[NeoChat] [Bug 504344] New: Reacting to your own message with long custom test crashes NeoChat in QArrayDataPointer::deref() if the message being reacted to is smaller

Nate Graham Fri, 16 May 2025 08:54:56 -0700

https://bugs.kde.org/show_bug.cgi?id=504344


            Bug ID: 504344
           Summary: Reacting to your own message with long custom test
                    crashes NeoChat in
                    QArrayDataPointer<QTextOption::Tab>::deref() if the
                    message being reacted to is smaller
    Classification: Applications
           Product: NeoChat
      Version First git master
       Reported In:
          Platform: Other
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: General
          Assignee: fe...@posteo.de
          Reporter: n...@kde.org
                CC: c...@carlschwan.eu, j...@redstrate.com
  Target Milestone: ---

STEPS TO REPRODUCE
1. Send a message saying "smol"
2. Enter "/react this is much longer than the message"


OBSERVED RESULT
Boom!


Thread 1 (Thread 0x7f7f7b92e500 (LWP 14072)):
[KCrash Handler]
#4  0x00007f7f822b7800 in QArrayDataPointer<QTextOption::Tab>::deref
(this=0x3259f7b0) at
/usr/src/debug/qt6-qtbase-6.9.0-2.fc42.x86_64/src/corelib/tools/qarraydatapointer.h:452
#5  QArrayDataPointer<QTextOption::Tab>::~QArrayDataPointer (this=0x3259f7b0)
at
/usr/src/debug/qt6-qtbase-6.9.0-2.fc42.x86_64/src/corelib/tools/qarraydatapointer.h:108
#6  QList<QTextOption::Tab>::~QList (this=0x3259f7b0) at
/usr/src/debug/qt6-qtbase-6.9.0-2.fc42.x86_64/src/corelib/tools/qlist.h:76
#7  QTextOptionPrivate::~QTextOptionPrivate (this=0x3259f7b0) at
/usr/src/debug/qt6-qtbase-6.9.0-2.fc42.x86_64/src/gui/text/qtextoption.cpp:12
#8  QTextOption::~QTextOption (this=this@entry=0x7fff12a376c0) at
/usr/src/debug/qt6-qtbase-6.9.0-2.fc42.x86_64/src/gui/text/qtextoption.cpp:51
#9  0x00007f7f8225228b in QTextDocumentLayoutPrivate::layoutBlock
(this=this@entry=0x33d8eb00, bl=..., blockPosition=blockPosition@entry=0,
blockFormat=..., layoutStruct=layoutStruct@entry=0x7fff12a379d0,
layoutFrom=layoutFrom@entry=0, layoutTo=2147483647, previousBlockFormat=0x0) at
/usr/src/debug/qt6-qtbase-6.9.0-2.fc42.x86_64/src/gui/text/qtextdocumentlayout.cpp:3590
#10 0x00007f7f8225a6fe in QTextDocumentLayoutPrivate::layoutFlow
(this=this@entry=0x33d8eb00, it=...,
layoutStruct=layoutStruct@entry=0x7fff12a379d0, layoutFrom=layoutFrom@entry=0,
layoutTo=layoutTo@entry=2147483647, width=..., width@entry=...) at
/usr/src/debug/qt6-qtbase-6.9.0-2.fc42.x86_64/src/gui/text/qtextdocumentlayout.cpp:3288
#11 0x00007f7f82258628 in QTextDocumentLayoutPrivate::layoutFrame
(this=this@entry=0x33d8eb00, f=f@entry=0x33d62d00,
layoutFrom=layoutFrom@entry=0, layoutTo=layoutTo@entry=2147483647,
frameWidth=..., frameWidth@entry=..., frameHeight=..., parentY=...) at
