https://bugs.kde.org/show_bug.cgi?id=499654
Bug ID: 499654
Summary: plasmashell crashes when drag-reordering quicklaunch
widget
Classification: Plasma
Product: plasmashell
Version: master
Platform: Other
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: generic-crash
Assignee: plasma-b...@kde.org
Reporter: nicolas.fe...@gmx.de
Target Milestone: 1.0
==5174==ERROR: AddressSanitizer: heap-use-after-free on address 0x5030017055d0
at pc 0x7f979048632b bp 0x7ffcdd80b850 sp 0x7ffcdd80b848
READ of size 8 at 0x5030017055d0 thread T0
#0 0x7f979048632a in QMimeData::hasImage() const
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qmimedata.cpp:496
#1 0x7f9793abc961 in QWaylandMimeHelper::getByteArray(QMimeData*, QString
const&)
/home/nico/workspace/qt6-dev/qtwayland/src/shared/qwaylandmimehelper.cpp:18
#2 0x7f9793c22c43 in
QtWaylandClient::QWaylandDataSource::data_source_send(QString const&, int)
/home/nico/workspace/qt6-dev/qtwayland/src/client/qwaylanddatasource.cpp:46
#3 0x7f9793bdd689 in QtWayland::wl_data_source::handle_send(void*,
wl_data_source*, char const*, int)
/home/nico/workspace/qt6-dev/qtwayland/src/client/qwayland-wayland.cpp:756
#4 0x7f979cc3bba1 in ffi_call_unix64 ../src/x86/unix64.S:104
#5 0x7f979cc383ec in ffi_call_int ../src/x86/ffi64.c:673
#6 0x7f979cc3b1ad in ffi_call ../src/x86/ffi64.c:710
#7 0x7f979eb2bf90 in wl_closure_invoke
../../src/wayland/src/connection.c:1236
#8 0x7f979eb27f5e in dispatch_event
../../src/wayland/src/wayland-client.c:1682
#9 0x7f979eb28f9a in dispatch_queue
../../src/wayland/src/wayland-client.c:1828
#10 0x7f979eb28f9a in wl_display_dispatch_queue_pending
../../src/wayland/src/wayland-client.c:2165
#11 0x7f9793af283c in QtWaylandClient::EventThread::dispatchQueuePending()
(/home/nico/kde-qtdev/usr/lib64/libQt6WaylandClient.so.6+0xf283c) (BuildId:
cb12e0639e9de8af9647a94136ce8758a3065f12)
#12 0x7f9793af737a in QtWaylandClient::EventThread::readAndDispatchEvents()
/home/nico/workspace/qt6-dev/qtwayland/src/client/qwaylanddisplay.cpp:115
#13 0x7f9793adf5b3 in QtWaylandClient::QWaylandDisplay::flushRequests()
/home/nico/workspace/qt6-dev/qtwayland/src/client/qwaylanddisplay.cpp:525
#14 0x7f9793b004bc in QtPrivate::FunctorCall<std::integer_sequence<unsigned
long>, QtPrivate::List<>, void, void
(QtWaylandClient::QWaylandDisplay::*)()>::call(void
(QtWaylandClient::QWaylandDisplay::*)(), QtWaylandClient::QWaylandDisplay*,
void**)::{lambda()#1}::operator()() const
(/home/nico/kde-qtdev/usr/lib64/libQt6WaylandClient.so.6+0x1004bc) (BuildId:
cb12e0639e9de8af9647a94136ce8758a3065f12)
#15 0x7f9793b045f2 in QtPrivate::FunctorCall<std::integer_sequence<unsigned
long>, QtPrivate::List<>, void, void
(QtWaylandClient::QWaylandDisplay::*)()>::call(void
(QtWaylandClient::QWaylandDisplay::*)(), QtWaylandClient::QWaylandDisplay*,
void**) (/home/nico/kde-qtdev/usr/lib64/libQt6WaylandClient.so.6+0x1045f2)
(BuildId: cb12e0639e9de8af9647a94136ce8758a3065f12)
#16 0x7f9793b046ee in QtPrivate::QCallableObject<void
(QtWaylandClient::QWaylandDisplay::*)(), QtPrivate::List<>, void>::impl(int,
QtPrivate::QSlotObjectBase*, QObject*, void**, bool*)
(/home/nico/kde-qtdev/usr/lib64/libQt6WaylandClient.so.6+0x1046ee) (BuildId:
cb12e0639e9de8af9647a94136ce8758a3065f12)
#17 0x7f9790490d8b in QtPrivate::QSlotObjectBase::call(QObject*, void**)
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qobjectdefs_impl.h:461
#18 0x7f9790490d8b in QMetaCallEvent::placeMetaCall(QObject*)
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qobject.cpp:620
#19 0x7f97904a57f6 in QObject::event(QEvent*)
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qobject.cpp:1429
#20 0x7f9798a72c04 in QApplicationPrivate::notify_helper(QObject*, QEvent*)
/home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qapplication.cpp:3305
#21 0x7f9798a8eb88 in QApplication::notify(QObject*, QEvent*)
/home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qapplication.cpp:3255
#22 0x7f97903a7eaf in QCoreApplication::notifyInternal2(QObject*, QEvent*)
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1098
#23 0x7f97903a80a0 in QCoreApplication::sendEvent(QObject*, QEvent*)
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1538
#24 0x7f97903a972c in QCoreApplicationPrivate::sendPostedEvents(QObject*,
int, QThreadData*)
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1878
#25 0x7f97903a9a51 in QCoreApplication::sendPostedEvents(QObject*, int)
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1732
#26 0x7f9790c1e15f in postEventSourceDispatch
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:246
#27 0x7f978fb10ef7 in g_main_dispatch ../glib/gmain.c:3357
#28 0x7f978fb10ef7 in g_main_context_dispatch_unlocked ../glib/gmain.c:4208
#29 0x7f978fb12ce7 in g_main_context_iterate_unlocked ../glib/gmain.c:4273
#30 0x7f978fb134fb in g_main_context_iteration ../glib/gmain.c:4338
#31 0x7f9790c1c45e in
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:399
#32 0x7f97931ca449 in
QPAEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
/home/nico/workspace/qt6-dev/qtbase/src/gui/platform/unix/qeventdispatcher_glib.cpp:89
#33 0x7f97903c7647 in
QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qeventloop.cpp:104
#34 0x7f97903c8c06 in
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>)
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qeventloop.cpp:186
#35 0x7f9792e88e30 in QBasicDrag::drag(QDrag*)
/home/nico/workspace/qt6-dev/qtbase/src/gui/kernel/qsimpledrag.cpp:176
#36 0x7f9792e7d0f1 in QDragManager::drag(QDrag*)
/home/nico/workspace/qt6-dev/qtbase/src/gui/kernel/qdnd.cpp:81
#37 0x7f9792e7e93a in QDrag::exec(QFlags<Qt::DropAction>, Qt::DropAction)
/home/nico/workspace/qt6-dev/qtbase/src/gui/kernel/qdrag.cpp:248
#38 0x7f975ec7f710 in DeclarativeDragArea::startDrag(QImage const&)
/home/nico/kde-qtdev/src/kdeclarative/src/qmlcontrols/draganddrop/DeclarativeDragArea.cpp:360
#39 0x7f975ec7dda3 in operator()
/home/nico/kde-qtdev/src/kdeclarative/src/qmlcontrols/draganddrop/DeclarativeDragArea.cpp:260
#40 0x7f975ec81471 in operator()
/home/nico/kde-qtdev/usr/include/QtCore/qobjectdefs_impl.h:116
#41 0x7f975ec81619 in call_internal<void,
QtPrivate::FunctorCall<std::integer_sequence<long unsigned int>,
QtPrivate::List<>, void,
DeclarativeDragArea::mouseMoveEvent(QMouseEvent*)::<lambda()>
>::call(DeclarativeDragArea::mouseMoveEvent(QMouseEvent*)::<lambda()>&,
void**)::<lambda()> >
/home/nico/kde-qtdev/usr/include/QtCore/qobjectdefs_impl.h:65
#42 0x7f975ec81577 in call
/home/nico/kde-qtdev/usr/include/QtCore/qobjectdefs_impl.h:115
#43 0x7f975ec81298 in call<QtPrivate::List<>, void>
/home/nico/kde-qtdev/usr/include/QtCore/qobjectdefs_impl.h:337
#44 0x7f975ec81220 in impl
/home/nico/kde-qtdev/usr/include/QtCore/qobjectdefs_impl.h:547
#45 0x7f97904c0a13 in void doActivate<false>(QObject*, int, void**)
(/home/nico/kde-qtdev/usr/lib64/libQt6Core.so.6+0x4c0a13) (BuildId:
6e0075c428733fba6b7afa36481746c3de9b15fe)
#46 0x7f979049f98b in QMetaObject::activate(QObject*, QMetaObject const*,
int, void**)
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qobject.cpp:4188
#47 0x7f9796a530f9 in QQuickItemGrabResult::ready()
/home/nico/workspace/qt6-dev/qtdeclarative/src/quick/Quick_autogen/include/moc_qquickitemgrabresult.cpp:167
#48 0x7f9796a55f62 in QQuickItemGrabResult::event(QEvent*)
/home/nico/workspace/qt6-dev/qtdeclarative/src/quick/items/qquickitemgrabresult.cpp:224
#49 0x7f9798a72c04 in QApplicationPrivate::notify_helper(QObject*, QEvent*)
/home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qapplication.cpp:3305
#50 0x7f9798a8eb88 in QApplication::notify(QObject*, QEvent*)
/home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qapplication.cpp:3255
#51 0x7f97903a7eaf in QCoreApplication::notifyInternal2(QObject*, QEvent*)
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1098
#52 0x7f97903a80a0 in QCoreApplication::sendEvent(QObject*, QEvent*)
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1538
#53 0x7f97903a972c in QCoreApplicationPrivate::sendPostedEvents(QObject*,
int, QThreadData*)
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1878
#54 0x7f97903a9a51 in QCoreApplication::sendPostedEvents(QObject*, int)
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1732
#55 0x7f9790c1e15f in postEventSourceDispatch
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:246
#56 0x7f978fb10ef7 in g_main_dispatch ../glib/gmain.c:3357
#57 0x7f978fb10ef7 in g_main_context_dispatch_unlocked ../glib/gmain.c:4208
#58 0x7f978fb12ce7 in g_main_context_iterate_unlocked ../glib/gmain.c:4273
#59 0x7f978fb134fb in g_main_context_iteration ../glib/gmain.c:4338
#60 0x7f9790c1c45e in
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:399
#61 0x7f97931ca449 in
QPAEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
/home/nico/workspace/qt6-dev/qtbase/src/gui/platform/unix/qeventdispatcher_glib.cpp:89
#62 0x7f97903c7647 in
QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qeventloop.cpp:104
#63 0x7f97903c8c06 in
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>)
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qeventloop.cpp:186
#64 0x7f97903b0f7a in QCoreApplication::exec()
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1441
#65 0x7f979223b5c7 in QGuiApplication::exec()
/home/nico/workspace/qt6-dev/qtbase/src/gui/kernel/qguiapplication.cpp:1993
#66 0x7f9798a6fb20 in QApplication::exec()
/home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qapplication.cpp:2572
#67 0x441876 in main
/home/nico/kde-qtdev/src/plasma-workspace/shell/main.cpp:191
#68 0x7f978f82a2ad in __libc_start_call_main
../sysdeps/nptl/libc_start_call_main.h:58
#69 0x7f978f82a378 in __libc_start_main_impl ../csu/libc-start.c:360
#70 0x42f624 in _start ../sysdeps/x86_64/start.S:115
0x5030017055d0 is located 0 bytes inside of 24-byte region
[0x5030017055d0,0x5030017055e8)
freed by thread T0 here:
#0 0x7f979e4fe198 in operator delete(void*, unsigned long)
../../../../libsanitizer/asan/asan_new_delete.cpp:164
#1 0x7f975ec99af8 in DeclarativeMimeData::~DeclarativeMimeData()
/home/nico/kde-qtdev/src/kdeclarative/src/qmlcontrols/draganddrop/DeclarativeMimeData.h:17
#2 0x7f9792e7d51c in QDrag::~QDrag()
/home/nico/workspace/qt6-dev/qtbase/src/gui/kernel/qdrag.cpp:94
#3 0x7f9792e7d55c in QDrag::~QDrag()
/home/nico/workspace/qt6-dev/qtbase/src/gui/kernel/qdrag.cpp:95
#4 0x7f97904b0cf9 in QObjectPrivate::deleteChildren()
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qobject.cpp:2221
#5 0x7f97904b8a0c in QObject::~QObject()
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qobject.cpp:1138
#6 0x7f97969e487f in QQuickItem::~QQuickItem()
/home/nico/workspace/qt6-dev/qtdeclarative/src/quick/items/qquickitem.cpp:2436
#7 0x7f97971932d8 in QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement()
/home/nico/workspace/qt6-dev/qtdeclarative/src/qml/qml/qqmlprivate.h:104
#8 0x7f9797193308 in QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement()
/home/nico/workspace/qt6-dev/qtdeclarative/src/qml/qml/qqmlprivate.h:104
#9 0x7f97904a541d in QObject::event(QEvent*)
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qobject.cpp:1414
#10 0x7f97969f7ef3 in QQuickItem::event(QEvent*)
/home/nico/workspace/qt6-dev/qtdeclarative/src/quick/items/qquickitem.cpp:9220
#11 0x7f9798a72c04 in QApplicationPrivate::notify_helper(QObject*, QEvent*)
/home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qapplication.cpp:3305
#12 0x7f9798a8eb88 in QApplication::notify(QObject*, QEvent*)
/home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qapplication.cpp:3255
#13 0x7f97903a7eaf in QCoreApplication::notifyInternal2(QObject*, QEvent*)
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1098
#14 0x7f97903a80a0 in QCoreApplication::sendEvent(QObject*, QEvent*)
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1538
#15 0x7f97903a972c in QCoreApplicationPrivate::sendPostedEvents(QObject*,
int, QThreadData*)
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1878
#16 0x7f97903a9a51 in QCoreApplication::sendPostedEvents(QObject*, int)
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1732
#17 0x7f9790c1e15f in postEventSourceDispatch
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:246
#18 0x7f978fb10ef7 in g_main_dispatch ../glib/gmain.c:3357
#19 0x7f978fb10ef7 in g_main_context_dispatch_unlocked ../glib/gmain.c:4208
previously allocated by thread T0 here:
#0 0x7f979e4fd298 in operator new(unsigned long)
../../../../libsanitizer/asan/asan_new_delete.cpp:95
#1 0x7f975ec7e8e9 in DeclarativeDragArea::startDrag(QImage const&)
/home/nico/kde-qtdev/src/kdeclarative/src/qmlcontrols/draganddrop/DeclarativeDragArea.cpp:310
#2 0x7f975ec7dda3 in operator()
/home/nico/kde-qtdev/src/kdeclarative/src/qmlcontrols/draganddrop/DeclarativeDragArea.cpp:260
#3 0x7f975ec81471 in operator()
/home/nico/kde-qtdev/usr/include/QtCore/qobjectdefs_impl.h:116
#4 0x7f975ec81619 in call_internal<void,
QtPrivate::FunctorCall<std::integer_sequence<long unsigned int>,
QtPrivate::List<>, void,
DeclarativeDragArea::mouseMoveEvent(QMouseEvent*)::<lambda()>
>::call(DeclarativeDragArea::mouseMoveEvent(QMouseEvent*)::<lambda()>&,
void**)::<lambda()> >
/home/nico/kde-qtdev/usr/include/QtCore/qobjectdefs_impl.h:65
#5 0x7f975ec81577 in call
/home/nico/kde-qtdev/usr/include/QtCore/qobjectdefs_impl.h:115
#6 0x7f975ec81298 in call<QtPrivate::List<>, void>
/home/nico/kde-qtdev/usr/include/QtCore/qobjectdefs_impl.h:337
#7 0x7f975ec81220 in impl
/home/nico/kde-qtdev/usr/include/QtCore/qobjectdefs_impl.h:547
#8 0x7f97904c0a13 in void doActivate<false>(QObject*, int, void**)
(/home/nico/kde-qtdev/usr/lib64/libQt6Core.so.6+0x4c0a13) (BuildId:
6e0075c428733fba6b7afa36481746c3de9b15fe)
#9 0x7f979049f98b in QMetaObject::activate(QObject*, QMetaObject const*,
int, void**)
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qobject.cpp:4188
#10 0x7f9796a530f9 in QQuickItemGrabResult::ready()
/home/nico/workspace/qt6-dev/qtdeclarative/src/quick/Quick_autogen/include/moc_qquickitemgrabresult.cpp:167
#11 0x7f9796a55f62 in QQuickItemGrabResult::event(QEvent*)
/home/nico/workspace/qt6-dev/qtdeclarative/src/quick/items/qquickitemgrabresult.cpp:224
#12 0x7f9798a72c04 in QApplicationPrivate::notify_helper(QObject*, QEvent*)
/home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qapplication.cpp:3305
#13 0x7f9798a8eb88 in QApplication::notify(QObject*, QEvent*)
/home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qapplication.cpp:3255
#14 0x7f97903a7eaf in QCoreApplication::notifyInternal2(QObject*, QEvent*)
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1098
#15 0x7f97903a80a0 in QCoreApplication::sendEvent(QObject*, QEvent*)
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1538
#16 0x7f97903a972c in QCoreApplicationPrivate::sendPostedEvents(QObject*,
int, QThreadData*)
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1878
#17 0x7f97903a9a51 in QCoreApplication::sendPostedEvents(QObject*, int)
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1732
#18 0x7f9790c1e15f in postEventSourceDispatch
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:246
#19 0x7f978fb10ef7 in g_main_dispatch ../glib/gmain.c:3357
#20 0x7f978fb10ef7 in g_main_context_dispatch_unlocked ../glib/gmain.c:4208
SUMMARY: AddressSanitizer: heap-use-after-free
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qmimedata.cpp:496 in
QMimeData::hasImage() const
STEPS TO REPRODUCE
1. Add Quick Launch applet
2. Add two lanchers
3. Drag around one of the launchers
SOFTWARE/OS VERSIONS
KDE Plasma Version: master
KDE Frameworks Version: master
Qt Version: dev
ADDITIONAL INFORMATION
--
You are receiving this mail because:
You are watching all bug changes.
