[kdevelop] [Bug 360405] New: Crash on exit: Related to QtHelp plugin [DocumentationView::changedProvider]

Fri, 11 Mar 2016 03:12:13 -0800 

https://bugs.kde.org/show_bug.cgi?id=360405

            Bug ID: 360405
           Summary: Crash on exit: Related to QtHelp plugin
                    [DocumentationView::changedProvider]
           Product: kdevelop
           Version: unspecified
          Platform: Other
                OS: Linux
            Status: UNCONFIRMED
          Severity: crash
          Priority: NOR
         Component: documentation viewer
          Assignee: kdevelop-bugs-n...@kde.org
          Reporter: kf...@kde.org

==6618==ERROR: AddressSanitizer: heap-use-after-free on address 0x6060018d2090
at pc 0x7facfcdb2b2d bp 0x7ffd8e935c30 sp 0x7ffd8e935c28
READ of size 8 at 0x6060018d2090 thread T0
    #0 0x7facfcdb2b2c in DocumentationView::changedProvider(int)
/home/kfunk/devel/src/kf5/kdevplatform-stable/documentation/documentationview.cpp:238:41
    #1 0x7facfcdb307c in DocumentationView::emptyHistory()
/home/kfunk/devel/src/kf5/kdevplatform-stable/documentation/documentationview.cpp:202:9
    #2 0x7facfcddfc7d in QtPrivate::FunctorCall<QtPrivate::IndexesList<>,
QtPrivate::List<>, void, void (DocumentationView::*)()>::call(void
(DocumentationView::*)(), DocumentationView*, void**)
/usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:501:13
    #3 0x7facfcddf801 in void QtPrivate::FunctionPointer<void
(DocumentationView::*)()>::call<QtPrivate::List<>, void>(void
(DocumentationView::*)(), DocumentationView*, void**)
/usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:520:13
    #4 0x7facfcddef2b in QtPrivate::QSlotObject<void (DocumentationView::*)(),
QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*,
void**, bool*) /usr/include/x86_64-linux-gnu/qt5/QtCore/qobject_impl.h:143:17
    #5 0x7fad00b03e1e in QMetaObject::activate(QObject*, int, int, void**)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b4e1e)
    #6 0x7facfcde9ed6 in ProvidersModel::providersChanged()
/home/kfunk/devel/build/kf5/kdevplatform-stable/documentation/moc_documentationview.cpp:281:5
    #7 0x7facfcdb802a in
ProvidersModel::removeProviders(QList<KDevelop::IDocumentationProvider*>
const&)
/home/kfunk/devel/src/kf5/kdevplatform-stable/documentation/documentationview.cpp:295:10
    #8 0x7facfcdb6786 in ProvidersModel::unloaded(KDevelop::IPlugin*)
/home/kfunk/devel/src/kf5/kdevplatform-stable/documentation/documentationview.cpp:302:9
    #9 0x7facfcdd638c in QtPrivate::FunctorCall<QtPrivate::IndexesList<0>,
QtPrivate::List<KDevelop::IPlugin*>, void, void
(ProvidersModel::*)(KDevelop::IPlugin*)>::call(void
(ProvidersModel::*)(KDevelop::IPlugin*), ProvidersModel*, void**)
/usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:501:14
    #10 0x7facfcdd5e81 in void QtPrivate::FunctionPointer<void
(ProvidersModel::*)(KDevelop::IPlugin*)>::call<QtPrivate::List<KDevelop::IPlugin*>,
void>(void (ProvidersModel::*)(KDevelop::IPlugin*), ProvidersModel*, void**)
/usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:520:13
    #11 0x7facfcdd55ab in QtPrivate::QSlotObject<void
(ProvidersModel::*)(KDevelop::IPlugin*), QtPrivate::List<KDevelop::IPlugin*>,
void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*)
/usr/include/x86_64-linux-gnu/qt5/QtCore/qobject_impl.h:143:17
    #12 0x7fad00b03e1e in QMetaObject::activate(QObject*, int, int, void**)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b4e1e)
    #13 0x7fad02d34beb in
KDevelop::IPluginController::unloadingPlugin(KDevelop::IPlugin*)
/home/kfunk/devel/build/kf5/kdevplatform-stable/interfaces/moc_iplugincontroller.cpp:238:5
    #14 0x7fad038f7990 in
KDevelop::PluginController::unloadPlugin(KDevelop::IPlugin*,
KDevelop::PluginController::PluginDeletion)
/home/kfunk/devel/src/kf5/kdevplatform-stable/shell/plugincontroller.cpp:424:10
    #15 0x7fad038f7177 in KDevelop::PluginController::cleanup()
/home/kfunk/devel/src/kf5/kdevplatform-stable/shell/plugincontroller.cpp:321:9
    #16 0x7fad039746b8 in KDevelop::Core::cleanup()
/home/kfunk/devel/src/kf5/kdevplatform-stable/shell/core.cpp:446:9
    #17 0x7fad03972da0 in KDevelop::Core::shutdown()
/home/kfunk/devel/src/kf5/kdevplatform-stable/shell/core.cpp:409:9
    #18 0x7fad0386ef25 in KDevelop::MainWindow::~MainWindow()
/home/kfunk/devel/src/kf5/kdevplatform-stable/shell/mainwindow.cpp:154:9
    #19 0x7fad0386f1aa in KDevelop::MainWindow::~MainWindow()
/home/kfunk/devel/src/kf5/kdevplatform-stable/shell/mainwindow.cpp:151:1
    #20 0x7fad0386fa73 in KDevelop::MainWindow::~MainWindow()
/home/kfunk/devel/src/kf5/kdevplatform-stable/shell/mainwindow.cpp:151:1
    #21 0x7fad00b04e8f in QObject::event(QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b5e8f)
    #22 0x7fad0140acda in QWidget::event(QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x19dcda)
    #23 0x7fad01520d5a in QMainWindow::event(QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x2b3d5a)
    #24 0x7fad02534931 in KMainWindow::event(QEvent*)
/home/kfunk/devel/src/kf5/kxmlgui/src/kmainwindow.cpp:867:25
    #25 0x7fad0257de59 in KXmlGuiWindow::event(QEvent*)
/home/kfunk/devel/src/kf5/kxmlgui/src/kxmlguiwindow.cpp:118:29
    #26 0x7fad013c805b in QApplicationPrivate::notify_helper(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x15b05b)
    #27 0x7fad013cd515 in QApplication::notify(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x160515)
    #28 0x7fad00ad55ba in QCoreApplication::notifyInternal(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2865ba)
    #29 0x7fad00ad79b5 in QCoreApplicationPrivate::sendPostedEvents(QObject*,
int, QThreadData*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2889b5)
    #30 0x7fad00b2b642  (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2dc642)
    #31 0x7facf79f5126 in g_main_context_dispatch
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4a126)
    #32 0x7facf79f537f  (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4a37f)
    #33 0x7facf79f542b in g_main_context_iteration
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4a42b)
    #34 0x7fad00b2ba4e in
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2dca4e)
    #35 0x7fad00ad2d79 in
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x283d79)
    #36 0x7fad00adae1b in QCoreApplication::exec()
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x28be1b)
    #37 0x503869 in main
/home/kfunk/devel/src/kf5/kdevelop-stable/app/main.cpp:671:12
    #38 0x7facff5db9ff in __libc_start_main
/build/glibc-uCRKup/glibc-2.21/csu/libc-start.c:289
    #39 0x43c128 in _start
(/home/kfunk/devel/install/kf5-stable/bin/kdevelop+0x43c128)

0x6060018d2090 is located 16 bytes inside of 56-byte region
[0x6060018d2080,0x6060018d20b8)
freed by thread T0 here:
    #0 0x4e2b82 in operator delete(void*)
(/home/kfunk/devel/install/kf5-stable/bin/kdevelop+0x4e2b82)
    #1 0x7facc5a66c93 in QtHelpQtDoc::~QtHelpQtDoc()
/home/kfunk/devel/build/kf5/kdevelop-stable/documentation/qthelp/../../../../../src/kf5/kdevelop-stable/documentation/qthelp/qthelpqtdoc.h:26:7
    #2 0x7fad00b024fa in QObjectPrivate::deleteChildren()
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b34fa)

previously allocated by thread T0 here:
    #0 0x4e25c2 in operator new(unsigned long)
(/home/kfunk/devel/install/kf5-stable/bin/kdevelop+0x4e25c2)
    #1 0x7facc5a37dac in QtHelpPlugin::loadQtDocumentation(bool)
/home/kfunk/devel/src/kf5/kdevelop-stable/documentation/qthelp/qthelpplugin.cpp:76:19
    #2 0x7facc5a37dac in QtHelpPlugin::readConfig()
/home/kfunk/devel/src/kf5/kdevelop-stable/documentation/qthelp/qthelpplugin.cpp:65
    #3 0x7facc5a650e0 in QtHelpPlugin::qt_static_metacall(QObject*,
QMetaObject::Call, int, void**)
/home/kfunk/devel/build/kf5/kdevelop-stable/documentation/qthelp/moc_qthelpplugin.cpp:78:17
    #4 0x7fad00b04e70 in QObject::event(QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b5e70)
    #5 0x7fad013c805b in QApplicationPrivate::notify_helper(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x15b05b)

SUMMARY: AddressSanitizer: heap-use-after-free
/home/kfunk/devel/src/kf5/kdevplatform-stable/documentation/documentationview.cpp:238
DocumentationView::changedProvider(int)
Shadow bytes around the buggy address:
  0x0c0c803123c0: 00 00 00 04 fa fa fa fa 00 00 00 00 00 00 00 04
  0x0c0c803123d0: fa fa fa fa 00 00 00 00 00 00 00 04 fa fa fa fa
  0x0c0c803123e0: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd
  0x0c0c803123f0: fd fd fd fa fa fa fa fa fd fd fd fd fd fd fd fa
  0x0c0c80312400: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa
=>0x0c0c80312410: fd fd[fd]fd fd fd fd fa fa fa fa fa fd fd fd fd
  0x0c0c80312420: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c0c80312430: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa
  0x0c0c80312440: fd fd fd fd fd fd fd fa fa fa fa fa fd fd fd fd
  0x0c0c80312450: fd fd fd fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c0c80312460: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==6618==ABORTING


Reproducible: Sometimes

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to