https://bugs.kde.org/show_bug.cgi?id=406950
Bug ID: 406950 Summary: Valgrind reports use after free Product: kstars Version: 3.2.0 Platform: Mint (Ubuntu based) OS: Linux Status: REPORTED Severity: normal Priority: NOR Component: general Assignee: mutla...@ikarustech.com Reporter: ella...@eskimo.com Target Milestone: --- SUMMARY Was having some stability problems (see also bug #406638) so I decided to run kstars under Valgrind on amd64. Valgrind reported a large number of troubling uninitialized data errors, but the most critical one I saw after a bit of testing was a clear use-after-free. STEPS TO REPRODUCE 1. Start kstars under valgrind with some appropriate suppressions. 2. Open EKOS and start indi with simulators. I used a guider as well as a CCD. 3. This error appeared around the time I clicked "capture" in the Guide window, though it seemed somewhat random. OBSERVED RESULT org.kde.kstars.ekos.align: "Capturing image..." org.kde.kstars.fits: Loading FITS file "/tmp/fitsu28517.fits" Found one coordinate representation. org.kde.kstars.ekos.align: "Image received." org.kde.kstars.ekos.align: "Capturing dark frame..." org.kde.kstars.fits: Loading FITS file "/tmp/fitsN28517.fits" org.kde.kstars.ekos.align: "Dark frame received." org.kde.kstars.fits: Loading FITS file "/tmp/fitsN28517.fits" org.kde.kstars.fits: Saved FITS file: "/home/elladan/.local/share/kstars/darks/darkframe_2019-04-26T18-42-24.fits" org.kde.kstars.ekos.align: "Dark frame saved to /home/elladan/.local/share/kstars/darks/darkframe_2019-04-26T18-42-24.fits" org.kde.kstars.ekos.align: "Starting solver..." ==28517== Thread 8 Thread (pooled): ==28517== Invalid write of size 1 ==28517== at 0x35114C: operator() (fitsview.cpp:603) ==28517== by 0x35114C: QtConcurrent::StoredFunctorCall0<void, bool FITSView::rescale<unsigned short>(FITSZoom)::{lambda()#1}>::runFunctor() (qtconcurrentstoredfunctioncall.h:70) ==28517== by 0x35017A: QtConcurrent::RunFunctionTask<void>::run() (qtconcurrentrunbase.h:136) ==28517== by 0xA4392B1: ??? (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.9.5) ==28517== by 0xA43C17C: ??? (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.9.5) ==28517== by 0xB5526DA: start_thread (pthread_create.c:463) ==28517== by 0xC7EE88E: clone (clone.S:95) ==28517== Address 0x7b56f418 is 730,072 bytes inside a block of size 24,000,000 free'd ==28517== at 0x4C30D3B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==28517== by 0x9886A44: QImageData::~QImageData() (in /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5.9.5) ==28517== by 0x9886AB6: QImage::~QImage() (in /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5.9.5) ==28517== by 0x9887C98: QImage::detach() (in /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5.9.5) ==28517== by 0x9887D26: QImage::scanLine(int) (in /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5.9.5) ==28517== by 0x3510F7: operator() (fitsview.cpp:599) ==28517== by 0x3510F7: QtConcurrent::StoredFunctorCall0<void, bool FITSView::rescale<unsigned short>(FITSZoom)::{lambda()#1}>::runFunctor() (qtconcurrentstoredfunctioncall.h:70) ==28517== by 0x35017A: QtConcurrent::RunFunctionTask<void>::run() (qtconcurrentrunbase.h:136) ==28517== by 0xA4392B1: ??? (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.9.5) ==28517== by 0xA43C17C: ??? (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.9.5) ==28517== by 0xB5526DA: start_thread (pthread_create.c:463) ==28517== by 0xC7EE88E: clone (clone.S:95) ==28517== Block was alloc'd at ==28517== at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==28517== by 0x9886D1E: QImageData::create(QSize const&, QImage::Format) (in /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5.9.5) ==28517== by 0x9886E9A: QImage::QImage(QSize const&, QImage::Format) (in /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5.9.5) ==28517== by 0x9886ED4: QImage::QImage(int, int, QImage::Format) (in /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5.9.5) ==28517== by 0x98874B2: QImage::copy(QRect const&) const (in /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5.9.5) ==28517== by 0x9887C7E: QImage::detach() (in /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5.9.5) ==28517== by 0x9887D26: QImage::scanLine(int) (in /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5.9.5) ==28517== by 0x3510F7: operator() (fitsview.cpp:599) ==28517== by 0x3510F7: QtConcurrent::StoredFunctorCall0<void, bool FITSView::rescale<unsigned short>(FITSZoom)::{lambda()#1}>::runFunctor() (qtconcurrentstoredfunctioncall.h:70) ==28517== by 0x35017A: QtConcurrent::RunFunctionTask<void>::run() (qtconcurrentrunbase.h:136) ==28517== by 0xA4392B1: ??? (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.9.5) ==28517== by 0xA43C17C: ??? (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.9.5) ==28517== by 0xB5526DA: start_thread (pthread_create.c:463) ==28517== EXPECTED RESULT Use before free. :-) SOFTWARE/OS VERSIONS Kstars: Build: 2019-04-14T19:19:24Z Linux Mint 19.1 (Tessa) -- You are receiving this mail because: You are watching all bug changes.