[frameworks-kwayland] [Bug 408358] New: Use after free in KDE Wayland integration

Wed, 05 Jun 2019 13:22:09 -0700 

https://bugs.kde.org/show_bug.cgi?id=408358

            Bug ID: 408358
           Summary: Use after free in KDE Wayland integration
           Product: frameworks-kwayland
           Version: 5.58.0
          Platform: Neon Packages
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: client
          Assignee: mgraess...@kde.org
          Reporter: m.wegh...@posteo.de
  Target Milestone: ---

Created attachment 120608
  --> https://bugs.kde.org/attachment.cgi?id=120608&action=edit
Valgrind output with wayland built from git master on KDE Neon unstable

SUMMARY

There is a use-after free problem in
plasma-integration/libkf5waylandclient/libwaylandclient.

STEPS TO REPRODUCE
1. log into a Plasma Wayland session
2. start any KDE (or Qt widget) application with environment variables
'MALLOC_CHECK_=2 MALLOC_PERTURB' set.


OBSERVED RESULT

The application crashes, e.g. like this:

    $ MALLOC_CHECK_=2 MALLOC_PERTURB_=153 kate
    kate: ../src/wayland-client.c:226: wl_proxy_unref: Assertion
`proxy->refcount > 0' failed.
    Aborted (core dumped)

EXPECTED RESULT

The application should run just fine.


SOFTWARE/OS VERSIONS

VM with:

Operating System: KDE neon Unstable Edition
KDE Plasma Version: 5.16.80
KDE Frameworks Version: 5.59.0
Qt Version: 5.12.0
Kernel Version: 4.18.0-21-generic
OS Type: 64-bit
Processors: 4 × Intel Xeon E3-12xx v2 (Ivy Bridge)
Memory: 7,7 GiB of RAM

ADDITIONAL INFORMATION

* Package versions on KDE Neon (originally observed in Debian testing with
older versions):
  * plasma-integration: 5.15.5+p18.04+git20190604.0336-0
  * libkf5waylandclient5: 4:5.58.0+p18.04+git20190602.0143-0
* The real world use case is LibreOffice with its relatively new qt5/kde5
integration. The LibreOffice shell wrapper sets the above two environment
variables, so LibreOffice currently doesn't start in a Plasma Wayland session
with kde5 integration in use.
* The same happens when using upstream wayland libs built from its current
master branch (as of commit 78c8681e28739da1fea667ae59118cfc0968497).
* Valgrind output for that scenario attached.

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to