https://bugs.kde.org/show_bug.cgi?id=359241
Bug ID: 359241 Summary: Crash on exit [PhpDocumentationWidget::documentLoaded] Product: kdevelop Version: 4.90.91 Platform: Other OS: Linux Status: UNCONFIRMED Severity: crash Priority: NOR Component: Language Support: PHP Assignee: kdevelop-bugs-n...@kde.org Reporter: kf...@kde.org ==6520==ERROR: AddressSanitizer: heap-use-after-free on address 0x6020008c96f0 at pc 0x7f14af82432d bp 0x7ffd7d3d4850 sp 0x7ffd7d3d4848 READ of size 8 at 0x6020008c96f0 thread T0 #0 0x7f14af82432c in PhpDocumentationWidget::documentLoaded() /home/kfunk/devel/src/kf5/kdev-php-stable/docs/phpdocumentationwidget.cpp:93:66 #1 0x7f14af82925d in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (PhpDocumentationWidget::*)()>::call(void (PhpDocumentationWidget::*)(), PhpDocumentationWidget*, void**) /usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:501:13 #2 0x7f14af828de1 in void QtPrivate::FunctionPointer<void (PhpDocumentationWidget::*)()>::call<QtPrivate::List<>, void>(void (PhpDocumentationWidget::*)(), PhpDocumentationWidget*, void**) /usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:520:13 #3 0x7f14af827b3b in QtPrivate::QSlotObject<void (PhpDocumentationWidget::*)(), QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) /usr/include/x86_64-linux-gnu/qt5/QtCore/qobject_impl.h:143:17 #4 0x7f14d88d4776 in QMetaObject::activate(QObject*, int, int, void**) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b5776) #5 0x7f14d3bb81d1 in QWebView::loadFinished(bool) (/usr/lib/x86_64-linux-gnu/libQt5WebKitWidgets.so.5+0x2d1d1) #6 0x7f14d3bb90db (/usr/lib/x86_64-linux-gnu/libQt5WebKitWidgets.so.5+0x2e0db) #7 0x7f14d88d48e9 in QMetaObject::activate(QObject*, int, int, void**) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b58e9) #8 0x7f14d3bae9a1 in QWebPage::loadFinished(bool) (/usr/lib/x86_64-linux-gnu/libQt5WebKitWidgets.so.5+0x239a1) #9 0x7f14d3bac600 (/usr/lib/x86_64-linux-gnu/libQt5WebKitWidgets.so.5+0x21600) #10 0x7f14d1bbb0bf (/usr/lib/x86_64-linux-gnu/libQt5WebKit.so.5+0x48b0bf) #11 0x7f14d1ee90a8 (/usr/lib/x86_64-linux-gnu/libQt5WebKit.so.5+0x7b90a8) #12 0x7f14d1ee7f85 (/usr/lib/x86_64-linux-gnu/libQt5WebKit.so.5+0x7b7f85) #13 0x7f14d1ee9ea6 (/usr/lib/x86_64-linux-gnu/libQt5WebKit.so.5+0x7b9ea6) #14 0x7f14d1ebc077 (/usr/lib/x86_64-linux-gnu/libQt5WebKit.so.5+0x78c077) #15 0x7f14d1f162ef (/usr/lib/x86_64-linux-gnu/libQt5WebKit.so.5+0x7e62ef) #16 0x7f14d1f0c7f6 (/usr/lib/x86_64-linux-gnu/libQt5WebKit.so.5+0x7dc7f6) #17 0x7f14d1ed07cf (/usr/lib/x86_64-linux-gnu/libQt5WebKit.so.5+0x7a07cf) #18 0x7f14d1ed2357 (/usr/lib/x86_64-linux-gnu/libQt5WebKit.so.5+0x7a2357) #19 0x7f14d1ee287d (/usr/lib/x86_64-linux-gnu/libQt5WebKit.so.5+0x7b287d) #20 0x7f14d1ee8c59 (/usr/lib/x86_64-linux-gnu/libQt5WebKit.so.5+0x7b8c59) #21 0x7f14d1bd4bd0 in QWebPageAdapter::deletePage() (/usr/lib/x86_64-linux-gnu/libQt5WebKit.so.5+0x4a4bd0) #22 0x7f14d3baf698 (/usr/lib/x86_64-linux-gnu/libQt5WebKitWidgets.so.5+0x24698) #23 0x7f14d3baf7b8 (/usr/lib/x86_64-linux-gnu/libQt5WebKitWidgets.so.5+0x247b8) #24 0x7f14d3bae6e0 in QWebPage::~QWebPage() (/usr/lib/x86_64-linux-gnu/libQt5WebKitWidgets.so.5+0x236e0) #25 0x7f14d3bae6f8 in QWebPage::~QWebPage() (/usr/lib/x86_64-linux-gnu/libQt5WebKitWidgets.so.5+0x236f8) #26 0x7f14d3bb85bf (/usr/lib/x86_64-linux-gnu/libQt5WebKitWidgets.so.5+0x2d5bf) #27 0x7f14d3bb8622 (/usr/lib/x86_64-linux-gnu/libQt5WebKitWidgets.so.5+0x2d622) #28 0x7f14d3bb7f7a in QWebView::~QWebView() (/usr/lib/x86_64-linux-gnu/libQt5WebKitWidgets.so.5+0x2cf7a) #29 0x7f14d52cc841 in KDevelop::StandardDocumentationView::~StandardDocumentationView() /home/kfunk/devel/build/kf5/kdevplatform-stable/documentation/../../../../src/kf5/kdevplatform-stable/documentation/standarddocumentationview.h:35:46 #30 0x7f14d52cc841 in KDevelop::StandardDocumentationView::~StandardDocumentationView() /home/kfunk/devel/build/kf5/kdevplatform-stable/documentation/../../../../src/kf5/kdevplatform-stable/documentation/standarddocumentationview.h:35 #31 0x7f14d88d2e5a in QObjectPrivate::deleteChildren() (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b3e5a) #32 0x7f14d91d912f in QWidget::~QWidget() (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x19a12f) #33 0x7f14af86b919 in PhpDocumentationWidget::~PhpDocumentationWidget() /home/kfunk/devel/build/kf5/kdev-php-stable/docs/../../../../src/kf5/kdev-php-stable/docs/phpdocumentationwidget.h:37:7 #34 0x7f14af86baa3 in PhpDocumentationWidget::~PhpDocumentationWidget() /home/kfunk/devel/build/kf5/kdev-php-stable/docs/../../../../src/kf5/kdev-php-stable/docs/phpdocumentationwidget.h:37:7 #35 0x7f14d88d2e5a in QObjectPrivate::deleteChildren() (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b3e5a) #36 0x7f14d91d912f in QWidget::~QWidget() (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x19a12f) #37 0x7f14d52cbdab in DocumentationView::~DocumentationView() /home/kfunk/devel/build/kf5/kdevplatform-stable/documentation/../../../../src/kf5/kdevplatform-stable/documentation/documentationview.h:39:46 #38 0x7f14d52cbdab in DocumentationView::~DocumentationView() /home/kfunk/devel/build/kf5/kdevplatform-stable/documentation/../../../../src/kf5/kdevplatform-stable/documentation/documentationview.h:39 #39 0x7f14d88d2e5a in QObjectPrivate::deleteChildren() (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b3e5a) #40 0x7f14d91d912f in QWidget::~QWidget() (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x19a12f) #41 0x7f14de32475d in Sublime::IdealDockWidget::~IdealDockWidget() /home/kfunk/devel/src/kf5/kdevplatform-stable/sublime/idealdockwidget.cpp:68:1 #42 0x7f14de32475d in Sublime::IdealDockWidget::~IdealDockWidget() /home/kfunk/devel/src/kf5/kdevplatform-stable/sublime/idealdockwidget.cpp:67 #43 0x7f14d88d2e5a in QObjectPrivate::deleteChildren() (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b3e5a) #44 0x7f14d91d912f in QWidget::~QWidget() (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x19a12f) #45 0x7f14dc097d8f in KMainWindow::~KMainWindow() (/usr/lib/x86_64-linux-gnu/libKF5XmlGui.so.5+0x77d8f) #46 0x7f14de2e1c2b in Sublime::MainWindow::~MainWindow() /home/kfunk/devel/src/kf5/kdevplatform-stable/sublime/mainwindow.cpp:76:1 #47 0x7f14dddebb99 in KDevelop::MainWindow::~MainWindow() /home/kfunk/devel/src/kf5/kdevplatform-stable/shell/mainwindow.cpp:156:1 #48 0x7f14dddebeb8 in KDevelop::MainWindow::~MainWindow() /home/kfunk/devel/src/kf5/kdevplatform-stable/shell/mainwindow.cpp:149:1 #49 0x7f14dddebeb8 in KDevelop::MainWindow::~MainWindow() /home/kfunk/devel/src/kf5/kdevplatform-stable/shell/mainwindow.cpp:149 #50 0x7f14d88d57cf in QObject::event(QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b67cf) #51 0x7f14d91dd74a in QWidget::event(QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x19e74a) #52 0x7f14d92f3a4a in QMainWindow::event(QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x2b4a4a) #53 0x7f14dc09a2a6 in KMainWindow::event(QEvent*) (/usr/lib/x86_64-linux-gnu/libKF5XmlGui.so.5+0x7a2a6) #54 0x7f14dc0d2754 in KXmlGuiWindow::event(QEvent*) (/usr/lib/x86_64-linux-gnu/libKF5XmlGui.so.5+0xb2754) #55 0x7f14d919a9db in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x15b9db) #56 0x7f14d919fea5 in QApplication::notify(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x160ea5) #57 0x7f14d88a5d7a in QCoreApplication::notifyInternal(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x286d7a) #58 0x7f14d88a8175 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x289175) #59 0x7f14d88fc0e2 (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2dd0e2) #60 0x7f14cf67dff6 in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x49ff6) #61 0x7f14cf67e24f (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4a24f) #62 0x7f14cf67e2fb in g_main_context_iteration (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4a2fb) #63 0x7f14d88fc4ee in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2dd4ee) #64 0x7f14d88a3509 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x284509) #65 0x7f14d88ab5eb in QCoreApplication::exec() (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x28c5eb) #66 0x504cc6 in main /home/kfunk/devel/src/kf5/kdevelop-stable/app/main.cpp:674:12 #67 0x7f14d73aaa3f in __libc_start_main /build/buildd/glibc-2.21/csu/libc-start.c:289 #68 0x43d948 in _start (/home/kfunk/devel/install/kf5-stable/bin/kdevelop+0x43d948) 0x6020008c96f0 is located 0 bytes inside of 16-byte region [0x6020008c96f0,0x6020008c9700) freed by thread T0 here: #0 0x4e43a2 in operator delete(void*) (/home/kfunk/devel/install/kf5-stable/bin/kdevelop+0x4e43a2) #1 0x7f14d88d2e5a in QObjectPrivate::deleteChildren() (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b3e5a) previously allocated by thread T0 here: #0 0x4e3de2 in operator new(unsigned long) (/home/kfunk/devel/install/kf5-stable/bin/kdevelop+0x4e3de2) #1 0x7f14af8221f4 in createStyleSheet(QObject*) /home/kfunk/devel/src/kf5/kdev-php-stable/docs/phpdocumentationwidget.cpp:37:28 #2 0x7f14af822b3f in PhpDocumentationWidget::PhpDocumentationWidget(KDevelop::DocumentationFindWidget*, QUrl const&, PhpDocsPlugin*, QWidget*) /home/kfunk/devel/src/kf5/kdev-php-stable/docs/phpdocumentationwidget.cpp:51:16 #3 0x7f14af82e52b in PhpDocumentation::documentationWidget(KDevelop::DocumentationFindWidget*, QWidget*) /home/kfunk/devel/src/kf5/kdev-php-stable/docs/phpdocumentation.cpp:50:12 #4 0x7f14d52c2ee1 in DocumentationView::updateView() /home/kfunk/devel/src/kf5/kdevplatform-stable/documentation/documentationview.cpp:222:20 #5 0x7f14d52c3aab in DocumentationView::showDocumentation(QExplicitlySharedDataPointer<KDevelop::IDocumentation> const&) /home/kfunk/devel/src/kf5/kdevplatform-stable/documentation/documentationview.cpp:167:5 #6 0x7f14d52c341e in DocumentationView::showHome() /home/kfunk/devel/src/kf5/kdevplatform-stable/documentation/documentationview.cpp:143:5 #7 0x7f14d52c27d7 in DocumentationView::changedProvider(int) /home/kfunk/devel/src/kf5/kdevplatform-stable/documentation/documentationview.cpp:241:5 #8 0x7f14d52c27d7 in DocumentationView::emptyHistory() /home/kfunk/devel/src/kf5/kdevplatform-stable/documentation/documentationview.cpp:202 #9 0x7f14d52ca31d in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (DocumentationView::*)()>::call(void (DocumentationView::*)(), DocumentationView*, void**) /usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:501:13 #10 0x7f14d52ca31d in void QtPrivate::FunctionPointer<void (DocumentationView::*)()>::call<QtPrivate::List<>, void>(void (DocumentationView::*)(), DocumentationView*, void**) /usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:520 #11 0x7f14d52ca31d in QtPrivate::QSlotObject<void (DocumentationView::*)(), QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) /usr/include/x86_64-linux-gnu/qt5/QtCore/qobject_impl.h:143 #12 0x7f14d88d4776 in QMetaObject::activate(QObject*, int, int, void**) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b5776) #13 0x7f14d52cb423 in ProvidersModel::providersChanged() /home/kfunk/devel/build/kf5/kdevplatform-stable/documentation/moc_documentationview.cpp:281:5 #14 0x7f14d52c69ce in ProvidersModel::removeProviders(QList<KDevelop::IDocumentationProvider*> const&) /home/kfunk/devel/src/kf5/kdevplatform-stable/documentation/documentationview.cpp:295:10 #15 0x7f14d52c4f58 in ProvidersModel::unloaded(KDevelop::IPlugin*) /home/kfunk/devel/src/kf5/kdevplatform-stable/documentation/documentationview.cpp:302:9 #16 0x7f14d52c96b3 in QtPrivate::FunctorCall<QtPrivate::IndexesList<0>, QtPrivate::List<KDevelop::IPlugin*>, void, void (ProvidersModel::*)(KDevelop::IPlugin*)>::call(void (ProvidersModel::*)(KDevelop::IPlugin*), ProvidersModel*, void**) /usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:501:14 #17 0x7f14d52c96b3 in void QtPrivate::FunctionPointer<void (ProvidersModel::*)(KDevelop::IPlugin*)>::call<QtPrivate::List<KDevelop::IPlugin*>, void>(void (ProvidersModel::*)(KDevelop::IPlugin*), ProvidersModel*, void**) /usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:520 #18 0x7f14d52c96b3 in QtPrivate::QSlotObject<void (ProvidersModel::*)(KDevelop::IPlugin*), QtPrivate::List<KDevelop::IPlugin*>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) /usr/include/x86_64-linux-gnu/qt5/QtCore/qobject_impl.h:143 #19 0x7f14d88d4776 in QMetaObject::activate(QObject*, int, int, void**) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b5776) #20 0x7f14de1f1b9b in KDevelop::IPluginController::unloadingPlugin(KDevelop::IPlugin*) /home/kfunk/devel/build/kf5/kdevplatform-stable/interfaces/moc_iplugincontroller.cpp:238:5 #21 0x7f14dde0fe5a in KDevelop::PluginController::unloadPlugin(KDevelop::IPlugin*, KDevelop::PluginController::PluginDeletion) /home/kfunk/devel/src/kf5/kdevplatform-stable/shell/plugincontroller.cpp:419:10 #22 0x7f14dde0f7bd in KDevelop::PluginController::cleanup() /home/kfunk/devel/src/kf5/kdevplatform-stable/shell/plugincontroller.cpp:321:9 #23 0x7f14dde4ab92 in KDevelop::Core::cleanup() /home/kfunk/devel/src/kf5/kdevplatform-stable/shell/core.cpp:446:9 #24 0x7f14dde49bdd in KDevelop::Core::shutdown() /home/kfunk/devel/src/kf5/kdevplatform-stable/shell/core.cpp:409:9 #25 0x7f14dddebb39 in KDevelop::MainWindow::~MainWindow() /home/kfunk/devel/src/kf5/kdevplatform-stable/shell/mainwindow.cpp:152:9 #26 0x7f14dddebeb8 in KDevelop::MainWindow::~MainWindow() /home/kfunk/devel/src/kf5/kdevplatform-stable/shell/mainwindow.cpp:149:1 #27 0x7f14dddebeb8 in KDevelop::MainWindow::~MainWindow() /home/kfunk/devel/src/kf5/kdevplatform-stable/shell/mainwindow.cpp:149 #28 0x7f14d88d57cf in QObject::event(QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b67cf) #29 0x7f14d91dd74a in QWidget::event(QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x19e74a) SUMMARY: AddressSanitizer: heap-use-after-free /home/kfunk/devel/src/kf5/kdev-php-stable/docs/phpdocumentationwidget.cpp:93 PhpDocumentationWidget::documentLoaded() Shadow bytes around the buggy address: 0x0c0480111280: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0480111290: fa fa fa fa fa fa fd fd fa fa fd fd fa fa fa fa 0x0c04801112a0: fa fa fa fa fa fa fd fd fa fa fa fa fa fa fa fa 0x0c04801112b0: fa fa fa fa fa fa fa fa fa fa fd fd fa fa fd fd 0x0c04801112c0: fa fa fd fd fa fa fa fa fa fa fd fd fa fa fd fd =>0x0c04801112d0: fa fa fa fa fa fa fd fd fa fa 00 00 fa fa[fd]fd 0x0c04801112e0: fa fa 04 fa fa fa 00 00 fa fa 00 fa fa fa 04 fa 0x0c04801112f0: fa fa fd fd fa fa fa fa fa fa fa fa fa fa fd fd 0x0c0480111300: fa fa fd fd fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0480111310: fa fa fd fd fa fa 00 00 fa fa 00 00 fa fa fd fd 0x0c0480111320: fa fa 00 00 fa fa fd fd fa fa fd fd fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==6520==ABORTING Reproducible: Sometimes -- You are receiving this mail because: You are watching all bug changes.