[Breeze] [Bug 500263] Breeze style possibly make Wireshark crash on exit

David Redondo Tue, 18 Feb 2025 02:18:26 -0800

https://bugs.kde.org/show_bug.cgi?id=500263


--- Comment #2 from David Redondo <k...@david-redondo.de> ---
=================================================================
==35110==ERROR: AddressSanitizer: heap-use-after-free on address 0x519000304390
at pc 0x7815afefb42e bp 0x7ffff8c0e140 sp 0x7ffff8c0d8e8
READ of size 280 at 0x519000304390 thread T0
    #0 0x7815afefb42d in memcpy
../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors_memintrinsics.inc:115
    #1 0x7815ae797f7e in memcpy
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:29
    #2 0x7815ae797f7e in
QtPrivate::QPodArrayOps<QAbstractAnimation*>::copyAppend(QAbstractAnimation*
const*, QAbstractAnimation* const*)
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qarraydataops.h:65
    #3 0x7815ae797f7e in
QtPrivate::QPodArrayOps<QAbstractAnimation*>::copyAppend(QAbstractAnimation*
const*, QAbstractAnimation* const*)
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qarraydataops.h:55
    #4 0x7815ae797f7e in
QArrayDataPointer<QAbstractAnimation*>::reallocateAndGrow(QArrayData::GrowthPosition,
long long, QArrayDataPointer<QAbstractAnimation*>*)
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qarraydatapointer.h:241
    #5 0x7815ae9a2676 in
QArrayDataPointer<QAbstractAnimation*>::detach(QArrayDataPointer<QAbstractAnimation*>*)
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qarraydatapointer.h:145
    #6 0x7815ae9a2676 in QList<QAbstractAnimation*>::remove(long long, long
long)
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qlist.h:815
    #7 0x7815ae9a2676 in QList<QAbstractAnimation*>::remove(long long, long
long)
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qlist.h:807
    #8 0x7815ae9a2676 in
QList<QAbstractAnimation*>::erase(QList<QAbstractAnimation*>::const_iterator,
QList<QAbstractAnimation*>::const_iterator)
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qlist.h:910
    #9 0x7815ae9a2676 in
QList<QAbstractAnimation*>::erase(QList<QAbstractAnimation*>::const_iterator)
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qlist.h:655
    #10 0x7815ae9a2676 in auto
QtPrivate::sequential_erase_one<QList<QAbstractAnimation*>,
QAbstractAnimation*>(QList<QAbstractAnimation*>&, QAbstractAnimation* const&)
[clone .isra.0]
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qcontainertools_impl.h:393
    #11 0x7815ae76a556 in bool
QList<QAbstractAnimation*>::removeOne<QAbstractAnimation*>(QAbstractAnimation*
const&)
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qlist.h:613
    #12 0x7815ae76a556 in
QAnimationTimer::unregisterAnimation(QAbstractAnimation*)
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/animation/qabstractanimation.cpp:665
    #13 0x7815ae76d1d3 in
QAbstractAnimationPrivate::setState(QAbstractAnimation::State)
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/animation/qabstractanimation.cpp:941
    #14 0x7815ae79822d in QPropertyAnimationPrivate::targetObjectDestroyed()
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/animation/qpropertyanimation_p.h:42
    #15 0x7815ae79822d in operator()
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/animation/qpropertyanimation.cpp:180
    #16 0x7815ae79822d in operator()
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qobjectdefs_impl.h:141
    #17 0x7815ae79822d in call_internal<void,
QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void,
QPropertyAnimation::setTargetObject(QObject*)::<lambda()>
>::call(QPropertyAnimation::setTargetObject(QObject*)::<lambda()>&,
void**)::<lambda()> >
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qobjectdefs_impl.h:65
    #18 0x7815ae79822d in call
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qobjectdefs_impl.h:140
    #19 0x7815ae79822d in call<QtPrivate::List<>, void>
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qobjectdefs_impl.h:362
    #20 0x7815ae79822d in impl
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qobjectdefs_impl.h:572
    #21 0x7815ae8763e8 in QtPrivate::QSlotObjectBase::call(QObject*, void**)
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qobjectdefs_impl.h:486
    #22 0x7815ae8763e8 in void doActivate<false>(QObject*, int, void**)
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qobject.cpp:4115
    #23 0x7815ae8170d0 in QObject::destroyed(QObject*)
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/obj-x86_64-linux-gnu/src/corelib/kernel/moc_qobject.cpp:230
    #24 0x7815ae808179 in QObject::~QObject()
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qobject.cpp:1040
    #25 0x781586fa607c 
(/usr/lib/x86_64-linux-gnu/qt6/plugins/styles/breeze6.so+0x2607c) (BuildId:
54739c10a5de8f33753034deb3165a9fc59d9c90)
    #26 0x7815ae80364b in QObject::event(QEvent*)
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qobject.cpp:1403
    #27 0x7815afa01157 in QApplicationPrivate::notify_helper(QObject*, QEvent*)
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/widgets/kernel/qapplication.cpp:3296
    #28 0x7815ae8aef9f in QCoreApplication::notifyInternal2(QObject*, QEvent*)
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qcoreapplication.cpp:1172
    #29 0x7815ae8af9fc in QCoreApplicationPrivate::sendPostedEvents(QObject*,
int, QThreadData*)
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qcoreapplication.cpp:1946
    #30 0x7815ae9a4b1c in operator()
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/thread/qthread_unix.cpp:403
    #31 0x7815ae9a4b1c in void (anonymous
namespace)::terminate_on_exception<QThreadPrivate::finish()::{lambda()#1}>(QThreadPrivate::finish()::{lambda()#1}&&)
[clone .isra.0]
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/thread/qthread_unix.cpp:311
    #32 0x7815ae7862eb in QThreadPrivate::finish()
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/thread/qthread_unix.cpp:386
    #33 0x7815ae7862eb in destroy_current_thread_data
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/thread/qthread_unix.cpp:130
    #34 0x7815a5047381 in __cxa_finalize stdlib/cxa_finalize.c:82
    #35 0x7815ae64c3c6  (/lib/x86_64-linux-gnu/libQt6Core.so.6+0x24c3c6)
(BuildId: 2f94ac32a582542c9bca8bdd418f681d97c29195)

0x519000304390 is located 16 bytes inside of 1024-byte region
[0x519000304380,0x519000304780)
freed by thread T0 here:
    #0 0x7815afefc4d8 in free
../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:52
    #1 0x7815ae78d6a0 in
QArrayDataPointer<QAbstractAnimation*>::~QArrayDataPointer()
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qarraydatapointer.h:110
    #2 0x7815ae78d6a0 in QList<QAbstractAnimation*>::~QList()
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qlist.h:83
    #3 0x7815ae78d6a0 in QAnimationTimer::~QAnimationTimer()
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/animation/qabstractanimation.cpp:523
    #4 0x7815ae78d6a0 in QAnimationTimer::~QAnimationTimer()
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/animation/qabstractanimation.cpp:523
    #5 0x7815ae78d6a0 in
std::default_delete<QAnimationTimer>::operator()(QAnimationTimer*) const
/usr/include/c++/13/bits/unique_ptr.h:99
    #6 0x7815ae78d6a0 in std::unique_ptr<QAnimationTimer,
std::default_delete<QAnimationTimer> >::~unique_ptr()
/usr/include/c++/13/bits/unique_ptr.h:404
    #7 0x7815a504772e in __GI___call_tls_dtors
stdlib/cxa_thread_atexit_impl.c:156
    #8 0x7815a5047b69 in __run_exit_handlers stdlib/exit.c:41
    #9 0x7815a5047bbd in __GI_exit stdlib/exit.c:138
    #10 0x5efa51fdef77  (/usr/bin/wireshark+0x2f9f77) (BuildId:
e056c582a81d23f71fd661ea41522dabc667ccb8)
    #11 0x5efa51e2aebb in main (/usr/bin/wireshark+0x145ebb) (BuildId:
e056c582a81d23f71fd661ea41522dabc667ccb8)
    #12 0x7815a502a1c9 in __libc_start_call_main
../sysdeps/nptl/libc_start_call_main.h:58
    #13 0x7815a502a28a in __libc_start_main_impl ../csu/libc-start.c:360
    #14 0x5efa51e2e454  (/usr/bin/wireshark+0x149454) (BuildId:
e056c582a81d23f71fd661ea41522dabc667ccb8)

previously allocated by thread T0 here:
    #0 0x7815afefc778 in realloc
../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:85
    #1 0x7815ae7da8cb in QArrayData::reallocateUnaligned(QArrayData*, void*,
long long, long long, QArrayData::AllocationOption)
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qarraydata.cpp:244
    #2 0x7815ae79811c in
QTypedArrayData<QAbstractAnimation*>::reallocateUnaligned(QTypedArrayData<QAbstractAnimation*>*,
QAbstractAnimation**, long long, QArrayData::AllocationOption)
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qarraydata.h:155
    #3 0x7815ae79811c in
QtPrivate::QPodArrayOps<QAbstractAnimation*>::reallocate(long long,
QArrayData::AllocationOption)
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qarraydataops.h:275
    #4 0x7815ae79811c in
QArrayDataPointer<QAbstractAnimation*>::reallocateAndGrow(QArrayData::GrowthPosition,
long long, QArrayDataPointer<QAbstractAnimation*>*)
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qarraydatapointer.h:223
    #5 0x7815ae79b76f in
QArrayDataPointer<QAbstractAnimation*>::detachAndGrow(QArrayData::GrowthPosition,
long long, QAbstractAnimation* const**,
QArrayDataPointer<QAbstractAnimation*>*)
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qarraydatapointer.h:209
    #6 0x7815ae79b76f in void
QtPrivate::QPodArrayOps<QAbstractAnimation*>::emplace<QAbstractAnimation*&>(long
long, QAbstractAnimation*&)
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qarraydataops.h:177
    #7 0x7815ae76d250 in QAbstractAnimation*&
QList<QAbstractAnimation*>::emplaceBack<QAbstractAnimation*&>(QAbstractAnimation*&)
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qlist.h:897
    #8 0x7815ae76d250 in
QList<QAbstractAnimation*>::append(QAbstractAnimation*)
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qlist.h:471
    #9 0x7815ae76d250 in
QList<QAbstractAnimation*>::operator<<(QAbstractAnimation*)
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/tools/qlist.h:724
    #10 0x7815ae76d250 in
QAnimationTimer::registerAnimation(QAbstractAnimation*, bool)
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/animation/qabstractanimation.cpp:633
    #11 0x7815ae76d250 in
QAbstractAnimationPrivate::setState(QAbstractAnimation::State)
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/animation/qabstractanimation.cpp:943
    #12 0x781586fb639e 
(/usr/lib/x86_64-linux-gnu/qt6/plugins/styles/breeze6.so+0x3639e) (BuildId:
54739c10a5de8f33753034deb3165a9fc59d9c90)
    #13 0x781586fb5ee2 
(/usr/lib/x86_64-linux-gnu/qt6/plugins/styles/breeze6.so+0x35ee2) (BuildId:
54739c10a5de8f33753034deb3165a9fc59d9c90)
    #14 0x7815ae8aec97 in
QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*)
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qcoreapplication.cpp:1309
    #15 0x7815afa01147 in QApplicationPrivate::notify_helper(QObject*, QEvent*)
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/widgets/kernel/qapplication.cpp:3290
    #16 0x7815ae8aef9f in QCoreApplication::notifyInternal2(QObject*, QEvent*)
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qcoreapplication.cpp:1172
    #17 0x7815afa37297 in QWidgetPrivate::setEnabled_helper(bool)
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/widgets/kernel/qwidget.cpp:3433
    #18 0x7815afa3739c in QWidgetPrivate::setEnabled_helper(bool)
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/widgets/kernel/qwidget.cpp:3410
    #19 0x5efa520d9167  (/usr/bin/wireshark+0x3f4167) (BuildId:
e056c582a81d23f71fd661ea41522dabc667ccb8)
    #20 0x7815ae876963 in void doActivate<false>(QObject*, int, void**)
/usr/src/qt6-base-6.8.2-0zneon+24.04+noble+unstable+build68/src/corelib/kernel/qobject.cpp:4127
    #21 0x5efa51fcb4d5  (/usr/bin/wireshark+0x2e64d5) (BuildId:
e056c582a81d23f71fd661ea41522dabc667ccb8)
    #22 0x5efa51e2b664 in main (/usr/bin/wireshark+0x146664) (BuildId:
e056c582a81d23f71fd661ea41522dabc667ccb8)
    #23 0x7815a502a1c9 in __libc_start_call_main
../sysdeps/nptl/libc_start_call_main.h:58
    #24 0x7815a502a28a in __libc_start_main_impl ../csu/libc-start.c:360
    #25 0x5efa51e2e454  (/usr/bin/wireshark+0x149454) (BuildId:
e056c582a81d23f71fd661ea41522dabc667ccb8)

-- 
You are receiving this mail because:
You are watching all bug changes.

[Breeze] [Bug 500263] Breeze style possibly make Wireshark crash on exit

Reply via email to