Steve Lhomme pushed to branch master at VideoLAN / VLC
Commits:
6efacdce by Alexandre Janniaux at 2024-10-05T08:57:28+00:00
qt: compositor_platform: remove event filter on unload
Fixes an heap-use-after-free when quitting the interface with the
compositor platform.
Both address sanitizer and undefined behaviour sanitizer are triggered
here. First address sanitizer:
==58899==ERROR: AddressSanitizer: heap-use-after-free on address
0x6020000807f4 at pc 0x00010f3b6454 bp 0x00016ce4f970 sp 0x00016ce4f968
READ of size 4 at 0x6020000807f4 thread T0
#0 0x10f3b6450 in QBasicAtomicInteger<int>::loadRelaxed() const
qbasicatomic.h:36
#1 0x10f41c200 in QWeakPointer<QObject>::internalData() const
qsharedpointer_impl.h:752
#2 0x10f8b0e80 in QPointer<QQuickView>::data() const qpointer.h:74
#3 0x10f8af718 in vlc::CompositorPlatform::eventFilter(QObject*, QEvent*)
compositor_platform.cpp:163
#4 0x1120965e8 in
QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*)+0xd0
(QtCore:arm64+0x765e8)
#5 0x10da73d8c in QApplicationPrivate::notify_helper(QObject*,
QEvent*)+0xec (QtWidgets:arm64+0xbd8c)
#6 0x10da74c14 in QApplication::notify(QObject*, QEvent*)+0x1fc
(QtWidgets:arm64+0xcc14)
#7 0x112096330 in QCoreApplication::notifyInternal2(QObject*, QEvent*)+0xc8
(QtCore:arm64+0x76330)
#8 0x10e81185c in
QGuiApplicationPrivate::processFocusWindowEvent(QWindowSystemInterfacePrivate::FocusWindowEvent*)+0xcc
(QtGui:arm64+0x6985c)
#9 0x10e8610a4 in bool
QWindowSystemHelper<QWindowSystemInterface::SynchronousDelivery>::handleEvent<QWindowSystemInterfacePrivate::FocusWindowEvent,
QWindow*, Qt::FocusReason>(QWindow*, Qt::FocusReason)+0xcc
(QtGui:arm64+0xb90a4)
#10 0x111e555b8 in QCocoaWindow::windowDidResignKey()+0x3b4
(libqcocoa.dylib:arm64+0x3d5b8)
#11 0x11209f7cc in QMetaMethodInvoker::invokeImpl(QMetaMethod, void*,
Qt::ConnectionType, long long, void const* const*, char const* const*,
QtPrivate::QMetaTypeInterface const* const*)+0x26c (QtCore:arm64+0x7f7cc)
#12 0x1120a3448 in QMetaMethod::invokeImpl(QMetaMethod, void*,
Qt::ConnectionType, long long, void const* const*, char const* const*,
QtPrivate::QMetaTypeInterface const* const*)+0x38 (QtCore:arm64+0x83448)
#13 0x111e58b20 in invocation function for block in
qRegisterNotificationCallbacks()+0x1fc (libqcocoa.dylib:arm64+0x40b20)
#14 0x183d5312c in
__CFNOTIFICATIONCENTER_IS_CALLING_OUT_TO_AN_OBSERVER__+0x7c
(CoreFoundation:arm64e+0x7312c)
#15 0x183de73d4 in ___CFXRegistrationPost_block_invoke+0x54
(CoreFoundation:arm64e+0x1073d4)
#16 0x183de731c in _CFXRegistrationPost+0x1b4
(CoreFoundation:arm64e+0x10731c)
#17 0x183d21674 in _CFXNotificationPost+0x2fc
(CoreFoundation:arm64e+0x41674)
#18 0x184e3e4e0 in -[NSNotificationCenter
postNotificationName:object:userInfo:]+0x54 (Foundation:arm64e+0x94e0)
#19 0x1877176f8 in -[NSWindow resignKeyWindow]+0x27c
(AppKit:arm64e+0x1956f8)
#20 0x18807ae38 in -[NSWindow
_orderOut:calculatingKeyWithOptions:documentWindow:]+0xd8
(AppKit:arm64e+0xaf8e38)
#21 0x1875fe8a0 in NSPerformVisuallyAtomicChange+0x68
(AppKit:arm64e+0x7c8a0)
#22 0x18807c950 in -[NSWindow _reallyDoOrderWindowOutRelativeTo:]+0x1bc
(AppKit:arm64e+0xafa950)
#23 0x18807cd20 in -[NSWindow _reallyDoOrderWindow:]+0x4c
(AppKit:arm64e+0xafad20)
#24 0x18807cf70 in -[NSWindow _doOrderWindow:]+0x104
(AppKit:arm64e+0xafaf70)
#25 0x111e516cc in QCocoaWindow::setVisible(bool)+0x534
(libqcocoa.dylib:arm64+0x396cc)
#26 0x10e854510 in QWindowPrivate::setVisible(bool)+0x1f4
(QtGui:arm64+0xac510)
#27 0x10e853930 in QWindowPrivate::destroy()+0xc8 (QtGui:arm64+0xab930)
#28 0x10e85379c in QWindow::~QWindow()+0x38 (QtGui:arm64+0xab79c)
#29 0x10e853de0 in QWindow::~QWindow()+0x8 (QtGui:arm64+0xabde0)
#30 0x11004f66c in vlc::CompositorPlatform::~CompositorPlatform()
compositor_platform.hpp:32
#31 0x11004f484 in non-virtual thunk to
vlc::CompositorPlatform::~CompositorPlatform() compositor_platform.hpp
#32 0x10f3b3b68 in ThreadCleanup(qt_intf_t*, CleanupReason) qt.cpp:1103
#33 0x10f3b1a58 in Thread(void*) qt.cpp:1070
#34 0x183d5e06c in __CFRUNLOOP_IS_CALLING_OUT_TO_A_BLOCK__+0x18
(CoreFoundation:arm64e+0x7e06c)
#35 0x183d5df80 in __CFRunLoopDoBlocks+0x160 (CoreFoundation:arm64e+0x7df80)
#36 0x183d5d410 in __CFRunLoopRun+0x984 (CoreFoundation:arm64e+0x7d410)
#37 0x183d5c430 in CFRunLoopRunSpecific+0x25c
(CoreFoundation:arm64e+0x7c430)
#38 0x183dda458 in CFRunLoopRun+0x3c (CoreFoundation:arm64e+0xfa458)
#39 0x102fb307c in main darwinvlc.m:309
#40 0x1838f60dc (<unknown module>)
0x6020000807f4 is located 4 bytes inside of 16-byte region
[0x6020000807f0,0x602000080800)
freed by thread T0 here:
#0 0x1045502d4 in _ZdlPv+0x74
(libclang_rt.asan_osx_dynamic.dylib:arm64e+0x642d4)
#1 0x10f40d388 in QWeakPointer<QObject>::~QWeakPointer()
qsharedpointer_impl.h:578
#2 0x11004f640 in vlc::CompositorPlatform::~CompositorPlatform()
compositor_platform.hpp:32
#3 0x11004f484 in non-virtual thunk to
vlc::CompositorPlatform::~CompositorPlatform() compositor_platform.hpp
#4 0x10f3b3b68 in ThreadCleanup(qt_intf_t*, CleanupReason) qt.cpp:1103
#5 0x10f3b1a58 in Thread(void*) qt.cpp:1070
#6 0x183d5e06c in __CFRUNLOOP_IS_CALLING_OUT_TO_A_BLOCK__+0x18
(CoreFoundation:arm64e+0x7e06c)
#7 0x183d5df80 in __CFRunLoopDoBlocks+0x160 (CoreFoundation:arm64e+0x7df80)
#8 0x183d5d410 in __CFRunLoopRun+0x984 (CoreFoundation:arm64e+0x7d410)
#9 0x183d5c430 in CFRunLoopRunSpecific+0x25c (CoreFoundation:arm64e+0x7c430)
#10 0x183dda458 in CFRunLoopRun+0x3c (CoreFoundation:arm64e+0xfa458)
#11 0x102fb307c in main darwinvlc.m:309
#12 0x1838f60dc (<unknown module>)
previously allocated by thread T0 here:
#0 0x10454fe94 in _Znwm+0x74
(libclang_rt.asan_osx_dynamic.dylib:arm64e+0x63e94)
#1 0x11217fed4 in QtSharedPointer::ExternalRefCountData::getAndRef(QObject
const*)+0x1c (QtCore:arm64+0x15fed4)
#2 0x10f8ae640 in QPointer<QQuickView>::operator=(QQuickView*)
qpointer.h:71
#3 0x10f8ac9c4 in vlc::CompositorPlatform::makeMainInterface(MainCtx*)
compositor_platform.cpp:73
#4 0x10f3b10a8 in Thread(void*) qt.cpp:1005
#5 0x183d5e06c in __CFRUNLOOP_IS_CALLING_OUT_TO_A_BLOCK__+0x18
(CoreFoundation:arm64e+0x7e06c)
#6 0x183d5df80 in __CFRunLoopDoBlocks+0x160 (CoreFoundation:arm64e+0x7df80)
#7 0x183d5d410 in __CFRunLoopRun+0x984 (CoreFoundation:arm64e+0x7d410)
#8 0x183d5c430 in CFRunLoopRunSpecific+0x25c (CoreFoundation:arm64e+0x7c430)
#9 0x183dda458 in CFRunLoopRun+0x3c (CoreFoundation:arm64e+0xfa458)
#10 0x102fb307c in main darwinvlc.m:309
#11 0x1838f60dc (<unknown module>)
And ubsan:
thread #1, name = 'vlc-qt', queue =
'com.apple.main-thread', stop reason = Dynamic type mismatch
frame #0: 0x00000001015d0a80
libclang_rt.asan_osx_dynamic.dylib`__ubsan_on_report
frame #1: 0x00000001015d0a5c
libclang_rt.asan_osx_dynamic.dylib`__ubsan::UndefinedBehaviorReport::UndefinedBehaviorReport(char
const*, __ubsan::Location&, __sanitizer::InternalScopedString&) + 176
frame #2: 0x00000001015cc5a4
libclang_rt.asan_osx_dynamic.dylib`__ubsan::Diag::~Diag() + 244
frame #3: 0x00000001015d1228
libclang_rt.asan_osx_dynamic.dylib`HandleDynamicTypeCacheMiss(__ubsan::DynamicTypeCacheMissData*,
unsigned long, unsigned long, __ubsan::ReportOptions) + 344
frame #4: 0x00000001015d10c4
libclang_rt.asan_osx_dynamic.dylib`__ubsan_handle_dynamic_type_cache_miss + 40
frame #5: 0x000000010c8b15c0
libqt_plugin.dylib`QPointer<QQuickView>::data(this=<unavailable>)
const at qpointer.h:74:14 [opt]
frame #6: 0x000000010c8afd84
libqt_plugin.dylib`vlc::CompositorPlatform::eventFilter(QObject*, QEvent*)
[inlined] QPointer<QQuickView>::operator
QQuickView*(this=<unavailable>) const at qpointer.h:82:14 [opt]
frame #7: 0x000000010c8afd7c
libqt_plugin.dylib`vlc::CompositorPlatform::eventFilter(this=0x000060e000068e80,
watched=0x0000604000133810, event=0x000000016fdfcde8) at
compositor_platform.cpp:168:9 [opt]
frame #8: 0x000000010f0965ec
QtCore`QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*,
QEvent*) + 212
frame #9: 0x000000010aa73d90
QtWidgets`QApplicationPrivate::notify_helper(QObject*, QEvent*) + 240
frame #10: 0x000000010aa74c18 QtWidgets`QApplication::notify(QObject*,
QEvent*) + 512
frame #11: 0x000000010f096334
QtCore`QCoreApplication::notifyInternal2(QObject*, QEvent*) + 204
frame #12: 0x000000010f0cc2dc
QtCore`QObjectPrivate::setParent_helper(QObject*) + 216
frame #13: 0x000000010b853b18 QtGui`QWindow::setParent(QWindow*) + 180
frame #14: 0x000000010b8537ac QtGui`QWindow::~QWindow() + 72
frame #15: 0x000000010a48b4fc QtQuick`QQuickWindow::~QQuickWindow() + 728
frame #16: 0x000000010a485f88 QtQuick`QQuickView::~QQuickView() + 12
frame #17: 0x000000010c8af444
libqt_plugin.dylib`vlc::CompositorPlatform::unloadGUI(this=0x000060e000068e80)
at compositor_platform.cpp:122:5 [opt]
frame #18: 0x000000010c3b3b7c
libqt_plugin.dylib`ThreadCleanup(p_intf=<unavailable>,
cleanupReason=<unavailable>) at qt.cpp:1096:35 [opt]
frame #19: 0x000000010c3b1c10
libqt_plugin.dylib`Thread(obj=<unavailable>) at qt.cpp:1070:12 [opt]
frame #20: 0x0000000183d5e070
CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_BLOCK__ + 28
frame #21: 0x0000000183d5df84 CoreFoundation`__CFRunLoopDoBlocks + 356
frame #22: 0x0000000183d5d414 CoreFoundation`__CFRunLoopRun + 2440
frame #23: 0x0000000183d5c434 CoreFoundation`CFRunLoopRunSpecific + 608
frame #24: 0x0000000183dda45c CoreFoundation`CFRunLoopRun + 64
frame #25: 0x0000000100007080 vlc-osx-static`main(i_argc=7,
ppsz_argv=0x000000016fdff0c8) at darwinvlc.m:309:9 [opt]
frame #26: 0x00000001838f60e0 dyld`start + 2360
- - - - -
1 changed file:
- modules/gui/qt/maininterface/compositor_platform.cpp
Changes:
=====================================
modules/gui/qt/maininterface/compositor_platform.cpp
=====================================
@@ -113,6 +113,7 @@ void CompositorPlatform::destroyMainInterface()
void CompositorPlatform::unloadGUI()
{
+ m_rootWindow->removeEventFilter(this);
m_interfaceWindowHandler.reset();
delete m_quickWindow;
commonGUIDestroy();
View it on GitLab:
https://code.videolan.org/videolan/vlc/-/commit/6efacdce54cba4655e2d76976bd82257b90cd9f0
--
View it on GitLab:
https://code.videolan.org/videolan/vlc/-/commit/6efacdce54cba4655e2d76976bd82257b90cd9f0
You're receiving this email because of your account on code.videolan.org.
VideoLAN code repository instance_______________________________________________
vlc-commits mailing list
[email protected]
https://mailman.videolan.org/listinfo/vlc-commits
