Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-130314

Crash after unplugging tablet

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • P1: Critical
    • 6.8.2
    • 6.8.0
    • QPA: Wayland
    • None
    • Linux/Wayland
    • 1f76835d1805d9b1c25c136a19c1101f19cc2259 24002ac6cbd01dbde4944b63c1f7c87ed2bd72b5

    Description

      Connect a USB graphics tablet to the computer. Then touch down the stylus on some Qt app and unplug the USB cable.

      ==56968==ERROR: AddressSanitizer: heap-use-after-free on address 0x513000644710 at pc 0x7f07c47a41ab bp 0x7fff9a36e3c0 sp 0x7fff9a36e3b8
      READ of size 8 at 0x513000644710 thread T0
          #0 0x7f07c47a41aa in QtWayland::zwp_tablet_tool_v2::handle_removed(void*, zwp_tablet_tool_v2*) /home/nico/workspace/qt6-dev/qtwayland/src/client/qwayland-tablet-unstable-v2.cpp:350
          #1 0x7f07cd537971 in ffi_call_unix64 ../src/x86/unix64.S:104
          #2 0x7f07cd5342de in ffi_call_int ../src/x86/ffi64.c:673
          #3 0x7f07cd536f35 in ffi_call ../src/x86/ffi64.c:710
          #4 0x7f07ceb0fbe0 in wl_closure_invoke ../../src/wayland/src/connection.c:1236
          #5 0x7f07ceb0bdee in dispatch_event ../../src/wayland/src/wayland-client.c:1681
          #6 0x7f07ceb0ce2a in dispatch_queue ../../src/wayland/src/wayland-client.c:1827
          #7 0x7f07ceb0ce2a in wl_display_dispatch_queue_pending ../../src/wayland/src/wayland-client.c:2069
          #8 0x7f07c46d0390 in QtWaylandClient::EventThread::dispatchQueuePending() (/home/nico/kde-qtdev/usr/lib64/libQt6WaylandClient.so.6+0xd0390) (BuildId: 66f61e27687fa87bc5909605c7f387d26a3e2b86)
          #9 0x7f07c46d4ea6 in QtWaylandClient::EventThread::readAndDispatchEvents() /home/nico/workspace/qt6-dev/qtwayland/src/client/qwaylanddisplay.cpp:109
          #10 0x7f07c46be734 in QtWaylandClient::QWaylandDisplay::flushRequests() /home/nico/workspace/qt6-dev/qtwayland/src/client/qwaylanddisplay.cpp:505
          #11 0x7f07c46be826 in QtWaylandClient::QWaylandDisplay::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/nico/workspace/qt6-dev/qtwayland/src/client/WaylandClient_autogen/include/moc_qwaylanddisplay_p>
          #12 0x7f07c12bebfa in void doActivate<false>(QObject*, int, void**) (/home/nico/kde-qtdev/usr/lib64/libQt6Core.so.6+0x4bebfa) (BuildId: 61ce0839fa2b5234cf4def9a1fb3f918ae0d031d)
          #13 0x7f07c129d50b in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qobject.cpp:4187
          #14 0x7f07c117b363 in QAbstractEventDispatcher::awake() /home/nico/workspace/qt6-dev/qtbase/src/corelib/Core_autogen/include/moc_qabstracteventdispatcher.cpp:186
          #15 0x7f07c1a05631 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:406
          #16 0x7f07c3f7bf9b in QPAEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) /home/nico/workspace/qt6-dev/qtbase/src/gui/platform/unix/qeventdispatcher_glib.cpp:89
          #17 0x7f07c11c4fc1 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qeventloop.cpp:103
          #18 0x7f07c11c7208 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qeventloop.cpp:194
          #19 0x7f07c11ae891 in QCoreApplication::exec() /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1469
          #20 0x7f07c3025685 in QGuiApplication::exec() /home/nico/workspace/qt6-dev/qtbase/src/gui/kernel/qguiapplication.cpp:1975
          #21 0x7f07c927795e in QApplication::exec() /home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qapplication.cpp:2562
          #22 0x47900e in main /home/nico/kde-qtdev/src/plasma-workspace/shell/main.cpp:192
          #23 0x7f07c062a2ad in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
