Bug 408408

Summary: Marble app crash moving mouse on the map while adding a placemark (DEBUG version only)
Product: [Applications] marble Reporter: Dario Zandri <d.zandri>
Component: generalAssignee: marble-bugs
Status: RESOLVED WORKSFORME    
Severity: crash    
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Microsoft Windows   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: Possible patch to keep m_paintOrder in synch with m_visiblePlacemarks

Description Dario Zandri 2019-06-07 08:30:33 UTC
Created attachment 120650 [details]
Possible patch to keep m_paintOrder in synch with m_visiblePlacemarks

SUMMARY
Marble applications 19.04 compiled from sources on Windows 10 64 bit
Qt 5.11.2 64 bit
Visual Studio 2015
The crash happens only in the debug version, but it might be due to the speed difference, please see additional information

STEPS TO REPRODUCE
1. Start Marble with the default OSM map (earth/openstreetmap/openstreetmap.dgml)
2. Show the annotate plugin toolbar and select "add placemark"
3. In the Add Placemark dialog change a coordinate
4. Move the dialog and move the mouse pointer on the map below

OBSERVED RESULT
The application crashes with the following call stack:

 	Qt5Guid.dll!QPlatformPixmap::height() Line 124	
 	Qt5Guid.dll!QPixmap::size() Line 532	
>	marblewidget-qt5d.dll!Marble::VisiblePlacemark::symbolRect() Line 171	
 	marblewidget-qt5d.dll!Marble::PlacemarkLayout::hasPlacemarkAt(const QPoint & pos) Line 556	
 	marblewidget-qt5d.dll!Marble::PlacemarkLayer::hasPlacemarkAt(const QPoint & pos) Line 219	
 	marblewidget-qt5d.dll!Marble::MarbleMap::hasFeatureAt(const QPoint & position) Line 483	
 	marblewidget-qt5d.dll!Marble::MarbleDefaultInputHandler::adjustCursorShape(const QPoint & mousePosition, const QPoint & mouseDirection) Line 663	
 	marblewidget-qt5d.dll!Marble::MarbleDefaultInputHandler::handleMouseEvent(QMouseEvent * event) Line 884	
 	marblewidget-qt5d.dll!Marble::MarbleDefaultInputHandler::eventFilter(QObject * o, QEvent * e) Line 923	
 	Qt5Cored.dll!QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject * receiver, QEvent * event) Line 1174	
 	Qt5Widgetsd.dll!QApplicationPrivate::notify_helper(QObject * receiver, QEvent * e) Line 3723	
 	Qt5Widgetsd.dll!QApplication::notify(QObject * receiver, QEvent * e) Line 3203	
 	Qt5Cored.dll!QCoreApplication::notifyInternal2(QObject * receiver, QEvent * event) Line 1048	
 	Qt5Cored.dll!QCoreApplication::sendSpontaneousEvent(QObject * receiver, QEvent * event) Line 237	
 	Qt5Widgetsd.dll!QApplicationPrivate::sendMouseEvent(QWidget * receiver, QMouseEvent * event, QWidget * alienWidget, QWidget * nativeWidget, QWidget * * buttonDown, QPointer<QWidget> & lastMouseReceiver, bool spontaneous) Line 2693	
 	Qt5Widgetsd.dll!QWidgetWindow::handleMouseEvent(QMouseEvent * event) Line 661	
 	Qt5Widgetsd.dll!QWidgetWindow::event(QEvent * event) Line 282	
 	Qt5Widgetsd.dll!QApplicationPrivate::notify_helper(QObject * receiver, QEvent * e) Line 3727	
 	Qt5Widgetsd.dll!QApplication::notify(QObject * receiver, QEvent * e) Line 3099	
 	Qt5Cored.dll!QCoreApplication::notifyInternal2(QObject * receiver, QEvent * event) Line 1048	
 	Qt5Cored.dll!QCoreApplication::sendSpontaneousEvent(QObject * receiver, QEvent * event) Line 237	
 	Qt5Guid.dll!QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent * e) Line 2082	
 	Qt5Guid.dll!QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent * e) Line 1817	
 	Qt5Guid.dll!QWindowSystemInterface::sendWindowSystemEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags) Line 1038	
 	qwindowsd.dll!QWindowsGuiEventDispatcher::sendPostedEvents() Line 83	
 	Qt5Cored.dll!qt_internal_proc(HWND__ * hwnd, unsigned int message, unsigned __int64 wp, __int64 lp) Line 239	
 	[External Code]	
 	Qt5Cored.dll!QEventDispatcherWin32::processEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags) Line 630	
 	qwindowsd.dll!QWindowsGuiEventDispatcher::processEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags) Line 74	
 	Qt5Cored.dll!QEventLoop::processEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags) Line 137	
 	Qt5Cored.dll!QEventLoop::exec(QFlags<enum QEventLoop::ProcessEventsFlag> flags) Line 214	
 	Qt5Cored.dll!QCoreApplication::exec() Line 1336	
 	Qt5Guid.dll!QGuiApplication::exec() Line 1762	
 	Qt5Widgetsd.dll!QApplication::exec() Line 2902	
 	marble-qt.exe!main(int argc, char * * argv) Line 308	
 	[External Code]	

EXPECTED RESULT


SOFTWARE/OS VERSIONS
Windows: 10 64 bit
macOS: 
Linux/KDE Plasma: 
(available in About System)
KDE Plasma Version: 
KDE Frameworks Version: 
Qt Version: 5.11.2 64bit

ADDITIONAL INFORMATION
The crash seems to happen because the mouse movement triggers an updateFeature:

 AnnotatePlugin::eventFilter
  -> AnnotatePlugin::handleUncaughtEvents
	-> m_marbleWidget->model()->treeModel()->updateFeature( m_focusItem->placemark() );

Which in turn calls RemoveFeature and AddFeature of GeoDataTreeModel and they emits rowsAboutToBeRemoved and rowsInserted signals, connected to removePlacemarks and addPlacemarks of PlacemarkLayout
   
PlacemarkLayout::removePlacemarks
	-> remove the placemark from its cache and the associated VisibleItem. It doesn't deal with m_paintOrder.

PlacemarkLayout::addPlacemarks
	-> add only the placemark to the internal cache. Creation of VisibleItem seems to be demanded to the first layoutPlacemark call
	
At the end of addPlacemark an emit repaintNeeded() should cause a PlacemarkLayout::layoutPlacemark call, if that happens before any other mouse events, all is well.

But if the mouse event is passed to MarbleDefaultInputHandler::eventFilter before the next render, then the following calls cause an invalid memory access.
MarbleDefaultInputHandler::eventFilter
	-> MarbleDefaultInputHandler::adjustCursorShape
		-> MarbleInputHandler::d->m_marblePresenter->map()->hasFeatureAt(mousePosition)
		-> ...
		-> PlacemarkLayout::hasPlacemarkAt which uses m_paintOrder still containing an invalid VisibleItem from the preceding removePlacemarks
I don't understand in detail the reasone of the debug/relase difference, but it would seem a sound and roboust approach to make PlacemarkLayout::m_paintOrder more in synch with m_visiblePlacemarks.
Comment 1 Christoph Feck 2019-06-25 14:43:59 UTC
This is bug 378885.

Please use https://phabricator.kde.org/differential/diff/create/ to propose patches; they tend to get lost in the bug tracker.

For more information, please see https://community.kde.org/Infrastructure/Phabricator
Comment 2 Christoph Feck 2019-07-16 13:39:50 UTC
Dario, any luck with the link from comment #1?
Comment 3 Justin Zobel 2022-09-23 02:22:53 UTC
Thank you for reporting this crash in KDE software. As it has been a while since this issue was reported, can we please ask you to see if you can reproduce the crash with a recent software version?

If you can reproduce the issue, please change the status to "CONFIRMED" when replying. Thank you!
Comment 4 Bug Janitor Service 2022-10-08 04:53:00 UTC
Dear Bug Submitter,

This bug has been in NEEDSINFO status with no change for at least
15 days. Please provide the requested information as soon as
possible and set the bug status as REPORTED. Due to regular bug
tracker maintenance, if the bug is still in NEEDSINFO status with
no change in 30 days the bug will be closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

If you have already provided the requested information, please
mark the bug as REPORTED so that the KDE team knows that the bug is
ready to be confirmed.

Thank you for helping us make KDE software even better for everyone!
Comment 5 Bug Janitor Service 2022-10-23 05:00:54 UTC
This bug has been in NEEDSINFO status with no change for at least
30 days. The bug is now closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

Thank you for helping us make KDE software even better for everyone!