Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-124502

Drag and drop operation can crash the compositor

    XMLWordPrintable

Details

    • Linux/Wayland
    • 792bd8510 (dev), ddcc7e996 (6.8), af5aba870 (6.7), 53fc5b17d (tqtc/lts-6.5), ef5dd4b13 (tqtc/lts-6.2), c42f8a03f (tqtc/lts-5.15)

    Description

      Running qwindow-compositor in valgrind sometimes shows that the compositor touches already freed objects:

      Qt 5.15.16 (qwindow-compositor running on xcb):

      Invalid read of size 8
        in Compositor::handleDrag(View*, QMouseEvent*) in /home/user/qwindow-compositor/compositor.cpp:506
        1: load in /opt/rh/devtoolset-4/root/usr/include/c++/5.3.1/bits/atomic_base.h:713
        2: load in /opt/rh/devtoolset-4/root/usr/include/c++/5.3.1/atomic:416
        3: loadRelaxed<QtSharedPointer::ExternalRefCountData*> in /home/qt/work/qt/qtbase/src/corelib/../../include/QtCore/../../src/corelib/thread/qatomic_cxx11.h:239
        4: loadRelaxed in /home/qt/work/qt/qtbase/src/corelib/../../include/QtCore/../../src/corelib/thread/qbasicatomic.h:248
        5: QtSharedPointer::ExternalRefCountData::getAndRef(QObject const*) in /home/qt/work/qt/qtbase/src/corelib/tools/qsharedpointer.cpp:1445
        6: QWeakPointer<QtWayland::DataSource, 1u> in /home/qt/work/install/include/QtCore/qsharedpointer_impl.h:685
        7: QPointer in /home/qt/work/install/include/QtCore/qpointer.h:62
        8: QtWayland::DataOffer::DataOffer(QtWayland::DataSource*, QtWaylandServer::wl_data_device::Resource*) in /home/qt/work/qt/qtwayland/src/compositor/wayland_wrapper/qwldataoffer.cpp:44
        9: QtWayland::DataDevice::setDragFocus(QWaylandSurface*, QPointF const&) in /home/qt/work/qt/qtwayland/src/compositor/wayland_wrapper/qwldatadevice.cpp:103
        10: QtWayland::DataDevice::dragMove(QWaylandSurface*, QPointF const&) in /home/qt/work/qt/qtwayland/src/compositor/wayland_wrapper/qwldatadevice.cpp:129
        11: Compositor::handleDrag(View*, QMouseEvent*) in /home/user/qwindow-compositor/compositor.cpp:506
        12: Window::mouseMoveEvent(QMouseEvent*) in /home/user/qwindow-compositor/window.cpp:255
        13: QWindow::event(QEvent*) in /home/qt/work/qt/qtbase/src/gui/kernel/qwindow.cpp:2461
        14: QPaintDeviceWindow::event(QEvent*) in /home/qt/work/qt/qtbase/src/gui/kernel/qpaintdevicewindow.cpp:206
        15: QCoreApplication::notifyInternal2(QObject*, QEvent*) in /home/qt/work/qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1064
        16: QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*) in /home/qt/work/qt/qtbase/src/gui/kernel/qguiapplication.cpp:2285
        17: QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) in /home/qt/work/qt/qtbase/src/gui/kernel/qguiapplication.cpp:2005
        18: QWindowSystemEventHandler::sendEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) in /home/qt/work/qt/qtbase/src/gui/kernel/qwindowsysteminterface.cpp:193
        19: QtWayland::WindowSystemEventHandler::sendEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) in /home/qt/work/qt/qtwayland/src/compositor/compositor_api/qwaylandcompositor.cpp:104
        20: QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) in /home/qt/work/qt/qtbase/src/gui/kernel/qwindowsysteminterface.cpp:1165
        21: xcbSourceDispatch(_GSource*, int (*)(void*), void*) in /home/qt/work/qt/qtbase/src/plugins/platforms/xcb/qxcbeventdispatcher.cpp:105
        22: g_main_context_dispatch in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.4
        23: /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.4
        24: g_main_context_iteration in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.4
        25: QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) in /home/qt/work/qt/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:423
        26: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) in /home/qt/work/qt/qtbase/src/corelib/kernel/qeventloop.cpp:235
        27: QCoreApplication::exec() in /home/qt/work/qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1375
        28: main in /home/user/qwindow-compositor/main.cpp:65
      Address 0xc876d38 is 8 bytes inside a block of size 120 free'd  1: operator delete(void*, unsigned long) in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so
        2: QtWaylandServer::wl_data_source::destroy_func(wl_resource*) in /home/qt/work/qt/qtwayland/src/compositor/qwayland-server-wayland.cpp:1426
        3: /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.20.0
        4: wl_resource_destroy in /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.20.0
        5: /usr/lib/x86_64-linux-gnu/libffi.so.8.1.0
        6: /usr/lib/x86_64-linux-gnu/libffi.so.8.1.0
        7: /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.20.0
        8: /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.20.0
        9: wl_event_loop_dispatch in /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.20.0
        10: QWaylandCompositor::processWaylandEvents() in /home/qt/work/qt/qtwayland/src/compositor/compositor_api/qwaylandcompositor.cpp:819
        11: QWaylandCompositor::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) in /home/qt/work/qt/qtwayland/src/compositor/.moc/moc_qwaylandcompositor.cpp:195
        12: void doActivate<false>(QObject*, int, void**) in /home/qt/work/qt/qtbase/src/corelib/kernel/qobject.cpp:3937
        13: QSocketNotifier::activated(QSocketDescriptor, QSocketNotifier::Type, QSocketNotifier::QPrivateSignal) in /home/qt/work/qt/qtbase/src/corelib/.moc/moc_qsocketnotifier.cpp:178
        14: QSocketNotifier::event(QEvent*) in /home/qt/work/qt/qtbase/src/corelib/kernel/qsocketnotifier.cpp:302
        15: QCoreApplication::notifyInternal2(QObject*, QEvent*) in /home/qt/work/qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1064
        16: socketNotifierSourceDispatch(_GSource*, int (*)(void*), void*) in /home/qt/work/qt/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:107
        17: g_main_context_dispatch in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.4
        18: /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.4
        19: g_main_context_iteration in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.4
        20: QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) in /home/qt/work/qt/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:423
        21: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) in /home/qt/work/qt/qtbase/src/corelib/kernel/qeventloop.cpp:235
        22: QCoreApplication::exec() in /home/qt/work/qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1375
        23: main in /home/user/qwindow-compositor/main.cpp:65
      Block was alloc'd at  1: operator new(unsigned long) in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so
        2: QtWayland::DataDeviceManager::data_device_manager_create_data_source(QtWaylandServer::wl_data_device_manager::Resource*, unsigned int) in /home/qt/work/qt/qtwayland/src/compositor/wayland_wrapper/qwldatadevicemanager.cpp:231
        3: /usr/lib/x86_64-linux-gnu/libffi.so.8.1.0
        4: /usr/lib/x86_64-linux-gnu/libffi.so.8.1.0
        5: /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.20.0
        6: /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.20.0
        7: wl_event_loop_dispatch in /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.20.0
        8: QWaylandCompositor::processWaylandEvents() in /home/qt/work/qt/qtwayland/src/compositor/compositor_api/qwaylandcompositor.cpp:819
        9: QWaylandCompositor::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) in /home/qt/work/qt/qtwayland/src/compositor/.moc/moc_qwaylandcompositor.cpp:195
        10: void doActivate<false>(QObject*, int, void**) in /home/qt/work/qt/qtbase/src/corelib/kernel/qobject.cpp:3937
        11: QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) in /home/qt/work/qt/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:410
        12: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) in /home/qt/work/qt/qtbase/src/corelib/kernel/qeventloop.cpp:235
        13: QCoreApplication::exec() in /home/qt/work/qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1375
        14: main in /home/user/qwindow-compositor/main.cpp:65
      

      Qt 6.2.12 (minimal-qml example running on xcb):

      Invalid read of size 8
        in QtWayland::DataOffer::DataOffer(QtWayland::DataSource*, QtWaylandServer::wl_data_device::Resource*) in /home/qt/work/qt/qtwayland/src/compositor/wayland_wrapper/qwldataoffer.cpp:48
        1: QtWayland::DataOffer::DataOffer(QtWayland::DataSource*, QtWaylandServer::wl_data_device::Resource*) in /home/qt/work/qt/qtwayland/src/compositor/wayland_wrapper/qwldataoffer.cpp:48
        2: 0x1ffefff29f
        3: QtWayland::DataDevice::setDragFocus(QWaylandSurface*, QPointF const&) in /home/qt/work/qt/qtwayland/src/compositor/wayland_wrapper/qwldatadevice.cpp:103
        4: QtWayland::DataDevice::dragMove(QWaylandSurface*, QPointF const&) in /home/qt/work/qt/qtwayland/src/compositor/wayland_wrapper/qwldatadevice.cpp:129
        5: QWaylandQuickItem::mouseMoveEvent(QMouseEvent*) in /home/qt/work/qt/qtwayland/src/compositor/compositor_api/qwaylandquickitem.cpp:642
        6: QQuickItem::event(QEvent*) in /home/qt/work/qt/qtdeclarative/src/quick/items/qquickitem.cpp:8474
        7: QCoreApplication::notifyInternal2(QObject*, QEvent*) in /home/qt/work/qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1097
        8: QQuickDeliveryAgentPrivate::deliverMatchingPointsToItem(QQuickItem*, bool, QPointerEvent*, bool) in /home/qt/work/qt/qtdeclarative/src/quick/util/qquickdeliveryagent.cpp:2096
        9: QQuickDeliveryAgentPrivate::deliverUpdatedPoints(QPointerEvent*) in /home/qt/work/qt/qtdeclarative/src/quick/util/qquickdeliveryagent.cpp:1930
        10: QQuickDeliveryAgentPrivate::deliverPointerEvent(QPointerEvent*) in /home/qt/work/qt/qtdeclarative/src/quick/util/qquickdeliveryagent.cpp:1797
        11: QQuickDeliveryAgentPrivate::handleMouseEvent(QMouseEvent*) in /home/qt/work/qt/qtdeclarative/src/quick/util/qquickdeliveryagent.cpp:1593
        12: QQuickDeliveryAgent::event(QEvent*) in /home/qt/work/qt/qtdeclarative/src/quick/util/qquickdeliveryagent.cpp:721
        13: QQuickWindow::event(QEvent*) in /home/qt/work/qt/qtdeclarative/src/quick/items/qquickwindow.cpp:1496
        14: QCoreApplication::notifyInternal2(QObject*, QEvent*) in /home/qt/work/qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1097
        15: QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*) in /home/qt/work/qt/qtbase/src/gui/kernel/qguiapplication.cpp:2285
        16: QWindowSystemEventHandler::sendEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) in /home/qt/work/qt/qtbase/src/gui/kernel/qwindowsysteminterface.cpp:195
        17: QtWayland::WindowSystemEventHandler::sendEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) in /home/qt/work/qt/qtwayland/src/compositor/compositor_api/qwaylandcompositor.cpp:104
        18: QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) in /home/qt/work/qt/qtbase/src/gui/kernel/qwindowsysteminterface.cpp:1164
        19: xcbSourceDispatch(_GSource*, int (*)(void*), void*) in /home/qt/work/qt/qtbase/src/plugins/platforms/xcb/qxcbeventdispatcher.cpp:93
        20: g_main_context_dispatch in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.4
        21: /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.4
        22: g_main_context_iteration in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.4
        23: QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) in /home/qt/work/qt/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:429
        24: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) in /home/qt/work/qt/qtbase/src/corelib/kernel/qeventloop.cpp:230
        25: QCoreApplication::exec() in /home/qt/work/qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1412
      Address 0xee47090 is 96 bytes inside a block of size 128 free'd  1: operator delete(void*, unsigned long) in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so
        2: QtWaylandServer::wl_data_source::destroy_func(wl_resource*) in /home/qt/work/qt/qtwayland/src/compositor/qwayland-server-wayland.cpp:1419
        3: /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.20.0
        4: wl_resource_destroy in /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.20.0
        5: /usr/lib/x86_64-linux-gnu/libffi.so.8.1.0
        6: /usr/lib/x86_64-linux-gnu/libffi.so.8.1.0
        7: /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.20.0
        8: /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.20.0
        9: wl_event_loop_dispatch in /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.20.0
        10: QWaylandCompositor::processWaylandEvents() in /home/qt/work/qt/qtwayland/src/compositor/compositor_api/qwaylandcompositor.cpp:853
        11: void doActivate<false>(QObject*, int, void**) in /home/qt/work/qt/qtbase/src/corelib/kernel/qobject.cpp:3969
        12: QSocketNotifier::activated(QSocketDescriptor, QSocketNotifier::Type, QSocketNotifier::QPrivateSignal) in /home/qt/work/qt/qtbase/src/corelib/Core_autogen/include/moc_qsocketnotifier.cpp:180
        13: QSocketNotifier::event(QEvent*) in /home/qt/work/qt/qtbase/src/corelib/kernel/qsocketnotifier.cpp:359
        14: QCoreApplication::notifyInternal2(QObject*, QEvent*) in /home/qt/work/qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1097
        15: socketNotifierSourceDispatch(_GSource*, int (*)(void*), void*) in /home/qt/work/qt/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:109
        16: g_main_context_dispatch in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.4
        17: /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.4
        18: g_main_context_iteration in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.4
        19: QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) in /home/qt/work/qt/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:429
        20: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) in /home/qt/work/qt/qtbase/src/corelib/kernel/qeventloop.cpp:230
        21: QCoreApplication::exec() in /home/qt/work/qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1412
        22: main in /home/user/Qt/Examples/Qt-6.2.12/wayland/minimal-qml/main.cpp:67
      Block was alloc'd at  1: operator new(unsigned long) in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so
        2: non-virtual thunk to QtWayland::DataDeviceManager::data_device_manager_create_data_source(QtWaylandServer::wl_data_device_manager::Resource*, unsigned int) in /home/qt/work/qt/qtwayland/src/compositor/WaylandCompositor_autogen/include/moc_qwldatadevicemanager_p.cpp:95
        3: /usr/lib/x86_64-linux-gnu/libffi.so.8.1.0
        4: /usr/lib/x86_64-linux-gnu/libffi.so.8.1.0
        5: /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.20.0
        6: /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.20.0
        7: wl_event_loop_dispatch in /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.20.0
        8: QWaylandCompositor::processWaylandEvents() in /home/qt/work/qt/qtwayland/src/compositor/compositor_api/qwaylandcompositor.cpp:853
        9: void doActivate<false>(QObject*, int, void**) in /home/qt/work/qt/qtbase/src/corelib/kernel/qobject.cpp:3969
        10: QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) in /home/qt/work/qt/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:416
        11: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) in /home/qt/work/qt/qtbase/src/corelib/kernel/qeventloop.cpp:230
        12: QCoreApplication::exec() in /home/qt/work/qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1412
        13: main in /home/user/Qt/Examples/Qt-6.2.12/wayland/minimal-qml/main.cpp:67
      

      This can be reproduced by running attached example there and dragging and dropping items between the two QListWidgets fast.

      I haven't been able to reproduce this in Qt 6.7.

      Attachments

        1. QTBUG-124502.tar.gz
          1.0 kB
          Joni Poikelin
        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            esabraha Eskil Abrahamsen Blomfeldt
            poikelin Joni Poikelin
            Votes:
            1 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes