Details
-
Bug
-
Resolution: Fixed
-
P1: Critical
-
6.8.0
-
None
-
-
1f76835d1805d9b1c25c136a19c1101f19cc2259 24002ac6cbd01dbde4944b63c1f7c87ed2bd72b5
Description
Connect a USB graphics tablet to the computer. Then touch down the stylus on some Qt app and unplug the USB cable.
==56968==ERROR: AddressSanitizer: heap-use-after-free on address 0x513000644710 at pc 0x7f07c47a41ab bp 0x7fff9a36e3c0 sp 0x7fff9a36e3b8 READ of size 8 at 0x513000644710 thread T0 #0 0x7f07c47a41aa in QtWayland::zwp_tablet_tool_v2::handle_removed(void*, zwp_tablet_tool_v2*) /home/nico/workspace/qt6-dev/qtwayland/src/client/qwayland-tablet-unstable-v2.cpp:350 #1 0x7f07cd537971 in ffi_call_unix64 ../src/x86/unix64.S:104 #2 0x7f07cd5342de in ffi_call_int ../src/x86/ffi64.c:673 #3 0x7f07cd536f35 in ffi_call ../src/x86/ffi64.c:710 #4 0x7f07ceb0fbe0 in wl_closure_invoke ../../src/wayland/src/connection.c:1236 #5 0x7f07ceb0bdee in dispatch_event ../../src/wayland/src/wayland-client.c:1681 #6 0x7f07ceb0ce2a in dispatch_queue ../../src/wayland/src/wayland-client.c:1827 #7 0x7f07ceb0ce2a in wl_display_dispatch_queue_pending ../../src/wayland/src/wayland-client.c:2069 #8 0x7f07c46d0390 in QtWaylandClient::EventThread::dispatchQueuePending() (/home/nico/kde-qtdev/usr/lib64/libQt6WaylandClient.so.6+0xd0390) (BuildId: 66f61e27687fa87bc5909605c7f387d26a3e2b86) #9 0x7f07c46d4ea6 in QtWaylandClient::EventThread::readAndDispatchEvents() /home/nico/workspace/qt6-dev/qtwayland/src/client/qwaylanddisplay.cpp:109 #10 0x7f07c46be734 in QtWaylandClient::QWaylandDisplay::flushRequests() /home/nico/workspace/qt6-dev/qtwayland/src/client/qwaylanddisplay.cpp:505 #11 0x7f07c46be826 in QtWaylandClient::QWaylandDisplay::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/nico/workspace/qt6-dev/qtwayland/src/client/WaylandClient_autogen/include/moc_qwaylanddisplay_p> #12 0x7f07c12bebfa in void doActivate<false>(QObject*, int, void**) (/home/nico/kde-qtdev/usr/lib64/libQt6Core.so.6+0x4bebfa) (BuildId: 61ce0839fa2b5234cf4def9a1fb3f918ae0d031d) #13 0x7f07c129d50b in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qobject.cpp:4187 #14 0x7f07c117b363 in QAbstractEventDispatcher::awake() /home/nico/workspace/qt6-dev/qtbase/src/corelib/Core_autogen/include/moc_qabstracteventdispatcher.cpp:186 #15 0x7f07c1a05631 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:406 #16 0x7f07c3f7bf9b in QPAEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) /home/nico/workspace/qt6-dev/qtbase/src/gui/platform/unix/qeventdispatcher_glib.cpp:89 #17 0x7f07c11c4fc1 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qeventloop.cpp:103 #18 0x7f07c11c7208 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qeventloop.cpp:194 #19 0x7f07c11ae891 in QCoreApplication::exec() /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1469 #20 0x7f07c3025685 in QGuiApplication::exec() /home/nico/workspace/qt6-dev/qtbase/src/gui/kernel/qguiapplication.cpp:1975 #21 0x7f07c927795e in QApplication::exec() /home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qapplication.cpp:2562 #22 0x47900e in main /home/nico/kde-qtdev/src/plasma-workspace/shell/main.cpp:192 #23 0x7f07c062a2ad in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 #24 0x7f07c062a378 in __libc_start_main_impl ../csu/libc-start.c:360 #25 0x42d594 in _start ../sysdeps/x86_64/start.S:115 0x513000644710 is located 16 bytes inside of 336-byte region [0x513000644700,0x513000644850) freed by thread T0 here: #0 0x7f07ceefe198 in operator delete(void*, unsigned long) ../../../../libsanitizer/asan/asan_new_delete.cpp:164 #1 0x7f07c47c7bd7 in QtWaylandClient::QWaylandTabletToolV2::~QWaylandTabletToolV2() /home/nico/workspace/qt6-dev/qtwayland/src/client/qwaylandtabletv2.cpp:319 #2 0x7f07c12aecf3 in QObjectPrivate::deleteChildren() /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qobject.cpp:2212 #3 0x7f07c12b6a2e in QObject::~QObject() /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qobject.cpp:1139 #4 0x7f07c309c8c0 in QInputDevice::~QInputDevice() /home/nico/workspace/qt6-dev/qtbase/src/gui/kernel/qinputdevice.cpp:111 #5 0x7f07c3149c0e in QPointingDevice::~QPointingDevice() /home/nico/workspace/qt6-dev/qtbase/src/gui/kernel/qpointingdevice.cpp:168 #6 0x7f07c47c811c in QtWaylandClient::QWaylandTabletV2::~QWaylandTabletV2() /home/nico/workspace/qt6-dev/qtwayland/src/client/qwaylandtabletv2_p.h:81 #7 0x7f07c47c814c in QtWaylandClient::QWaylandTabletV2::~QWaylandTabletV2() /home/nico/workspace/qt6-dev/qtwayland/src/client/qwaylandtabletv2_p.h:81 #8 0x7f07c12a3070 in QObject::event(QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qobject.cpp:1405 #9 0x7f07c927aaad in QApplicationPrivate::notify_helper(QObject*, QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qapplication.cpp:3294 #10 0x7f07c9296958 in QApplication::notify(QObject*, QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qapplication.cpp:3245 #11 0x7f07c11a3a09 in QCoreApplication::notifyInternal2(QObject*, QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1124 #12 0x7f07c11a3b7c in QCoreApplication::sendEvent(QObject*, QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1568 #13 0x7f07c11a6bf6 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1923 #14 0x7f07c11a7314 in QCoreApplication::sendPostedEvents(QObject*, int) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1755 #15 0x7f07c1a071f9 in postEventSourceDispatch /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:246 #16 0x7f07c1f10eb7 in g_main_dispatch ../glib/gmain.c:3357 #17 0x7f07c1f10eb7 in g_main_context_dispatch_unlocked ../glib/gmain.c:4208 previously allocated by thread T0 here: #0 0x7f07ceefd298 in operator new(unsigned long) ../../../../libsanitizer/asan/asan_new_delete.cpp:95 #1 0x7f07c47c5a4a in QtWaylandClient::QWaylandTabletSeatV2::zwp_tablet_seat_v2_tool_added(zwp_tablet_tool_v2*) /home/nico/workspace/qt6-dev/qtwayland/src/client/qwaylandtabletv2.cpp:215 #2 0x7f07c47a3f72 in QtWayland::zwp_tablet_seat_v2::handle_tool_added(void*, zwp_tablet_seat_v2*, zwp_tablet_tool_v2*) /home/nico/workspace/qt6-dev/qtwayland/src/client/qwayland-tablet-unstable-v2.cpp:169 #3 0x7f07cd537971 in ffi_call_unix64 ../src/x86/unix64.S:104 SUMMARY: AddressSanitizer: heap-use-after-free /home/nico/workspace/qt6-dev/qtwayland/src/client/qwayland-tablet-unstable-v2.cpp:350 in QtWayland::zwp_tablet_tool_v2::handle_removed(void*, zwp_tablet_tool_v2*)