/usr/src/debug/qt6-qtbase-6.9.0-2.fc42.x86_64/src/gui/text/qtextdocumentlayout.cpp:3029
#12 0x00007f7f82258d5d in QTextDocumentLayoutPrivate::layoutFrame
(this=this@entry=0x33d8eb00, f=f@entry=0x33d62d00,
layoutFrom=layoutFrom@entry=0, layoutTo=layoutTo@entry=2147483647, parentY=...,
parentY@entry=...) at
/usr/src/debug/qt6-qtbase-6.9.0-2.fc42.x86_64/src/gui/text/qtextdocumentlayout.cpp:2919
#13 0x00007f7f8225f48b in QTextDocumentLayout::doLayout (this=0x3259afc0,
from=0, oldLength=oldLength@entry=0, length=2147483647) at
/usr/src/debug/qt6-qtbase-6.9.0-2.fc42.x86_64/src/gui/text/qtextdocumentlayout.cpp:3838
#14 0x00007f7f82260f31 in QTextDocumentLayoutPrivate::ensureLayoutedByPosition
(this=<optimized out>, position=<optimized out>) at
/usr/src/debug/qt6-qtbase-6.9.0-2.fc42.x86_64/src/gui/text/qtextdocumentlayout.cpp:478
#15 QTextDocumentLayoutPrivate::ensureLayoutedByPosition (this=0x33d8eb00,
position=1000) at
/usr/src/debug/qt6-qtbase-6.9.0-2.fc42.x86_64/src/gui/text/qtextdocumentlayout.cpp:4007
#16 QTextDocumentLayoutPrivate::layoutStep (this=0x33d8eb00) at
/usr/src/debug/qt6-qtbase-6.9.0-2.fc42.x86_64/src/gui/text/qtextdocumentlayout.cpp:4021
#17 QTextDocumentLayout::documentChanged (this=0x3259afc0, from=0, oldLength=0,
length=5) at
/usr/src/debug/qt6-qtbase-6.9.0-2.fc42.x86_64/src/gui/text/qtextdocumentlayout.cpp:3798
#18 0x00007f7f82219493 in QTextDocument::setTextWidth (this=0x31636a40,
width=width@entry=-1) at
/usr/src/debug/qt6-qtbase-6.9.0-2.fc42.x86_64/src/gui/text/qtextdocument.cpp:738
#19 0x00007f7f8492c3f1 in QQuickTextEdit::updateSize
(this=this@entry=0x33c57ff0) at
/usr/src/debug/qt6-qtdeclarative-6.9.0-2.fc42.x86_64/src/quick/items/qquicktextedit.cpp:3077
#20 0x00007f7f84931170 in QQuickTextEdit::geometryChange (this=0x33c57ff0,
newGeometry=..., oldGeometry=...) at
/usr/src/debug/qt6-qtdeclarative-6.9.0-2.fc42.x86_64/src/quick/items/qquicktextedit.cpp:1711
#21 0x00007f7f8489ebed in QQuickItem::setSize (this=0x33c57ff0, size=...) at
/usr/src/debug/qt6-qtdeclarative-6.9.0-2.fc42.x86_64/src/quick/items/qquickitem.cpp:7781
#22 0x00007f7f040c4894 in QQuickGridLayoutItem::setGeometry (this=0x32439040,
rect=...) at
/usr/src/debug/qt6-qtdeclarative-6.9.0-2.fc42.x86_64/src/quicklayouts/qquickgridlayoutengine_p.h:85
#23 0x00007f7f822cdf01 in QGridLayoutEngine::setGeometries
(this=this@entry=0x32447638, contentsGeometry=..., styleInfo=<optimized out>)
at
/usr/src/debug/qt6-qtbase-6.9.0-2.fc42.x86_64/src/gui/util/qgridlayoutengine.cpp:1059
#24 0x00007f7f040c2625 in QQuickGridLayoutBase::rearrange (this=0x34de0880,
size=...) at
/usr/src/debug/qt6-qtdeclarative-6.9.0-2.fc42.x86_64/src/quicklayouts/qquicklinearlayout.cpp:477
#25 0x00007f7f040bed51 in QQuickLayout::geometryChange (this=0x34de0880,