          #24 0x7f07c062a378 in __libc_start_main_impl ../csu/libc-start.c:360
          #25 0x42d594 in _start ../sysdeps/x86_64/start.S:115
      0x513000644710 is located 16 bytes inside of 336-byte region [0x513000644700,0x513000644850)
      freed by thread T0 here:
          #0 0x7f07ceefe198 in operator delete(void*, unsigned long) ../../../../libsanitizer/asan/asan_new_delete.cpp:164
          #1 0x7f07c47c7bd7 in QtWaylandClient::QWaylandTabletToolV2::~QWaylandTabletToolV2() /home/nico/workspace/qt6-dev/qtwayland/src/client/qwaylandtabletv2.cpp:319
          #2 0x7f07c12aecf3 in QObjectPrivate::deleteChildren() /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qobject.cpp:2212
          #3 0x7f07c12b6a2e in QObject::~QObject() /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qobject.cpp:1139
          #4 0x7f07c309c8c0 in QInputDevice::~QInputDevice() /home/nico/workspace/qt6-dev/qtbase/src/gui/kernel/qinputdevice.cpp:111
          #5 0x7f07c3149c0e in QPointingDevice::~QPointingDevice() /home/nico/workspace/qt6-dev/qtbase/src/gui/kernel/qpointingdevice.cpp:168
          #6 0x7f07c47c811c in QtWaylandClient::QWaylandTabletV2::~QWaylandTabletV2() /home/nico/workspace/qt6-dev/qtwayland/src/client/qwaylandtabletv2_p.h:81
          #7 0x7f07c47c814c in QtWaylandClient::QWaylandTabletV2::~QWaylandTabletV2() /home/nico/workspace/qt6-dev/qtwayland/src/client/qwaylandtabletv2_p.h:81
          #8 0x7f07c12a3070 in QObject::event(QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qobject.cpp:1405
          #9 0x7f07c927aaad in QApplicationPrivate::notify_helper(QObject*, QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qapplication.cpp:3294
          #10 0x7f07c9296958 in QApplication::notify(QObject*, QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qapplication.cpp:3245
          #11 0x7f07c11a3a09 in QCoreApplication::notifyInternal2(QObject*, QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1124
          #12 0x7f07c11a3b7c in QCoreApplication::sendEvent(QObject*, QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1568
          #13 0x7f07c11a6bf6 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1923
          #14 0x7f07c11a7314 in QCoreApplication::sendPostedEvents(QObject*, int) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1755
          #15 0x7f07c1a071f9 in postEventSourceDispatch /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:246
          #16 0x7f07c1f10eb7 in g_main_dispatch ../glib/gmain.c:3357
          #17 0x7f07c1f10eb7 in g_main_context_dispatch_unlocked ../glib/gmain.c:4208
      previously allocated by thread T0 here:
          #0 0x7f07ceefd298 in operator new(unsigned long) ../../../../libsanitizer/asan/asan_new_delete.cpp:95
          #1 0x7f07c47c5a4a in QtWaylandClient::QWaylandTabletSeatV2::zwp_tablet_seat_v2_tool_added(zwp_tablet_tool_v2*) /home/nico/workspace/qt6-dev/qtwayland/src/client/qwaylandtabletv2.cpp:215
          #2 0x7f07c47a3f72 in QtWayland::zwp_tablet_seat_v2::handle_tool_added(void*, zwp_tablet_seat_v2*, zwp_tablet_tool_v2*) /home/nico/workspace/qt6-dev/qtwayland/src/client/qwayland-tablet-unstable-v2.cpp:169
          #3 0x7f07cd537971 in ffi_call_unix64 ../src/x86/unix64.S:104
      SUMMARY: AddressSanitizer: heap-use-after-free /home/nico/workspace/qt6-dev/qtwayland/src/client/qwayland-tablet-unstable-v2.cpp:350 in QtWayland::zwp_tablet_tool_v2::handle_removed(void*, zwp_tablet_tool_v2*) 

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            davidre David Redondo
            nicolasfella_kde Nicolas Fella
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes