https://bugs.kde.org/show_bug.cgi?id=403064
David Hallas <da...@davidhallas.dk> changed:
What |Removed |Added
----------------------------------------------------------------------------
Ever confirmed|0 |1
CC| |da...@davidhallas.dk
Status|REPORTED |CONFIRMED
--- Comment #5 from David Hallas <da...@davidhallas.dk> ---
I can reproduce the crash if I do the following:
1. Right click a device in the places panel and select hide
2. Right click the places panel and select show hidden
3. Right click the hidden device and select show
4. Right click the same device and select hide
This is the output I get from address sanitizer:
=================================================================
==10758==ERROR: AddressSanitizer: heap-use-after-free on address 0x60d000661db8
at pc 0x7f11e094c809 bp 0x7fffc2009310 sp 0x7fffc2009300
READ of size 8 at 0x60d000661db8 thread T0
#0 0x7f11e094c808 in KStandardItem::setDataValue(QByteArray const&,
QVariant const&) ../src/kitemviews/kstandarditem.cpp:118
#1 0x7f11e222b1a8 in PlacesItem::setHidden(bool)
../src/panels/places/placesitem.cpp:96
#2 0x7f11e221cb94 in PlacesPanel::slotItemContextMenuRequested(int, QPointF
const&) ../src/panels/places/placespanel.cpp:260
#3 0x7f11e222905a in QtPrivate::FunctorCall<QtPrivate::IndexesList<0, 1>,
QtPrivate::List<int, QPointF const&>, void, void (PlacesPanel::*)(int, QPointF
const&)>::call(void (PlacesPanel::*)(int, QPointF const&), PlacesPanel*,
void**) /usr/include/qt5/QtCore/qobjectdefs_impl.h:134
#4 0x7f11e2228621 in void QtPrivate::FunctionPointer<void
(PlacesPanel::*)(int, QPointF const&)>::call<QtPrivate::List<int, QPointF
const&>, void>(void (PlacesPanel::*)(int, QPointF const&), PlacesPanel*,
void**) /usr/include/qt5/QtCore/qobjectdefs_impl.h:167
#5 0x7f11e222769b in QtPrivate::QSlotObject<void (PlacesPanel::*)(int,
QPointF const&), QtPrivate::List<int, QPointF const&>, void>::impl(int,
QtPrivate::QSlotObjectBase*, QObject*, void**, bool*)
/usr/include/qt5/QtCore/qobjectdefs_impl.h:396
#6 0x7f11d919c96e in QMetaObject::activate(QObject*, int, int, void**)
(/usr/lib64/libQt5Core.so.5+0x26796e)
#7 0x7f11e0a73a39 in KItemListController::itemContextMenuRequested(int,
QPointF const&)
src/dolphinprivate_autogen/Z3MQH7AOBD/moc_kitemlistcontroller.cpp:449
#8 0x7f11e08d7199 in
KItemListController::mousePressEvent(QGraphicsSceneMouseEvent*, QTransform
const&) ../src/kitemviews/kitemlistcontroller.cpp:624
#9 0x7f11e08dc2c4 in KItemListController::processEvent(QEvent*, QTransform
const&) ../src/kitemviews/kitemlistcontroller.cpp:1038
#10 0x7f11e08fbaf1 in KItemListView::event(QEvent*)
../src/kitemviews/kitemlistview.cpp:923
#11 0x7f11da2f9d8b in QApplicationPrivate::notify_helper(QObject*, QEvent*)
(/usr/lib64/libQt5Widgets.so.5+0x15ad8b)
#12 0x7f11da30134e in QApplication::notify(QObject*, QEvent*)
(/usr/lib64/libQt5Widgets.so.5+0x16234e)
#13 0x7f11d91753a0 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
(/usr/lib64/libQt5Core.so.5+0x2403a0)
#14 0x7f11da5ff8c2 (/usr/lib64/libQt5Widgets.so.5+0x4608c2)
#15 0x7f11da5ffcb1 (/usr/lib64/libQt5Widgets.so.5+0x460cb1)
#16 0x7f11da607cea (/usr/lib64/libQt5Widgets.so.5+0x468cea)
#17 0x7f11da607f28 in
QGraphicsScene::mousePressEvent(QGraphicsSceneMouseEvent*)
(/usr/lib64/libQt5Widgets.so.5+0x468f28)
#18 0x7f11da60f1cf in QGraphicsScene::event(QEvent*)
(/usr/lib64/libQt5Widgets.so.5+0x4701cf)
#19 0x7f11da2f9d8b in QApplicationPrivate::notify_helper(QObject*, QEvent*)
(/usr/lib64/libQt5Widgets.so.5+0x15ad8b)
#20 0x7f11da30134e in QApplication::notify(QObject*, QEvent*)
(/usr/lib64/libQt5Widgets.so.5+0x16234e)
#21 0x7f11d91753a0 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
(/usr/lib64/libQt5Core.so.5+0x2403a0)
#22 0x7f11da62bda3 in QGraphicsView::mousePressEvent(QMouseEvent*)
(/usr/lib64/libQt5Widgets.so.5+0x48cda3)
#23 0x7f11da33941e in QWidget::event(QEvent*)
(/usr/lib64/libQt5Widgets.so.5+0x19a41e)
#24 0x7f11da3dab3d in QFrame::event(QEvent*)
(/usr/lib64/libQt5Widgets.so.5+0x23bb3d)
#25 0x7f11da62d04a in QGraphicsView::viewportEvent(QEvent*)
(/usr/lib64/libQt5Widgets.so.5+0x48e04a)
#26 0x7f11d91751ed in
QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*)
(/usr/lib64/libQt5Core.so.5+0x2401ed)
#27 0x7f11da2f9d64 in QApplicationPrivate::notify_helper(QObject*, QEvent*)
(/usr/lib64/libQt5Widgets.so.5+0x15ad64)
#28 0x7f11da301ee6 in QApplication::notify(QObject*, QEvent*)
(/usr/lib64/libQt5Widgets.so.5+0x162ee6)
#29 0x7f11d91753a0 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
(/usr/lib64/libQt5Core.so.5+0x2403a0)
#30 0x7f11da300831 in QApplicationPrivate::sendMouseEvent(QWidget*,
QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool)
(/usr/lib64/libQt5Widgets.so.5+0x161831)
#31 0x7f11da353ac2 (/usr/lib64/libQt5Widgets.so.5+0x1b4ac2)
#32 0x7f11da356088 (/usr/lib64/libQt5Widgets.so.5+0x1b7088)
#33 0x7f11da2f9d8b in QApplicationPrivate::notify_helper(QObject*, QEvent*)
(/usr/lib64/libQt5Widgets.so.5+0x15ad8b)
#34 0x7f11da30134e in QApplication::notify(QObject*, QEvent*)
(/usr/lib64/libQt5Widgets.so.5+0x16234e)
#35 0x7f11d91753a0 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
(/usr/lib64/libQt5Core.so.5+0x2403a0)
#36 0x7f11d9bbbf02 in
QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*)
(/usr/lib64/libQt5Gui.so.5+0xfbf02)
#37 0x7f11d9bbdc34 in
QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*)
(/usr/lib64/libQt5Gui.so.5+0xfdc34)
#38 0x7f11d9b98dba in
QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(/usr/lib64/libQt5Gui.so.5+0xd8dba)
#39 0x7f11c8aad74a (/usr/lib64/libQt5XcbQpa.so.5+0xcc74a)
#40 0x7f11d9174372 in
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>)
(/usr/lib64/libQt5Core.so.5+0x23f372)
#41 0x7f11d917c1a1 in QCoreApplication::exec()
(/usr/lib64/libQt5Core.so.5+0x2471a1)
#42 0x7f11e218859a in kdemain ../src/main.cpp:168
#43 0x56181eb18956 in main src/dolphin_dummy.cpp:3
#44 0x7f11e13baae6 in __libc_start_main ../csu/libc-start.c:308
#45 0x56181eb18859 in _start
(/home/dha/workspace/kde/install/bin/dolphin+0x859)
0x60d000661db8 is located 24 bytes inside of 136-byte region
[0x60d000661da0,0x60d000661e28)
freed by thread T0 here:
#0 0x7f11e26d2c30 in operator delete(void*)
/var/tmp/portage/sys-devel/gcc-8.2.0-r6/work/gcc-8.2.0/libsanitizer/asan/asan_new_delete.cc:135
#1 0x7f11e222a1d3 in PlacesItem::~PlacesItem()
../src/panels/places/placesitem.cpp:51
#2 0x7f11e096eefd in KStandardItemModel::removeItem(int)
../src/kitemviews/kstandarditemmodel.cpp:115
#3 0x7f11e223eea5 in PlacesItemModel::onSourceModelDataChanged(QModelIndex
const&, QModelIndex const&, QVector<int> const&)
../src/panels/places/placesitemmodel.cpp:569
#4 0x7f11e2250ff1 in QtPrivate::FunctorCall<QtPrivate::IndexesList<0, 1,
2>, QtPrivate::List<QModelIndex const&, QModelIndex const&, QVector<int>
const&>, void, void (PlacesItemModel::*)(QModelIndex const&, QModelIndex
const&, QVector<int> const&)>::call(void (PlacesItemModel::*)(QModelIndex
const&, QModelIndex const&, QVector<int> const&), PlacesItemModel*, void**)
(/home/dha/workspace/kde/install/lib64/libkdeinit5_dolphin.so+0x147ff1)
#5 0x7f11e224fb9d in void QtPrivate::FunctionPointer<void
(PlacesItemModel::*)(QModelIndex const&, QModelIndex const&, QVector<int>
const&)>::call<QtPrivate::List<QModelIndex const&, QModelIndex const&,
QVector<int> const&>, void>(void (PlacesItemModel::*)(QModelIndex const&,
QModelIndex const&, QVector<int> const&), PlacesItemModel*, void**)
(/home/dha/workspace/kde/install/lib64/libkdeinit5_dolphin.so+0x146b9d)
