-
Bug
-
Resolution: Fixed
-
P2: Important
-
6.11
-
None
-
Windows
-
31c38d5f7 (dev), 63345a96f (6.10)
-
Multimedia Current w28 ...
running tests\manual\minimal-player\minimal-player.exe and closing by via the window "close" window i got this heap-use-after-free crash:
==17068==ERROR: AddressSanitizer: heap-use-after-free on address 0x11988bfd05e0 at pc 0x7fffb0dcaf42 bp 0x0062d3b292d0 sp 0x0062d3b292d8
WRITE of size 4 at 0x11988bfd05e0 thread T0
#0 0x7fffb0dcaf41 in std::_Atomic_storage<int, 4>::store(int, enum std::memory_order) C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.44.35207\include\atomic:919
#1 0x7fffb0e49130 in QAtomicOps<int>::storeRelease<int>(struct std::atomic<int> &, int) D:\qt6\qtbase\src\corelib\thread\qatomic_cxx11.h:239
#2 0x7fffb0e5bc0d in QBasicAtomicInteger<int>::storeRelease(int) D:\qt6\qtbase\src\corelib\thread\qbasicatomic.h:41
#3 0x7fffb100262a in ``QWindowsWindow::requestUpdate'::`8'::<lambda_1>::operator()'::`8'::<lambda_1>::operator() D:\qt6\qtbase\src\plugins\platforms\windows\qwindowswindow.cpp:4012
#4 0x7fffb1002e8c in `QtPrivate::FunctorCall<std::integer_sequence<unsigned __int64>,QtPrivate::List<>,void,``QWindowsWindow::requestUpdate'::`8'::<lambda_1>::operator()'::`8'::<lambda_1> >::call'::`2'::<lambda_1>::operator() D:\qt6\qtbase\src\corelib\kernel\qobjectdefs_impl.h:116
#5 0x7fffb1003887 in QtPrivate::FunctorCallBase::call_internal<void,`QtPrivate::FunctorCall<std::integer_sequence<unsigned __int64>,QtPrivate::List<>,void,``QWindowsWindow::requestUpdate'::`8'::<lambda_1>::operator()'::`8'::<lambda_1> >::call'::`2'::<lambda_1> > D:\qt6\qtbase\src\corelib\kernel\qobjectdefs_impl.h:65
#6 0x7fffb1002dc8 in QtPrivate::FunctorCall<std::integer_sequence<unsigned __int64>,QtPrivate::List<>,void,``QWindowsWindow::requestUpdate'::`8'::<lambda_1>::operator()'::`8'::<lambda_1> >::call D:\qt6\qtbase\src\corelib\kernel\qobjectdefs_impl.h:115
#7 0x7fffb1003861 in QtPrivate::FunctorCallable<``QWindowsWindow::requestUpdate'::`8'::<lambda_1>::operator()'::`8'::<lambda_1> >::call<QtPrivate::List<>,void> D:\qt6\qtbase\src\corelib\kernel\qobjectdefs_impl.h:337
#8 0x7fffb1002b8e in QtPrivate::QCallableObject<``QWindowsWindow::requestUpdate'::`8'::<lambda_1>::operator()'::`8'::<lambda_1>,QtPrivate::List<>,void>::impl D:\qt6\qtbase\src\corelib\kernel\qobjectdefs_impl.h:547
#9 0x7fffb55c9eae in QtPrivate::QSlotObjectBase::call(class QObject *, void **) D:\qt6\qtbase\src\corelib\kernel\qobjectdefs_impl.h:461
#10 0x7fffb5ac5923 in QMetaCallEvent::placeMetaCall(class QObject *) D:\qt6\qtbase\src\corelib\kernel\qobject.cpp:546
#11 0x7fffb5aada2b in QObject::event(class QEvent *) D:\qt6\qtbase\src\corelib\kernel\qobject.cpp:1479
#12 0x7fffb251035f in QWindow::event(class QEvent *) D:\qt6\qtbase\src\gui\kernel\qwindow.cpp:2782
#13 0x7ff8541e41c8 in QVideoWindow::event(class QEvent *) D:\qt6\qtmultimedia\src\multimedia\video\qvideowindow.cpp:506
#14 0x7fffb74b5c77 in QApplicationPrivate::notify_helper(class QObject *, class QEvent *) D:\qt6\qtbase\src\widgets\kernel\qapplication.cpp:3273
#15 0x7fffb74b053e in QApplication::notify(class QObject *, class QEvent *) D:\qt6\qtbase\src\widgets\kernel\qapplication.cpp:3223
#16 0x7fffb58faf6e in QCoreApplication::notifyInternal2(class QObject *, class QEvent *) D:\qt6\qtbase\src\corelib\kernel\qcoreapplication.cpp:1109
#17 0x7fffb58f55d3 in QCoreApplication::sendEvent(class QObject *, class QEvent *) D:\qt6\qtbase\src\corelib\kernel\qcoreapplication.cpp:1549
#18 0x7fffb5900b91 in QCoreApplicationPrivate::sendPostedEvents(class QObject *, int, class QThreadData *) D:\qt6\qtbase\src\corelib\kernel\qcoreapplication.cpp:1904
#19 0x7fffb6205e48 in QEventDispatcherWin32::sendPostedEvents(void) D:\qt6\qtbase\src\corelib\kernel\qeventdispatcher_win.cpp:925
#20 0x7fffb33f6c83 in QWindowsGuiEventDispatcher::sendPostedEvents(void) D:\qt6\qtbase\src\gui\platform\windows\qwindowsguieventdispatcher.cpp:43
#21 0x7fffb6200a75 in QEventDispatcherWin32::processEvents(class QFlags<enum QEventLoop::ProcessEventsFlag>) D:\qt6\qtbase\src\corelib\kernel\qeventdispatcher_win.cpp:483
#22 0x7fffb33f6c3d in QWindowsGuiEventDispatcher::processEvents(class QFlags<enum QEventLoop::ProcessEventsFlag>) D:\qt6\qtbase\src\gui\platform\windows\qwindowsguieventdispatcher.cpp:36
#23 0x7fffb593bcde in QEventLoop::processEvents(class QFlags<enum QEventLoop::ProcessEventsFlag>) D:\qt6\qtbase\src\corelib\kernel\qeventloop.cpp:104
#24 0x7fffb593c50e in QEventLoop::exec(class QFlags<enum QEventLoop::ProcessEventsFlag>) D:\qt6\qtbase\src\corelib\kernel\qeventloop.cpp:186
#25 0x7fffb58f4ea0 in QCoreApplication::exec(void) D:\qt6\qtbase\src\corelib\kernel\qcoreapplication.cpp:1452
#26 0x7fffb22a14b7 in QGuiApplication::exec(void) D:\qt6\qtbase\src\gui\kernel\qguiapplication.cpp:1967
#27 0x7fffb74aa4f9 in QApplication::exec(void) D:\qt6\qtbase\src\widgets\kernel\qapplication.cpp:2540
#28 0x7ff6e6293419 in run(struct CLIArgs const &) D:\qt6\qtmultimedia\tests\manual\minimal-player\minimal-player.cpp:127
#29 0x7ff6e6293d9a in main D:\qt6\qtmultimedia\tests\manual\minimal-player\minimal-player.cpp:138
#30 0x7ff6e62a43fb in qtEntryPoint D:\qt6\qtbase\src\entrypoint\qtentrypoint_win.cpp:45
#31 0x7ff6e62a40bc in WinMain D:\qt6\qtbase\src\entrypoint\qtentrypoint_win.cpp:63
#32 0x7ff6e629f281 in invoke_main D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:102
#33 0x7ff6e629f1d1 in __scrt_common_main_seh D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288
#34 0x7ff6e629f08d in __scrt_common_main D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:330
#35 0x7ff6e629f2fd in WinMainCRTStartup D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_winmain.cpp:16
#36 0x7ff8b3dfe8d6 (C:\WINDOWS\System32\KERNEL32.DLL+0x18002e8d6)
#37 0x7ff8b54a8d9b (C:\WINDOWS\SYSTEM32\ntdll.dll+0x180008d9b)
0x11988bfd05e0 is located 288 bytes inside of 296-byte region [0x11988bfd04c0,0x11988bfd05e8)
freed by thread T0 here:
#0 0x7fffb1157fd3 in operator delete(void *, unsigned __int64) D:\a\_work\1\s\src\vctools\asan\llvm\compiler-rt\lib\asan\asan_win_delete_scalar_size_thunk.cpp:41
#1 0x7fffb1008640 in QWindowsWindow::`scalar deleting dtor'(unsigned int) (D:\qt6\build\Desktop-Debug\qtbase\plugins\platforms\qwindowsd.dll+0x1802a8640)
#2 0x7fffb25165eb in QWindowPrivate::destroy(void) D:\qt6\qtbase\src\gui\kernel\qwindow.cpp:2177
#3 0x7fffb25162bf in QWindowPrivate::destroy(void) D:\qt6\qtbase\src\gui\kernel\qwindow.cpp:2153
#4 0x7fffb2507740 in QWindow::destroy(void) D:\qt6\qtbase\src\gui\kernel\qwindow.cpp:2139
#5 0x7fffb250ffe0 in QWindow::event(class QEvent *) D:\qt6\qtbase\src\gui\kernel\qwindow.cpp:2734
#6 0x7fffb778bbbd in QWidgetWindow::event(class QEvent *) D:\qt6\qtbase\src\widgets\kernel\qwidgetwindow.cpp:399
#7 0x7fffb74b5c77 in QApplicationPrivate::notify_helper(class QObject *, class QEvent *) D:\qt6\qtbase\src\widgets\kernel\qapplication.cpp:3273
#8 0x7fffb74b053e in QApplication::notify(class QObject *, class QEvent *) D:\qt6\qtbase\src\widgets\kernel\qapplication.cpp:3223
#9 0x7fffb58faf6e in QCoreApplication::notifyInternal2(class QObject *, class QEvent *) D:\qt6\qtbase\src\corelib\kernel\qcoreapplication.cpp:1109
#10 0x7fffb58fa973 in QCoreApplication::sendSpontaneousEvent(class QObject *, class QEvent *) D:\qt6\qtbase\src\corelib\kernel\qcoreapplication.cpp:1563
#11 0x7fffb22b4789 in QGuiApplicationPrivate::processCloseEvent(class QWindowSystemInterfacePrivate::CloseEvent *) D:\qt6\qtbase\src\gui\kernel\qguiapplication.cpp:2880
#12 0x7fffb22b7340 in QGuiApplicationPrivate::processWindowSystemEvent(class QWindowSystemInterfacePrivate::WindowSystemEvent *) D:\qt6\qtbase\src\gui\kernel\qguiapplication.cpp:2231
#13 0x7fffb2531156 in QWindowSystemInterface::sendWindowSystemEvents(class QFlags<enum QEventLoop::ProcessEventsFlag>) D:\qt6\qtbase\src\gui\kernel\qwindowsysteminterface.cpp:1117
#14 0x7fffb33f6c90 in QWindowsGuiEventDispatcher::sendPostedEvents(void) D:\qt6\qtbase\src\gui\platform\windows\qwindowsguieventdispatcher.cpp:44
#15 0x7fffb6200a75 in QEventDispatcherWin32::processEvents(class QFlags<enum QEventLoop::ProcessEventsFlag>) D:\qt6\qtbase\src\corelib\kernel\qeventdispatcher_win.cpp:483
#16 0x7fffb33f6c3d in QWindowsGuiEventDispatcher::processEvents(class QFlags<enum QEventLoop::ProcessEventsFlag>) D:\qt6\qtbase\src\gui\platform\windows\qwindowsguieventdispatcher.cpp:36
#17 0x7fffb593bcde in QEventLoop::processEvents(class QFlags<enum QEventLoop::ProcessEventsFlag>) D:\qt6\qtbase\src\corelib\kernel\qeventloop.cpp:104
#18 0x7fffb593c50e in QEventLoop::exec(class QFlags<enum QEventLoop::ProcessEventsFlag>) D:\qt6\qtbase\src\corelib\kernel\qeventloop.cpp:186
#19 0x7fffb58f4ea0 in QCoreApplication::exec(void) D:\qt6\qtbase\src\corelib\kernel\qcoreapplication.cpp:1452
#20 0x7fffb22a14b7 in QGuiApplication::exec(void) D:\qt6\qtbase\src\gui\kernel\qguiapplication.cpp:1967
#21 0x7fffb74aa4f9 in QApplication::exec(void) D:\qt6\qtbase\src\widgets\kernel\qapplication.cpp:2540
#22 0x7ff6e6293419 in run(struct CLIArgs const &) D:\qt6\qtmultimedia\tests\manual\minimal-player\minimal-player.cpp:127
#23 0x7ff6e6293d9a in main D:\qt6\qtmultimedia\tests\manual\minimal-player\minimal-player.cpp:138
#24 0x7ff6e62a43fb in qtEntryPoint D:\qt6\qtbase\src\entrypoint\qtentrypoint_win.cpp:45
#25 0x7ff6e62a40bc in WinMain D:\qt6\qtbase\src\entrypoint\qtentrypoint_win.cpp:63
#26 0x7ff6e629f281 in invoke_main D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:102
#27 0x7ff6e629f1d1 in __scrt_common_main_seh D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288
#28 0x7ff6e629f08d in __scrt_common_main D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:330
previously allocated by thread T0 here:
[swscaler @ 000011D28CBB6410] deprecated pixel format used, make sure you did set range correctly
#0 0x7fffb11580a5 in operator new(unsigned __int64) D:\a\_work\1\s\src\vctools\asan\llvm\compiler-rt\lib\asan\asan_win_new_scalar_thunk.cpp:40
#1 0x7fffb0e3732c in QWindowsIntegration::createPlatformWindowHelper(class QWindow *, struct QWindowsWindowData const &) const D:\qt6\qtbase\src\plugins\platforms\windows\qwindowsintegration.cpp:356
#2 0x7fffb0e32623 in QWindowsIntegration::createPlatformWindow(class QWindow *) const D:\qt6\qtbase\src\plugins\platforms\windows\qwindowsintegration.cpp:322
#3 0x7fffb25158a5 in QWindowPrivate::create(bool) D:\qt6\qtbase\src\gui\kernel\qwindow.cpp:574
#4 0x7fffb24fef63 in QWindow::create(void) D:\qt6\qtbase\src\gui\kernel\qwindow.cpp:743
#5 0x7fffb2513dbb in QWindowPrivate::setVisible(bool) D:\qt6\qtbase\src\gui\kernel\qwindow.cpp:379
#6 0x7fffb250b6df in QWindow::setVisible(bool) D:\qt6\qtbase\src\gui\kernel\qwindow.cpp:716
#7 0x7fffb250bcbc in QWindow::showNormal(void) D:\qt6\qtbase\src\gui\kernel\qwindow.cpp:2424
#8 0x7fffb250b725 in QWindow::show(void) D:\qt6\qtbase\src\gui\kernel\qwindow.cpp:2339
#9 0x7fffb779ed51 in QWindowContainer::event(class QEvent *) D:\qt6\qtbase\src\widgets\kernel\qwindowcontainer.cpp:317
#10 0x7fffb74b5c77 in QApplicationPrivate::notify_helper(class QObject *, class QEvent *) D:\qt6\qtbase\src\widgets\kernel\qapplication.cpp:3273
#11 0x7fffb74b0518 in QApplication::notify(class QObject *, class QEvent *) D:\qt6\qtbase\src\widgets\kernel\qapplication.cpp:3219
#12 0x7fffb58faf6e in QCoreApplication::notifyInternal2(class QObject *, class QEvent *) D:\qt6\qtbase\src\corelib\kernel\qcoreapplication.cpp:1109
#13 0x7fffb58f55d3 in QCoreApplication::sendEvent(class QObject *, class QEvent *) D:\qt6\qtbase\src\corelib\kernel\qcoreapplication.cpp:1549
#14 0x7fffb76f970e in QWidgetPrivate::show_helper(void) D:\qt6\qtbase\src\widgets\kernel\qwidget.cpp:8120
#15 0x7fffb76fc175 in QWidgetPrivate::setVisible(bool) D:\qt6\qtbase\src\widgets\kernel\qwidget.cpp:8430
#16 0x7fffb76bfd20 in QWidget::setVisible(bool) D:\qt6\qtbase\src\widgets\kernel\qwidget.cpp:8358
#17 0x7fffb76f40fb in QWidgetPrivate::showChildren(bool) D:\qt6\qtbase\src\widgets\kernel\qwidget.cpp:8518
#18 0x7fffb76f952a in QWidgetPrivate::show_helper(void) D:\qt6\qtbase\src\widgets\kernel\qwidget.cpp:8075
#19 0x7fffb76fc175 in QWidgetPrivate::setVisible(bool) D:\qt6\qtbase\src\widgets\kernel\qwidget.cpp:8430
#20 0x7fffb76bfd20 in QWidget::setVisible(bool) D:\qt6\qtbase\src\widgets\kernel\qwidget.cpp:8358
#21 0x7fffb76c01b5 in QWidget::show(void) D:\qt6\qtbase\src\widgets\kernel\qwidget.cpp:7975
#22 0x7ff6e62930a5 in run(struct CLIArgs const &) D:\qt6\qtmultimedia\tests\manual\minimal-player\minimal-player.cpp:101
#23 0x7ff6e6293d9a in main D:\qt6\qtmultimedia\tests\manual\minimal-player\minimal-player.cpp:138
#24 0x7ff6e62a43fb in qtEntryPoint D:\qt6\qtbase\src\entrypoint\qtentrypoint_win.cpp:45
#25 0x7ff6e62a40bc in WinMain D:\qt6\qtbase\src\entrypoint\qtentrypoint_win.cpp:63
#26 0x7ff6e629f281 in invoke_main D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:102
#27 0x7ff6e629f1d1 in __scrt_common_main_seh D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288
#28 0x7ff6e629f08d in __scrt_common_main D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:330
it seems to be a rare case, i've only seen it by chance in one out of many runs (following my practice of always debugging with asan)
| For Gerrit Dashboard: QTBUG-140869 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 682515,6 | QWindowsWindow: requestUpdate - fix use-after-free | dev | qt/qtbase | Status: MERGED | +2 | 0 |
| 683388,2 | QWindowsWindow: requestUpdate - fix use-after-free | 6.10 | qt/qtbase | Status: MERGED | +2 | 0 |