Details
-
Bug
-
Resolution: Done
-
P2: Important
-
Qt Creator 3.3.0-beta1
-
None
-
Ubuntu 14.04
Creator build on top of commit 0273757c937c1694bb25ad9bd3e78fb0afd4e969
-
72c33cbadd004fb9c04fa22909dcb52f855a26c2
Description
Can't reproduce and can't remember what happened, except that I've called that dialog via the Alt+G, Alt+S.
=================================================================
==14152==ERROR: AddressSanitizer: heap-use-after-free on address 0x60c00f644bf8 at pc 0x7fdebd9beeab bp 0x7fffc1b23af0 sp 0x7fffc1b23ae8
READ of size 8 at 0x60c00f644bf8 thread T0
#0 0x7fdebd9beeaa in Git::Internal::ChangeSelectionDialog::setDetails(int) /home/nik/dev/creator/creator-ut/src/plugins/git/changeselectiondialog.cpp:186
#1 0x7fdebdc8d22c in Git::Internal::ChangeSelectionDialog::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/nik/dev/creator/creator-ut_clang-qt5/src/plugins/git/.moc/debug-shared/moc_changeselectiondialog.cpp:104
#2 0x7fdf6a936870 (/home/nik/usr/qt-5.3.2-install/5.3/gcc_64/lib/libQt5Core.so.5+0x300870)
#3 0x7fdf6a8372c0 (/home/nik/usr/qt-5.3.2-install/5.3/gcc_64/lib/libQt5Core.so.5+0x2012c0)
#4 0x7fdf6a83ac1f (/home/nik/usr/qt-5.3.2-install/5.3/gcc_64/lib/libQt5Core.so.5+0x204c1f)
#5 0x7fdf6a89f711 (/home/nik/usr/qt-5.3.2-install/5.3/gcc_64/lib/libQt5Core.so.5+0x269711)
#6 0x7fdf6a83a89d (/home/nik/usr/qt-5.3.2-install/5.3/gcc_64/lib/libQt5Core.so.5+0x20489d)
#7 0x7fdf6a83c500 (/home/nik/usr/qt-5.3.2-install/5.3/gcc_64/lib/libQt5Core.so.5+0x206500)
#8 0x7fdf6a83c7d8 (/home/nik/usr/qt-5.3.2-install/5.3/gcc_64/lib/libQt5Core.so.5+0x2067d8)
#9 0x7fdebd9bb6dc in Git::Internal::ChangeSelectionDialog::~ChangeSelectionDialog() /home/nik/dev/creator/creator-ut/src/plugins/git/changeselectiondialog.cpp:98
#10 0x7fdebd83e4a3 in Git::Internal::GitPlugin::startChangeRelatedAction() /home/nik/dev/creator/creator-ut/src/plugins/git/gitplugin.cpp:866
#11 0x7fdebdc883b5 in Git::Internal::GitPlugin::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/nik/dev/creator/creator-ut_clang-qt5/src/plugins/git/.moc/debug-shared/moc_gitplugin.cpp:260
#12 0x7fdf6a936870 (/home/nik/usr/qt-5.3.2-install/5.3/gcc_64/lib/libQt5Core.so.5+0x300870)
#13 0x7fdf6bd60441 (/home/nik/usr/qt-5.3.2-install/5.3/gcc_64/lib/libQt5Widgets.so.5+0x13b441)
#14 0x7fdf6a936870 (/home/nik/usr/qt-5.3.2-install/5.3/gcc_64/lib/libQt5Core.so.5+0x300870)
#15 0x7fdf6bd60441 (/home/nik/usr/qt-5.3.2-install/5.3/gcc_64/lib/libQt5Widgets.so.5+0x13b441)
#16 0x7fdf6bd62276 (/home/nik/usr/qt-5.3.2-install/5.3/gcc_64/lib/libQt5Widgets.so.5+0x13d276)
#17 0x7fdf6bd6256e (/home/nik/usr/qt-5.3.2-install/5.3/gcc_64/lib/libQt5Widgets.so.5+0x13d56e)
#18 0x7fdf6bd6b723 (/home/nik/usr/qt-5.3.2-install/5.3/gcc_64/lib/libQt5Widgets.so.5+0x146723)
#19 0x7fdf6bd6ed45 (/home/nik/usr/qt-5.3.2-install/5.3/gcc_64/lib/libQt5Widgets.so.5+0x149d45)
#20 0x7fdf6a904fc3 (/home/nik/usr/qt-5.3.2-install/5.3/gcc_64/lib/libQt5Core.so.5+0x2cefc3)
#21 0x7fdf6ae795d0 (/home/nik/usr/qt-5.3.2-install/5.3/gcc_64/lib/libQt5Gui.so.5+0x10f5d0)
#22 0x7fdf6ae7a53d (/home/nik/usr/qt-5.3.2-install/5.3/gcc_64/lib/libQt5Gui.so.5+0x11053d)
#23 0x7fdf6bd6edba (/home/nik/usr/qt-5.3.2-install/5.3/gcc_64/lib/libQt5Widgets.so.5+0x149dba)
#24 0x7fdf6a904fc3 (/home/nik/usr/qt-5.3.2-install/5.3/gcc_64/lib/libQt5Core.so.5+0x2cefc3)
#25 0x7fdf6ae4b049 (/home/nik/usr/qt-5.3.2-install/5.3/gcc_64/lib/libQt5Gui.so.5+0xe1049)
#26 0x7fdf6ae535d4 (/home/nik/usr/qt-5.3.2-install/5.3/gcc_64/lib/libQt5Gui.so.5+0xe95d4)
#27 0x7fdf6ae385b7 (/home/nik/usr/qt-5.3.2-install/5.3/gcc_64/lib/libQt5Gui.so.5+0xce5b7)
#28 0x7fdf53e51a6f (/home/nik/usr/qt-5.3.2-install/5.3/gcc_64/plugins/platforms/libqxcb.so+0xada6f)
