Details
-
Bug
-
Resolution: Done
-
Not Evaluated
-
Qt Creator 3.3.0-beta1
-
None
-
Ubuntu 14.04
Description
Not sure how I triggered that. I probably did some git stuff on the command line and then focused / switched back to the creator window.
Can't reproduce.
=================================================================
==9942==ERROR: AddressSanitizer: heap-use-after-free on address 0x60600815d4a8 at pc 0x7ff800774c45 bp 0x7fff602b0ab0 sp 0x7fff602b0aa8
WRITE of size 8 at 0x60600815d4a8 thread T0
#0 0x7ff800774c44 in TextEditor::TextMark::setBaseTextDocument(TextEditor::TextDocument*) /home/nik/dev/creator/creator-ut/src/plugins/texteditor/textmark.cpp:181
#1 0x7ff80037d807 in TextEditor::TextDocumentLayout::documentReloaded(QList<TextEditor::TextMark*>, TextEditor::TextDocument*) /home/nik/dev/creator/creator-ut/src/plugins/texteditor/textdocumentlayout.cpp:607
#2 0x7ff7ffed959d in TextEditor::TextDocument::reload(QString*) /home/nik/dev/creator/creator-ut/src/plugins/texteditor/textdocument.cpp:613
#3 0x7ff7ffed9f31 in TextEditor::TextDocument::reload(QString*, Core::IDocument::ReloadFlag, Core::IDocument::ChangeType) /home/nik/dev/creator/creator-ut/src/plugins/texteditor/textdocument.cpp:640
#4 0x7ff8857f1c7f in Core::DocumentManager::checkForReload() /home/nik/dev/creator/creator-ut/src/plugins/coreplugin/documentmanager.cpp:1057
#5 0x7ff885b7783e in Core::DocumentManager::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/nik/dev/creator/creator-ut_clang-qt5/src/plugins/coreplugin/.moc/debug-shared/moc_documentmanager.cpp:130
#6 0x7ff89f7b19b5 (/home/nik/usr/qt-5.3.2-install/5.3/gcc_64/lib/libQt5Core.so.5+0x3029b5)
#7 0x7ff8a0be4723 (/home/nik/usr/qt-5.3.2-install/5.3/gcc_64/lib/libQt5Widgets.so.5+0x146723)
#8 0x7ff8a0be7d45 (/home/nik/usr/qt-5.3.2-install/5.3/gcc_64/lib/libQt5Widgets.so.5+0x149d45)
#9 0x7ff89f77dfc3 (/home/nik/usr/qt-5.3.2-install/5.3/gcc_64/lib/libQt5Core.so.5+0x2cefc3)
#10 0x7ff89f780b47 (/home/nik/usr/qt-5.3.2-install/5.3/gcc_64/lib/libQt5Core.so.5+0x2d1b47)
#11 0x7ff89f7d8252 (/home/nik/usr/qt-5.3.2-install/5.3/gcc_64/lib/libQt5Core.so.5+0x329252)
#12 0x7ff89ce94e03 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x48e03)
#13 0x7ff89ce95047 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x49047)
#14 0x7ff89ce950eb (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x490eb)
#15 0x7ff89f7d8683 (/home/nik/usr/qt-5.3.2-install/5.3/gcc_64/lib/libQt5Core.so.5+0x329683)
#16 0x7ff89f77c1da (/home/nik/usr/qt-5.3.2-install/5.3/gcc_64/lib/libQt5Core.so.5+0x2cd1da)
#17 0x7ff89f7810a4 (/home/nik/usr/qt-5.3.2-install/5.3/gcc_64/lib/libQt5Core.so.5+0x2d20a4)
#18 0x4bf765 in main /home/nik/dev/creator/creator-ut/src/app/main.cpp:520
#19 0x7ff89df8dec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
#20 0x49160c in _start (/home/nik/dev/creator/creator-ut_clang-qt5/bin/qtcreator+0x49160c)
0x60600815d4a8 is located 8 bytes inside of 64-byte region [0x60600815d4a0,0x60600815d4e0)
freed by thread T0 here:
#0 0x479771 in operator delete(void*) (/home/nik/dev/creator/creator-ut_clang-qt5/bin/qtcreator+0x479771)
#1 0x7ff7f7c7069d in Debugger::Internal::BreakpointMarker::~BreakpointMarker() /home/nik/dev/creator/creator-ut/src/plugins/debugger/breakpointmarker.cpp:54
#2 0x7ff7f7bf87f6 in Debugger::Internal::BreakHandler::BreakpointItem::destroyMarker() /home/nik/dev/creator/creator-ut/src/plugins/debugger/breakhandler.cpp:1384
#3 0x7ff7f7c0249a in Debugger::Internal::BreakHandler::cleanupBreakpoint(Debugger::Internal::BreakpointModelId) /home/nik/dev/creator/creator-ut/src/plugins/debugger/breakhandler.cpp:1315
#4 0x7ff7f7c087d7 in Debugger::Internal::BreakHandler::removeBreakpoint(Debugger::Internal::BreakpointModelId) /home/nik/dev/creator/creator-ut/src/plugins/debugger/breakhandler.cpp:1035
