https://bugs.kde.org/show_bug.cgi?id=405732
Bug ID: 405732
Summary: ASAN crash in input manager with creating guides.
Product: krita
Version: git master
Platform: Other
OS: Linux
Status: REPORTED
Severity: crash
Priority: NOR
Component: Shortcuts and Canvas Input Settings
Assignee: krita-bugs-n...@kde.org
Reporter: griffinval...@gmail.com
Target Milestone: ---
SUMMARY
Got this crash running Krita with Address Sanitizer while making guides. Did
not try to reproduce.
=================================================================
==2320==ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7ffd86a29248 at pc 0x7fd8f718dd40 bp 0x7ffd86a28ae0 sp 0x7ffd86a28ad0
READ of size 8 at 0x7ffd86a29248 thread T0
#0 0x7fd8f718dd3f in QPointF::toPoint() const
/usr/include/x86_64-linux-gnu/qt5/QtCore/qpoint.h:409
#1 0x7fd8f72045ff in QEnterEvent::pos() const
(/home/wolthera/krita/inst/lib/x86_64-linux-gnu/libkritaui.so.18+0x2b955ff)
#2 0x7fd8f720085d in
KisGuidesManager::Private::getDocPointFromEvent(QEvent*)
/home/wolthera/krita/src/libs/ui/canvas/kis_guides_manager.cpp:580
#3 0x7fd8f7201092 in KisGuidesManager::eventFilter(QObject*, QEvent*)
/home/wolthera/krita/src/libs/ui/canvas/kis_guides_manager.cpp:638
#4 0x7fd8f7ae75f0 in KisInputManager::eventFilter(QObject*, QEvent*)
/home/wolthera/krita/src/libs/ui/input/kis_input_manager.cpp:178
#5 0x7fd8f7af8220 in
KisInputManager::Private::CanvasSwitcher::eventFilter(QObject*, QEvent*)
/home/wolthera/krita/src/libs/ui/input/kis_input_manager_p.cpp:272
#6 0x7fd8f0cd50ac in
QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2800ac)
#7 0x7fd8f1acb814 in QApplicationPrivate::notify_helper(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x15b814)
#8 0x7fd8f1ad2dcf in QApplication::notify(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x162dcf)
#9 0x7fd8f7cd0f3c in KisApplication::notify(QObject*, QEvent*)
/home/wolthera/krita/src/libs/ui/KisApplication.cpp:639
#10 0x7fd8f0cd5327 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x280327)
#11 0x7fd8f1ad0948 in QApplicationPrivate::setFocusWidget(QWidget*,
Qt::FocusReason) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x160948)
#12 0x7fd8f1b05c21 in QWidget::setFocus(Qt::FocusReason)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x195c21)
#13 0x7fd8f1b0a939 (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x19a939)
#14 0x7fd8f0d04e24 in QMetaObject::activate(QObject*, int, int, void**)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2afe24)
#15 0x7fd8f3b34c62 in KisTimedSignalThreshold::timeout()
/home/wolthera/krita/build/libs/image/kritaimage_autogen/EWIEGA46WW/moc_kis_timed_signal_threshold.cpp:161
#16 0x7fd8f358fb15 in KisTimedSignalThreshold::forceDone()
/home/wolthera/krita/src/libs/image/kis_timed_signal_threshold.cpp:58
#17 0x7fd8f358fcb0 in KisTimedSignalThreshold::start()
/home/wolthera/krita/src/libs/image/kis_timed_signal_threshold.cpp:70
#18 0x7fd8f7af83fe in
KisInputManager::Private::CanvasSwitcher::eventFilter(QObject*, QEvent*)
/home/wolthera/krita/src/libs/ui/input/kis_input_manager_p.cpp:319
#19 0x7fd8f0cd50ac in
QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2800ac)
#20 0x7fd8f1acb814 in QApplicationPrivate::notify_helper(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x15b814)
#21 0x7fd8f1ad3ca7 in QApplication::notify(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x163ca7)
#22 0x7fd8f7cd0f3c in KisApplication::notify(QObject*, QEvent*)
/home/wolthera/krita/src/libs/ui/KisApplication.cpp:639
#23 0x7fd8f0cd5327 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x280327)
#24 0x7fd8f1ad229e in QApplicationPrivate::sendMouseEvent(QWidget*,
QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool, bool)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x16229e)
#25 0x7fd8f1b26a7f (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x1b6a7f)
#26 0x7fd8f1b29349 (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x1b9349)
#27 0x7fd8f1acb83b in QApplicationPrivate::notify_helper(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x15b83b)
#28 0x7fd8f1ad2dcf in QApplication::notify(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x162dcf)
#29 0x7fd8f7cd0f3c in KisApplication::notify(QObject*, QEvent*)
/home/wolthera/krita/src/libs/ui/KisApplication.cpp:639
#30 0x7fd8f0cd5327 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x280327)
#31 0x7fd8f129d52a in
QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5+0x11352a)
#32 0x7fd8f129e694 in
QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5+0x114694)
#33 0x7fd8f127714a in
QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5+0xed14a)
#34 0x7fd8d7397309 (/usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5+0x6b309)
#35 0x7fd8e6a50386 in g_main_context_dispatch
(/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4c386)
#36 0x7fd8e6a505bf (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4c5bf)
#37 0x7fd8e6a5064b in g_main_context_iteration
(/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4c64b)
#38 0x7fd8f0d3213e in
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2dd13e)
#39 0x7fd8f0cd3649 in
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x27e649)
#40 0x7fd8f0cdc7ff in QCoreApplication::exec()
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2877ff)
#41 0x56019f09c581 in main /home/wolthera/krita/src/krita/main.cc:481
#42 0x7fd8f00e4b96 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
#43 0x56019f095ba9 in _start
(/home/wolthera/krita/inst/bin/krita+0x24dbba9)
Address 0x7ffd86a29248 is located in stack of thread T0 at offset 184 in frame
#0 0x7fd8f7af7c63 in
KisInputManager::Private::CanvasSwitcher::eventFilter(QObject*, QEvent*)
/home/wolthera/krita/src/libs/ui/input/kis_input_manager_p.cpp:245
This frame has 3 object(s):
[32, 48) '<unknown>'
[96, 112) '<unknown>'
[160, 184) 'event' <== Memory access at offset 184 overflows this variable
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow
/usr/include/x86_64-linux-gnu/qt5/QtCore/qpoint.h:409 in QPointF::toPoint()
const
Shadow bytes around the buggy address:
0x100030d3d1f0: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
0x100030d3d200: 00 f2 f2 f2 f2 f2 f2 f2 f8 f2 f2 f2 f2 f2 f2 f2
0x100030d3d210: 00 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 00 00 00 00
0x100030d3d220: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100030d3d230: 00 00 f1 f1 f1 f1 f8 f8 f2 f2 f2 f2 f2 f2 f8 f8
=>0x100030d3d240: f2 f2 f2 f2 f2 f2 00 00 00[f2]00 00 00 00 00 00
0x100030d3d250: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100030d3d260: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100030d3d270: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100030d3d280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100030d3d290: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==2320==ABORTING
wolthera@Euthenia:~/krita/build$
--
You are receiving this mail because:
You are watching all bug changes.