#29 0x7fdf6801be03 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x48e03)
#30 0x7fdf6801c047 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x49047)
#31 0x7fdf6801c0eb (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x490eb)
#32 0x7fdf6a95f683 (/home/nik/usr/qt-5.3.2-install/5.3/gcc_64/lib/libQt5Core.so.5+0x329683)
#33 0x7fdf6a9031da (/home/nik/usr/qt-5.3.2-install/5.3/gcc_64/lib/libQt5Core.so.5+0x2cd1da)
#34 0x7fdf6a9080a4 (/home/nik/usr/qt-5.3.2-install/5.3/gcc_64/lib/libQt5Core.so.5+0x2d20a4)
#35 0x4bf765 in main /home/nik/dev/creator/creator-ut/src/app/main.cpp:520
#36 0x7fdf69114ec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
#37 0x49160c in _start (/home/nik/dev/creator/creator-ut_clang-qt5/bin/qtcreator+0x49160c)
0x60c00f644bf8 is located 56 bytes inside of 120-byte region [0x60c00f644bc0,0x60c00f644c38)
freed by thread T0 here:
#0 0x479771 in operator delete(void*) (/home/nik/dev/creator/creator-ut_clang-qt5/bin/qtcreator+0x479771)
#1 0x7fdebd9bb62e in Git::Internal::ChangeSelectionDialog::~ChangeSelectionDialog() /home/nik/dev/creator/creator-ut/src/plugins/git/changeselectiondialog.cpp:97
#2 0x7fdebd83e4a3 in Git::Internal::GitPlugin::startChangeRelatedAction() /home/nik/dev/creator/creator-ut/src/plugins/git/gitplugin.cpp:866
#3 0x7fdebdc883b5 in Git::Internal::GitPlugin::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/nik/dev/creator/creator-ut_clang-qt5/src/plugins/git/.moc/debug-shared/moc_gitplugin.cpp:260
#4 0x7fdf6a936870 (/home/nik/usr/qt-5.3.2-install/5.3/gcc_64/lib/libQt5Core.so.5+0x300870)
previously allocated by thread T0 here:
#0 0x479331 in operator new(unsigned long) (/home/nik/dev/creator/creator-ut_clang-qt5/bin/qtcreator+0x479331)
#1 0x7fdebd9b6b80 in Git::Internal::ChangeSelectionDialog::ChangeSelectionDialog(QString const&, Core::Id, QWidget*) /home/nik/dev/creator/creator-ut/src/plugins/git/changeselectiondialog.cpp:59
#2 0x7fdebd83d790 in Git::Internal::GitPlugin::startChangeRelatedAction() /home/nik/dev/creator/creator-ut/src/plugins/git/gitplugin.cpp:834
#3 0x7fdebdc883b5 in Git::Internal::GitPlugin::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/nik/dev/creator/creator-ut_clang-qt5/src/plugins/git/.moc/debug-shared/moc_gitplugin.cpp:260
#4 0x7fdf6a936870 (/home/nik/usr/qt-5.3.2-install/5.3/gcc_64/lib/libQt5Core.so.5+0x300870)
SUMMARY: AddressSanitizer: heap-use-after-free /home/nik/dev/creator/creator-ut/src/plugins/git/changeselectiondialog.cpp:186 Git::Internal::ChangeSelectionDialog::setDetails(int)
Shadow bytes around the buggy address:
0x0c1881ec0920: 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa fa
0x0c1881ec0930: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa
0x0c1881ec0940: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c1881ec0950: 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa fa
0x0c1881ec0960: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c1881ec0970: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd[fd]
0x0c1881ec0980: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa
0x0c1881ec0990: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa
0x0c1881ec09a0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c1881ec09b0: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
0x0c1881ec09c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Contiguous container OOB:fc
ASan internal: fe
==14152==ABORTING
Attachments
| For Gerrit Dashboard: QTCREATORBUG-13075 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 95432,3 | Git: Fix potential heap use after free | master | qt-creator/qt-creator | Status: MERGED | +2 | 0 |