#6 0x7f11e224b6fd in QtPrivate::QSlotObject<void
(PlacesItemModel::*)(QModelIndex const&, QModelIndex const&, QVector<int>
const&), QtPrivate::List<QModelIndex const&, QModelIndex const&, QVector<int>
const&>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*)
/usr/include/qt5/QtCore/qobjectdefs_impl.h:396
#7 0x7f11d919c96e in QMetaObject::activate(QObject*, int, int, void**)
(/usr/lib64/libQt5Core.so.5+0x26796e)
#8 0x7f11d913245b in QAbstractItemModel::dataChanged(QModelIndex const&,
QModelIndex const&, QVector<int> const&) (/usr/lib64/libQt5Core.so.5+0x1fd45b)
previously allocated by thread T0 here:
#0 0x7f11e26d1dc0 in operator new(unsigned long)
/var/tmp/portage/sys-devel/gcc-8.2.0-r6/work/gcc-8.2.0/libsanitizer/asan/asan_new_delete.cc:90
#1 0x7f11e223b231 in PlacesItemModel::addItemFromSourceModel(QModelIndex
const&) ../src/panels/places/placesitemmodel.cpp:392
#2 0x7f11e223644d in PlacesItemModel::setHiddenItemsShown(bool)
../src/panels/places/placesitemmodel.cpp:115
#3 0x7f11e2222d67 in PlacesPanel::showHiddenEntries(bool)
../src/panels/places/placespanel.cpp:551
#4 0x7f11e221e72c in PlacesPanel::slotViewContextMenuRequested(QPointF
const&) ../src/panels/places/placespanel.cpp:345
#5 0x7f11e222930c in QtPrivate::FunctorCall<QtPrivate::IndexesList<0>,
QtPrivate::List<QPointF const&>, void, void (PlacesPanel::*)(QPointF
const&)>::call(void (PlacesPanel::*)(QPointF const&), PlacesPanel*, void**)
/usr/include/qt5/QtCore/qobjectdefs_impl.h:134
#6 0x7f11e2228666 in void QtPrivate::FunctionPointer<void
(PlacesPanel::*)(QPointF const&)>::call<QtPrivate::List<QPointF const&>,
void>(void (PlacesPanel::*)(QPointF const&), PlacesPanel*, void**)
/usr/include/qt5/QtCore/qobjectdefs_impl.h:167
#7 0x7f11e222786b in QtPrivate::QSlotObject<void (PlacesPanel::*)(QPointF
const&), QtPrivate::List<QPointF const&>, void>::impl(int,
QtPrivate::QSlotObjectBase*, QObject*, void**, bool*)
/usr/include/qt5/QtCore/qobjectdefs_impl.h:396
#8 0x7f11d919c96e in QMetaObject::activate(QObject*, int, int, void**)
(/usr/lib64/libQt5Core.so.5+0x26796e)
#9 0x7f11e0a73bba in KItemListController::viewContextMenuRequested(QPointF
const&) src/dolphinprivate_autogen/Z3MQH7AOBD/moc_kitemlistcontroller.cpp:456
#10 0x7f11e08d7526 in
KItemListController::mousePressEvent(QGraphicsSceneMouseEvent*, QTransform
const&) ../src/kitemviews/kitemlistcontroller.cpp:635
#11 0x7f11e08dc2c4 in KItemListController::processEvent(QEvent*, QTransform
const&) ../src/kitemviews/kitemlistcontroller.cpp:1038
#12 0x7f11e08fbaf1 in KItemListView::event(QEvent*)
../src/kitemviews/kitemlistview.cpp:923
#13 0x7f11da2f9d8b in QApplicationPrivate::notify_helper(QObject*, QEvent*)
(/usr/lib64/libQt5Widgets.so.5+0x15ad8b)
SUMMARY: AddressSanitizer: heap-use-after-free
../src/kitemviews/kstandarditem.cpp:118 in
KStandardItem::setDataValue(QByteArray const&, QVariant const&)
Shadow bytes around the buggy address:
0x0c1a800c4360: fa fa fa fa fa fa fd fd fd fd fd fd fd fd fd fd
0x0c1a800c4370: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa
0x0c1a800c4380: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c1a800c4390: fd fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd
0x0c1a800c43a0: fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa
=>0x0c1a800c43b0: fa fa fa fa fd fd fd[fd]fd fd fd fd fd fd fd fd
0x0c1a800c43c0: fd fd fd fd fd fa fa fa fa fa fa fa fa fa fd fd
0x0c1a800c43d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa
0x0c1a800c43e0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c1a800c43f0: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa
0x0c1a800c4400: fa fa fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==10758==ABORTING
--
You are receiving this mail because:
You are watching all bug changes.
