Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-36848

Crash with wacom tablet on Mac due to use-after-free of QWidgetWindow global qt_tablet_target

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P1: Critical
    • None
    • 5.2.1
    • GUI: Complex Input methods
    • Mac OS X 10.8.5, Qt 5.2.1, Wacom Intuos
    • macOS
    • 2bac49265efcf8faabc3756d1a3e405a3d336f68

    Description

      You can crash Qt 5.2.1 on a Mac using an input tablet.
      Use the attached program as an example.
      Using the tablet, press the "CLOSE" button in the top window.
      Then move over to the other window. The application crashes.

      The QWidgetWindow class uses a global QWidget pointer called 'qt_tablet_target' for receiving tablet events.

      On the Mac, this pointer can be accessed after it has been freed.

      The QWidgetWindow code assumes that it will only receive TabletMove events after it receives a TabletPress event. But on the Mac this is not the case.

      So after closing and deleting the first window, the TabletMove event gets sent to the second window, which has not received a TabletPress event. It tries to call qt_tablet_target->mapFromGlobal() and crashes, because the QWidget that qt_tablet_target points to has been destroyed.

      The easiest solution is to use a QPointer for qt_tablet_target.

      Another option would be to make sure not to send the tablet event to a window that hasn't yet received a TabletPress event.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-34007 Segflault on window-close with tablet

          • Not Evaluated - Not yet evaluated/prioritized
          • Closed
          replaces

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-38040 QTCreator 5.21/ 5.3 beta crashes when configuring 5.02/ 5.21 project

          • P1: Critical - Urgent and Important, will STOP the release if matched with set FixVersion field. This includes regressions from the last version that are not edge cases; Data loss; Build issues; All but the most unlikely crashes/lockups/hanging; Serious usability issues and embarrassing bugs & Bugs critical to a deliverable. This is the highest possible priority for requirements.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              srutledg Shawn Rutledge
              dzedsystems Dyami Caliri
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes