Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-124502

Drag and drop operation can crash the compositor

    XMLWordPrintable

Details

    • Linux/Wayland
    • 792bd8510 (dev), ddcc7e996 (6.8), af5aba870 (6.7), 53fc5b17d (tqtc/lts-6.5), ef5dd4b13 (tqtc/lts-6.2), c42f8a03f (tqtc/lts-5.15)

    Description

      Running qwindow-compositor in valgrind sometimes shows that the compositor touches already freed objects:

      Qt 5.15.16 (qwindow-compositor running on xcb):

      Invalid read of size 8
  in Compositor::handleDrag(View*, QMouseEvent*) in /home/user/qwindow-compositor/compositor.cpp:506
  1: load in /opt/rh/devtoolset-4/root/usr/include/c++/5.3.1/bits/atomic_base.h:713
  2: load in /opt/rh/devtoolset-4/root/usr/include/c++/5.3.1/atomic:416
  3: loadRelaxed<QtSharedPointer::ExternalRefCountData*> in /home/qt/work/qt/qtbase/src/corelib/../../include/QtCore/../../src/corelib/thread/qatomic_cxx11.h:239
  4: loadRelaxed in /home/qt/work/qt/qtbase/src/corelib/../../include/QtCore/../../src/corelib/thread/qbasicatomic.h:248
  5: QtSharedPointer::ExternalRefCountData::getAndRef(QObject const*) in /home/qt/work/qt/qtbase/src/corelib/tools/qsharedpointer.cpp:1445
  6: QWeakPointer<QtWayland::DataSource, 1u> in /home/qt/work/install/include/QtCore/qsharedpointer_impl.h:685
  7: QPointer in /home/qt/work/install/include/QtCore/qpointer.h:62
  8: QtWayland::DataOffer::DataOffer(QtWayland::DataSource*, QtWaylandServer::wl_data_device::Resource*) in /home/qt/work/qt/qtwayland/src/compositor/wayland_wrapper/qwldataoffer.cpp:44
  9: QtWayland::DataDevice::setDragFocus(QWaylandSurface*, QPointF const&) in /home/qt/work/qt/qtwayland/src/compositor/wayland_wrapper/qwldatadevice.cpp:103
  10: QtWayland::DataDevice::dragMove(QWaylandSurface*, QPointF const&) in /home/qt/work/qt/qtwayland/src/compositor/wayland_wrapper/qwldatadevice.cpp:129
  11: Compositor::handleDrag(View*, QMouseEvent*) in /home/user/qwindow-compositor/compositor.cpp:506
  12: Window::mouseMoveEvent(QMouseEvent*) in /home/user/qwindow-compositor/window.cpp:255
  13: QWindow::event(QEvent*) in /home/qt/work/qt/qtbase/src/gui/kernel/qwindow.cpp:2461
  14: QPaintDeviceWindow::event(QEvent*) in /home/qt/work/qt/qtbase/src/gui/kernel/qpaintdevicewindow.cpp:206
  15: QCoreApplication::notifyInternal2(QObject*, QEvent*) in /home/qt/work/qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1064
  16: QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*) in /home/qt/work/qt/qtbase/src/gui/kernel/qguiapplication.cpp:2285
  17: QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) in /home/qt/work/qt/qtbase/src/gui/kernel/qguiapplication.cpp:2005
  18: QWindowSystemEventHandler::sendEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) in /home/qt/work/qt/qtbase/src/gui/kernel/qwindowsysteminterface.cpp:193
  19: QtWayland::WindowSystemEventHandler::sendEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) in /home/qt/work/qt/qtwayland/src/compositor/compositor_api/qwaylandcompositor.cpp:104
  20: QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) in /home/qt/work/qt/qtbase/src/gui/kernel/qwindowsysteminterface.cpp:1165
  21: xcbSourceDispatch(_GSource*, int (*)(void*), void*) in /home/qt/work/qt/qtbase/src/plugins/platforms/xcb/qxcbeventdispatcher.cpp:105
  22: g_main_context_dispatch in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.4
  23: /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.4
  24: g_main_context_iteration in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.4
  25: QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) in /home/qt/work/qt/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:423
  26: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) in /home/qt/work/qt/qtbase/src/corelib/kernel/qeventloop.cpp:235
  27: QCoreApplication::exec() in /home/qt/work/qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1375
  28: main in /home/user/qwindow-compositor/main.cpp:65
Address 0xc876d38 is 8 bytes inside a block of size 120 free'd  1: operator delete(void*, unsigned long) in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so
  2: QtWaylandServer::wl_data_source::destroy_func(wl_resource*) in /home/qt/work/qt/qtwayland/src/compositor/qwayland-server-wayland.cpp:1426
  3: /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.20.0
  4: wl_resource_destroy in /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.20.0
  5: /usr/lib/x86_64-linux-gnu/libffi.so.8.1.0
  6: /usr/lib/x86_64-linux-gnu/libffi.so.8.1.0
  7: /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.20.0
  8: /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.20.0
  9: wl_event_loop_dispatch in /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.20.0
  10: QWaylandCompositor::processWaylandEvents() in /home/qt/work/qt/qtwayland/src/compositor/compositor_api/qwaylandcompositor.cpp:819
  11: QWaylandCompositor::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) in /home/qt/work/qt/qtwayland/src/compositor/.moc/moc_qwaylandcompositor.cpp:195
  12: void doActivate<false>(QObject*, int, void**) in /home/qt/work/qt/qtbase/src/corelib/kernel/qobject.cpp:3937
  13: QSocketNotifier::activated(QSocketDescriptor, QSocketNotifier::Type, QSocketNotifier::QPrivateSignal) in /home/qt/work/qt/qtbase/src/corelib/.moc/moc_qsocketnotifier.cpp:178
  14: QSocketNotifier::event(QEvent*) in /home/qt/work/qt/qtbase/src/corelib/kernel/qsocketnotifier.cpp:302
  15: QCoreApplication::notifyInternal2(QObject*, QEvent*) in /home/qt/work/qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1064
  16: socketNotifierSourceDispatch(_GSource*, int (*)(void*), void*) in /home/qt/work/qt/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:107
  17: g_main_context_dispatch in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.4
  18: /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.4
  19: g_main_context_iteration in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.4
  20: QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) in /home/qt/work/qt/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:423
  21: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) in /home/qt/work/qt/qtbase/src/corelib/kernel/qeventloop.cpp:235
  22: QCoreApplication::exec() in /home/qt/work/qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1375
  23: main in /home/user/qwindow-compositor/main.cpp:65
Block was alloc'd at  1: operator new(unsigned long) in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so
  2: QtWayland::DataDeviceManager::data_device_manager_create_data_source(QtWaylandServer::wl_data_device_manager::Resource*, unsigned int) in /home/qt/work/qt/qtwayland/src/compositor/wayland_wrapper/qwldatadevicemanager.cpp:231
  3: /usr/lib/x86_64-linux-gnu/libffi.so.8.1.0
  4: /usr/lib/x86_64-linux-gnu/libffi.so.8.1.0
  5: /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.20.0
  6: /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.20.0
  7: wl_event_loop_dispatch in /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.20.0
  8: QWaylandCompositor::processWaylandEvents() in /home/qt/work/qt/qtwayland/src/compositor/compositor_api/qwaylandcompositor.cpp:819
  9: QWaylandCompositor::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) in /home/qt/work/qt/qtwayland/src/compositor/.moc/moc_qwaylandcompositor.cpp:195
  10: void doActivate<false>(QObject*, int, void**) in /home/qt/work/qt/qtbase/src/corelib/kernel/qobject.cpp:3937
  11: QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) in /home/qt/work/qt/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:410
  12: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) in /home/qt/work/qt/qtbase/src/corelib/kernel/qeventloop.cpp:235
  13: QCoreApplication::exec() in /home/qt/work/qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1375
  14: main in /home/user/qwindow-compositor/main.cpp:65

      Qt 6.2.12 (minimal-qml example running on xcb):

      Invalid read of size 8
  in QtWayland::DataOffer::DataOffer(QtWayland::DataSource*, QtWaylandServer::wl_data_device::Resource*) in /home/qt/work/qt/qtwayland/src/compositor/wayland_wrapper/qwldataoffer.cpp:48
  1: QtWayland::DataOffer::DataOffer(QtWayland::DataSource*, QtWaylandServer::wl_data_device::Resource*) in /home/qt/work/qt/qtwayland/src/compositor/wayland_wrapper/qwldataoffer.cpp:48
  2: 0x1ffefff29f
  3: QtWayland::DataDevice::setDragFocus(QWaylandSurface*, QPointF const&) in /home/qt/work/qt/qtwayland/src/compositor/wayland_wrapper/qwldatadevice.cpp:103
  4: QtWayland::DataDevice::dragMove(QWaylandSurface*, QPointF const&) in /home/qt/work/qt/qtwayland/src/compositor/wayland_wrapper/qwldatadevice.cpp:129
  5: QWaylandQuickItem::mouseMoveEvent(QMouseEvent*) in /home/qt/work/qt/qtwayland/src/compositor/compositor_api/qwaylandquickitem.cpp:642
  6: QQuickItem::event(QEvent*) in /home/qt/work/qt/qtdeclarative/src/quick/items/qquickitem.cpp:8474
  7: QCoreApplication::notifyInternal2(QObject*, QEvent*) in /home/qt/work/qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1097
  8: QQuickDeliveryAgentPrivate::deliverMatchingPointsToItem(QQuickItem*, bool, QPointerEvent*, bool) in /home/qt/work/qt/qtdeclarative/src/quick/util/qquickdeliveryagent.cpp:2096
  9: QQuickDeliveryAgentPrivate::deliverUpdatedPoints(QPointerEvent*) in /home/qt/work/qt/qtdeclarative/src/quick/util/qquickdeliveryagent.cpp:1930
  10: QQuickDeliveryAgentPrivate::deliverPointerEvent(QPointerEvent*) in /home/qt/work/qt/qtdeclarative/src/quick/util/qquickdeliveryagent.cpp:1797
  11: QQuickDeliveryAgentPrivate::handleMouseEvent(QMouseEvent*) in /home/qt/work/qt/qtdeclarative/src/quick/util/qquickdeliveryagent.cpp:1593
  12: QQuickDeliveryAgent::event(QEvent*) in /home/qt/work/qt/qtdeclarative/src/quick/util/qquickdeliveryagent.cpp:721
  13: QQuickWindow::event(QEvent*) in /home/qt/work/qt/qtdeclarative/src/quick/items/qquickwindow.cpp:1496
  14: QCoreApplication::notifyInternal2(QObject*, QEvent*) in /home/qt/work/qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1097
  15: QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*) in /home/qt/work/qt/qtbase/src/gui/kernel/qguiapplication.cpp:2285
  16: QWindowSystemEventHandler::sendEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) in /home/qt/work/qt/qtbase/src/gui/kernel/qwindowsysteminterface.cpp:195
  17: QtWayland::WindowSystemEventHandler::sendEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) in /home/qt/work/qt/qtwayland/src/compositor/compositor_api/qwaylandcompositor.cpp:104
  18: QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) in /home/qt/work/qt/qtbase/src/gui/kernel/qwindowsysteminterface.cpp:1164
  19: xcbSourceDispatch(_GSource*, int (*)(void*), void*) in /home/qt/work/qt/qtbase/src/plugins/platforms/xcb/qxcbeventdispatcher.cpp:93
  20: g_main_context_dispatch in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.4
  21: /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.4
  22: g_main_context_iteration in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.4
  23: QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) in /home/qt/work/qt/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:429
  24: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) in /home/qt/work/qt/qtbase/src/corelib/kernel/qeventloop.cpp:230
  25: QCoreApplication::exec() in /home/qt/work/qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1412
Address 0xee47090 is 96 bytes inside a block of size 128 free'd  1: operator delete(void*, unsigned long) in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so
  2: QtWaylandServer::wl_data_source::destroy_func(wl_resource*) in /home/qt/work/qt/qtwayland/src/compositor/qwayland-server-wayland.cpp:1419
  3: /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.20.0
  4: wl_resource_destroy in /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.20.0
  5: /usr/lib/x86_64-linux-gnu/libffi.so.8.1.0
  6: /usr/lib/x86_64-linux-gnu/libffi.so.8.1.0
  7: /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.20.0
  8: /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.20.0
  9: wl_event_loop_dispatch in /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.20.0
  10: QWaylandCompositor::processWaylandEvents() in /home/qt/work/qt/qtwayland/src/compositor/compositor_api/qwaylandcompositor.cpp:853
  11: void doActivate<false>(QObject*, int, void**) in /home/qt/work/qt/qtbase/src/corelib/kernel/qobject.cpp:3969
  12: QSocketNotifier::activated(QSocketDescriptor, QSocketNotifier::Type, QSocketNotifier::QPrivateSignal) in /home/qt/work/qt/qtbase/src/corelib/Core_autogen/include/moc_qsocketnotifier.cpp:180
  13: QSocketNotifier::event(QEvent*) in /home/qt/work/qt/qtbase/src/corelib/kernel/qsocketnotifier.cpp:359
  14: QCoreApplication::notifyInternal2(QObject*, QEvent*) in /home/qt/work/qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1097
  15: socketNotifierSourceDispatch(_GSource*, int (*)(void*), void*) in /home/qt/work/qt/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:109
  16: g_main_context_dispatch in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.4
  17: /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.4
  18: g_main_context_iteration in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.4
  19: QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) in /home/qt/work/qt/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:429
  20: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) in /home/qt/work/qt/qtbase/src/corelib/kernel/qeventloop.cpp:230
  21: QCoreApplication::exec() in /home/qt/work/qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1412
  22: main in /home/user/Qt/Examples/Qt-6.2.12/wayland/minimal-qml/main.cpp:67
Block was alloc'd at  1: operator new(unsigned long) in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so
  2: non-virtual thunk to QtWayland::DataDeviceManager::data_device_manager_create_data_source(QtWaylandServer::wl_data_device_manager::Resource*, unsigned int) in /home/qt/work/qt/qtwayland/src/compositor/WaylandCompositor_autogen/include/moc_qwldatadevicemanager_p.cpp:95
  3: /usr/lib/x86_64-linux-gnu/libffi.so.8.1.0
  4: /usr/lib/x86_64-linux-gnu/libffi.so.8.1.0
  5: /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.20.0
  6: /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.20.0
  7: wl_event_loop_dispatch in /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.20.0
  8: QWaylandCompositor::processWaylandEvents() in /home/qt/work/qt/qtwayland/src/compositor/compositor_api/qwaylandcompositor.cpp:853
  9: void doActivate<false>(QObject*, int, void**) in /home/qt/work/qt/qtbase/src/corelib/kernel/qobject.cpp:3969
  10: QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) in /home/qt/work/qt/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:416
  11: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) in /home/qt/work/qt/qtbase/src/corelib/kernel/qeventloop.cpp:230
  12: QCoreApplication::exec() in /home/qt/work/qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1412
  13: main in /home/user/Qt/Examples/Qt-6.2.12/wayland/minimal-qml/main.cpp:67

      This can be reproduced by running attached example there and dragging and dropping items between the two QListWidgets fast.

      I haven't been able to reproduce this in Qt 6.7.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            esabraha Eskil Abrahamsen Blomfeldt
            poikelin Joni Poikelin
            Votes:
            1 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes