, int, void**)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b5776)
#13 0x7f14d52cb423 in ProvidersModel::providersChanged()
/home/kfunk/devel/build/kf5/kdevplatform-stable/documentation/moc_documentationview.cpp:281:5
#14 0x7f14d52c69ce in
ProvidersModel::removeProviders(QList<KDevelop::IDocumentationProvider*>
const&)
/home/kfunk/devel/src/kf5/kdevplatform-stable/documentation/documentationview.cpp:295:10
#15 0x7f14d52c4f58 in ProvidersModel::unloaded(KDevelop::IPlugin*)
/home/kfunk/devel/src/kf5/kdevplatform-stable/documentation/documentationview.cpp:302:9
#16 0x7f14d52c96b3 in QtPrivate::FunctorCall<QtPrivate::IndexesList<0>,
QtPrivate::List<KDevelop::IPlugin*>, void, void
(ProvidersModel::*)(KDevelop::IPlugin*)>::call(void
(ProvidersModel::*)(KDevelop::IPlugin*), ProvidersModel*, void**)
/usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:501:14
#17 0x7f14d52c96b3 in void QtPrivate::FunctionPointer<void
(ProvidersModel::*)(KDevelop::IPlugin*)>::call<QtPrivate::List<KDevelop::IPlugin*>,
void>(void (ProvidersModel::*)(KDevelop::IPlugin*), ProvidersModel*, void**)
/usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:520
#18 0x7f14d52c96b3 in QtPrivate::QSlotObject<void
(ProvidersModel::*)(KDevelop::IPlugin*), QtPrivate::List<KDevelop::IPlugin*>,
void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*)
/usr/include/x86_64-linux-gnu/qt5/QtCore/qobject_impl.h:143
#19 0x7f14d88d4776 in QMetaObject::activate(QObject*, int, int, void**)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b5776)
#20 0x7f14de1f1b9b in
KDevelop::IPluginController::unloadingPlugin(KDevelop::IPlugin*)
/home/kfunk/devel/build/kf5/kdevplatform-stable/interfaces/moc_iplugincontroller.cpp:238:5
#21 0x7f14dde0fe5a in
KDevelop::PluginController::unloadPlugin(KDevelop::IPlugin*,
KDevelop::PluginController::PluginDeletion)
/home/kfunk/devel/src/kf5/kdevplatform-stable/shell/plugincontroller.cpp:419:10
#22 0x7f14dde0f7bd in KDevelop::PluginController::cleanup()
/home/kfunk/devel/src/kf5/kdevplatform-stable/shell/plugincontroller.cpp:321:9
#23 0x7f14dde4ab92 in KDevelop::Core::cleanup()
/home/kfunk/devel/src/kf5/kdevplatform-stable/shell/core.cpp:446:9
#24 0x7f14dde49bdd in KDevelop::Core::shutdown()
/home/kfunk/devel/src/kf5/kdevplatform-stable/shell/core.cpp:409:9
#25 0x7f14dddebb39 in KDevelop::MainWindow::~MainWindow()
/home/kfunk/devel/src/kf5/kdevplatform-stable/shell/mainwindow.cpp:152:9
#26 0x7f14dddebeb8 in KDevelop::MainWindow::~MainWindow()
/home/kfunk/devel/src/kf5/kdevplatform-stable/shell/mainwindow.cpp:149:1
#27 0x7f14dddebeb8 in KDevelop::MainWindow::~MainWindow()
/home/kfunk/devel/src/kf5/kdevplatform-stable/shell/mainwindow.cpp:149
#28 0x7f14d88d57cf in QObject::event(QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b67cf)
#29 0x7f14d91dd74a in QWidget::event(QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x19e74a)
SUMMARY: AddressSanitizer: heap-use-after-free
/home/kfunk/devel/src/kf5/kdev-php-stable/docs/phpdocumentationwidget.cpp:93
PhpDocumentationWidget::documentLoaded()
Shadow bytes around the buggy address:
0x0c0480111280: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0480111290: fa fa fa fa fa fa fd fd fa fa fd fd fa fa fa fa
0x0c04801112a0: fa fa fa fa fa fa fd fd fa fa fa fa fa fa fa fa
0x0c04801112b0: fa fa fa fa fa fa fa fa fa fa fd fd fa fa fd fd
0x0c04801112c0: fa fa fd fd fa fa fa fa fa fa fd fd fa fa fd fd
=>0x0c04801112d0: fa fa fa fa fa fa fd fd fa fa 00 00 fa fa[fd]fd
0x0c04801112e0: fa fa 04 fa fa fa 00 00 fa fa 00 fa fa fa 04 fa
0x0c04801112f0: fa fa fd fd fa fa fa fa fa fa fa fa fa fa fd fd
0x0c0480111300: fa fa fd fd fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0480111310: fa fa fd fd fa fa 00 00 fa fa 00 00 fa fa fd fd
0x0c0480111320: fa fa 00 00 fa fa fd fd fa fa fd fd fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==6520==ABORTING
Reproducible: Sometimes
--
You are receiving this mail because:
You are watching all bug changes.