#5 0x7ff7f7c70a0b in Debugger::Internal::BreakpointMarker::removedFromEditor() /home/nik/dev/creator/creator-ut/src/plugins/debugger/breakpointmarker.cpp:60
#6 0x7ff80037d7c8 in TextEditor::TextDocumentLayout::documentReloaded(QList<TextEditor::TextMark*>, TextEditor::TextDocument*) /home/nik/dev/creator/creator-ut/src/plugins/texteditor/textdocumentlayout.cpp:606
#7 0x7ff7ffed959d in TextEditor::TextDocument::reload(QString*) /home/nik/dev/creator/creator-ut/src/plugins/texteditor/textdocument.cpp:613
#8 0x7ff7ffed9f31 in TextEditor::TextDocument::reload(QString*, Core::IDocument::ReloadFlag, Core::IDocument::ChangeType) /home/nik/dev/creator/creator-ut/src/plugins/texteditor/textdocument.cpp:640
#9 0x7ff8857f1c7f in Core::DocumentManager::checkForReload() /home/nik/dev/creator/creator-ut/src/plugins/coreplugin/documentmanager.cpp:1057
#10 0x7ff885b7783e in Core::DocumentManager::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/nik/dev/creator/creator-ut_clang-qt5/src/plugins/coreplugin/.moc/debug-shared/moc_documentmanager.cpp:130
#11 0x7ff89f7b19b5 (/home/nik/usr/qt-5.3.2-install/5.3/gcc_64/lib/libQt5Core.so.5+0x3029b5)
previously allocated by thread T0 here:
#0 0x479331 in operator new(unsigned long) (/home/nik/dev/creator/creator-ut_clang-qt5/bin/qtcreator+0x479331)
#1 0x7ff7f7bd902b in Debugger::Internal::BreakHandler::BreakpointItem::updateMarker(Debugger::Internal::BreakpointModelId) /home/nik/dev/creator/creator-ut/src/plugins/debugger/breakhandler.cpp:1471
#2 0x7ff7f7c05e6a in Debugger::Internal::BreakHandler::notifyBreakpointReleased(Debugger::Internal::BreakpointModelId) /home/nik/dev/creator/creator-ut/src/plugins/debugger/breakhandler.cpp:984
#3 0x7ff7f7d76e18 in Debugger::DebuggerEngine::setState(Debugger::DebuggerState, bool) /home/nik/dev/creator/creator-ut/src/plugins/debugger/debuggerengine.cpp:1192
#4 0x7ff7f7d9b2ed in Debugger::DebuggerEnginePrivate::queueFinishDebugger() /home/nik/dev/creator/creator-ut/src/plugins/debugger/debuggerengine.cpp:238
#5 0x7ff7f7d72bb7 in Debugger::DebuggerEngine::notifyEngineShutdownOk() /home/nik/dev/creator/creator-ut/src/plugins/debugger/debuggerengine.cpp:1051
#6 0x7ff7f84d3ba1 in Debugger::Internal::GdbEngine::handleGdbFinished(int, QProcess::ExitStatus) /home/nik/dev/creator/creator-ut/src/plugins/debugger/gdb/gdbengine.cpp:4370
#7 0x7ff7f8adaca4 in Debugger::Internal::GdbEngine::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/nik/dev/creator/creator-ut_clang-qt5/src/plugins/debugger/.moc/debug-shared/moc_gdbengine.cpp:127
#8 0x7ff89f7af870 (/home/nik/usr/qt-5.3.2-install/5.3/gcc_64/lib/libQt5Core.so.5+0x300870)
SUMMARY: AddressSanitizer: heap-use-after-free /home/nik/dev/creator/creator-ut/src/plugins/texteditor/textmark.cpp:181 TextEditor::TextMark::setBaseTextDocument(TextEditor::TextDocument*)
Shadow bytes around the buggy address:
0x0c0c81023a40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0c81023a50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0c81023a60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0c81023a70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0c81023a80: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 02
=>0x0c0c81023a90: fa fa fa fa fd[fd]fd fd fd fd fd fd fa fa fa fa
0x0c0c81023aa0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0c81023ab0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0c81023ac0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0c81023ad0: fa fa fa fa fa fa fa fa fa fa fa fa 00 00 00 00
0x0c0c81023ae0: 00 00 06 fa fa fa fa fa fd fd fd fd fd fd fd fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Contiguous container OOB:fc
ASan internal: fe
==9942==ABORTING
Attachments
| For Gerrit Dashboard: QTCREATORBUG-13136 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 96497,2 | TextEditor: Do not use deleted TextMarks. | master | qt-creator/qt-creator | Status: MERGED | +2 | 0 |