newGeometry=..., oldGeometry=...) at
/usr/src/debug/qt6-qtdeclarative-6.9.0-2.fc42.x86_64/src/quicklayouts/qquicklayout.cpp:957
#26 0x00007f7f8489ebed in QQuickItem::setSize (this=0x34de0880, size=...) at
/usr/src/debug/qt6-qtdeclarative-6.9.0-2.fc42.x86_64/src/quick/items/qquickitem.cpp:7781
#27 0x00007f7f040c4894 in QQuickGridLayoutItem::setGeometry (this=0x33d5fc80,
rect=...) at
/usr/src/debug/qt6-qtdeclarative-6.9.0-2.fc42.x86_64/src/quicklayouts/qquickgridlayoutengine_p.h:85
#28 0x00007f7f822cdf01 in QGridLayoutEngine::setGeometries
(this=this@entry=0x32f544b8, contentsGeometry=..., styleInfo=<optimized out>)
at
/usr/src/debug/qt6-qtbase-6.9.0-2.fc42.x86_64/src/gui/util/qgridlayoutengine.cpp:1059
#29 0x00007f7f040c2625 in QQuickGridLayoutBase::rearrange (this=0x3242dff0,
size=...) at
/usr/src/debug/qt6-qtdeclarative-6.9.0-2.fc42.x86_64/src/quicklayouts/qquicklinearlayout.cpp:477
#30 0x00007f7f040bb45a in QQuickLayout::updatePolish (this=0x3242dff0) at
/usr/src/debug/qt6-qtdeclarative-6.9.0-2.fc42.x86_64/src/quicklayouts/qquicklayout.cpp:827
#31 0x00007f7f8496d397 in QQuickWindowPrivate::polishItems (this=0x2eb63400) at
/usr/src/debug/qt6-qtdeclarative-6.9.0-2.fc42.x86_64/src/quick/items/qquickwindow.cpp:344
#32 0x00007f7f84bac72e in QSGThreadedRenderLoop::polishAndSync
(this=0x2eb48cf0, w=0x2f1a3020, inExpose=false) at
/usr/src/debug/qt6-qtdeclarative-6.9.0-2.fc42.x86_64/src/quick/scenegraph/qsgthreadedrenderloop.cpp:1633
#33 0x00007f7f84970012 in QQuickWindow::event (this=0x2eb3a470,
event=<optimized out>) at
/usr/src/debug/qt6-qtdeclarative-6.9.0-2.fc42.x86_64/src/quick/items/qquickwindow.cpp:1590
#34 0x00007f7f8283d7af in QApplicationPrivate::notify_helper (this=<optimized
out>, receiver=0x2eb3a470, e=0x7fff12a38ab0) at
/usr/src/debug/qt6-qtbase-6.9.0-2.fc42.x86_64/src/widgets/kernel/qapplication.cpp:3301
#35 0x00007f7f816f5fa8 in QCoreApplication::notifyInternal2
(receiver=0x2eb3a470, event=0x7fff12a38ab0) at
/usr/src/debug/qt6-qtbase-6.9.0-2.fc42.x86_64/src/corelib/kernel/qcoreapplication.cpp:1106
#36 0x00007f7f816f620d in QCoreApplication::sendEvent (receiver=<optimized
out>, event=<optimized out>) at
/usr/src/debug/qt6-qtbase-6.9.0-2.fc42.x86_64/src/corelib/kernel/qcoreapplication.cpp:1546
#37 0x00007f7f81f33385 in QPlatformWindow::deliverUpdateRequest
(this=<optimized out>) at
/usr/src/debug/qt6-qtbase-6.9.0-2.fc42.x86_64/src/gui/kernel/qplatformwindow.cpp:825
#38 0x00007f7f81750fec in QObject::event (this=<optimized out>, e=<optimized
out>) at
/usr/src/debug/qt6-qtbase-6.9.0-2.fc42.x86_64/src/corelib/kernel/qobject.cpp:1431
#39 0x00007f7f8283d7af in QApplicationPrivate::notify_helper (this=<optimized
out>, receiver=0x2f1a29a0, e=0x33daae70) at
/usr/src/debug/qt6-qtbase-6.9.0-2.fc42.x86_64/src/widgets/kernel/qapplication.cpp:3301
#40 0x00007f7f816f5fa8 in QCoreApplication::notifyInternal2
(receiver=0x2f1a29a0, event=0x33daae70) at
/usr/src/debug/qt6-qtbase-6.9.0-2.fc42.x86_64/src/corelib/kernel/qcoreapplication.cpp:1106
#41 0x00007f7f816f620d in QCoreApplication::sendEvent (receiver=<optimized
out>, event=<optimized out>) at
/usr/src/debug/qt6-qtbase-6.9.0-2.fc42.x86_64/src/corelib/kernel/qcoreapplication.cpp:1546
#42 0x00007f7f816f9cd6 in QCoreApplicationPrivate::sendPostedEvents
(receiver=0x0, event_type=0, data=0x2e220b90) at
/usr/src/debug/qt6-qtbase-6.9.0-2.fc42.x86_64/src/corelib/kernel/qcoreapplication.cpp:1879
#43 0x00007f7f819ffd2f in postEventSourceDispatch (s=0x2e29bf70) at
/usr/src/debug/qt6-qtbase-6.9.0-2.fc42.x86_64/src/corelib/kernel/qeventdispatcher_glib.cpp:246
#44 0x00007f7f80efa040 in g_main_dispatch (context=0x7f7f68000f00) at
../glib/gmain.c:3398
#45 g_main_context_dispatch_unlocked (context=0x7f7f68000f00) at
../glib/gmain.c:4249
#46 0x00007f7f80f03128 in g_main_context_iterate_unlocked
(context=context@entry=0x7f7f68000f00, block=block@entry=1,
dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4314
#47 0x00007f7f80f032d3 in g_main_context_iteration (context=0x7f7f68000f00,
may_block=1) at ../glib/gmain.c:4379
#48 0x00007f7f819ff56d in QEventDispatcherGlib::processEvents (this=0x2e206690,
flags=...) at
/usr/src/debug/qt6-qtbase-6.9.0-2.fc42.x86_64/src/corelib/kernel/qeventdispatcher_glib.cpp:399
#49 0x00007f7f81703783 in QEventLoop::exec (this=this@entry=0x7fff12a38f60,
flags=..., flags@entry=...) at
/usr/src/debug/qt6-qtbase-6.9.0-2.fc42.x86_64/src/corelib/global/qflags.h:77
#50 0x00007f7f816ff229 in QCoreApplication::exec () at
/usr/src/debug/qt6-qtbase-6.9.0-2.fc42.x86_64/src/corelib/kernel/qcoreapplication.cpp:1449
#51 0x00007f7f81edac3d in QGuiApplication::exec () at
/usr/src/debug/qt6-qtbase-6.9.0-2.fc42.x86_64/src/gui/kernel/qguiapplication.cpp:1993
#52 0x00007f7f8283d719 in QApplication::exec () at
/usr/src/debug/qt6-qtbase-6.9.0-2.fc42.x86_64/src/widgets/kernel/qapplication.cpp:2568
#53 0x000000000040ae7d in main (argc=<optimized out>, argv=<optimized out>) at
/home/nate/kde/src/neochat/src/app/main.cpp:312


EXPECTED RESULT
No boom


SOFTWARE/OS VERSIONS
Operating System: Fedora Linux 42
KDE Plasma Version: 6.3.90
KDE Frameworks Version: 6.15.0
Qt Version: 6.9.0
Kernel Version: 6.14.6-300.fc42.x86_64 (64-bit)
Graphics Platform: Wayland
Processors: 16 × AMD Ryzen 7 7840U w/ Radeon™ 780M Graphics
Memory: 16 GiB of RAM (14.9 GiB usable)
Graphics Processor: AMD Radeon 780M

-- 
You are receiving this mail because:
You are watching all bug changes.

[NeoChat] [Bug 504344] New: Reacting to your own message with long custom test crashes NeoChat in QArrayDataPointer::deref() if the message being reacted to is smaller

Reply via email to