| Summary: | Crash resizing vector shape (asan backtrace) | ||
|---|---|---|---|
| Product: | [Applications] krita | Reporter: | wolthera <griffinvalley> |
| Component: | Tools/Vector | Assignee: | Krita Bugs <krita-bugs-null> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | crash | ||
| Priority: | NOR | ||
| Version: | git master (please specify the git hash!) | ||
| Target Milestone: | --- | ||
| Platform: | Other | ||
| OS: | Linux | ||
| Latest Commit: | Version Fixed In: | ||
| Sentry Crash Report: | |||
*** This bug has been marked as a duplicate of bug 409872 *** |
SUMMARY Was resizing a vector rectangle, got this. Have not tried to reproduce. Krita Version: 4.3.0-prealpha (git 26e236d) Languages: en_US, en_GB, nl Hidpi: true Qt Version (compiled): 5.12.3 Version (loaded): 5.12.3 OS Information Build ABI: x86_64-little_endian-lp64 Build CPU: x86_64 CPU: x86_64 Kernel Type: linux Kernel Version: 4.15.0-54-generic Pretty Productname: KDE neon User Edition 5.16 Product Type: neon Product Version: 18.04 ================================================================= ==21849==ERROR: AddressSanitizer: heap-use-after-free on address 0x6060022e4538 at pc 0x7fffe76ed195 bp 0x7fffffff8450 sp 0x7fffffff8440 READ of size 8 at 0x6060022e4538 thread T0 #0 0x7fffe76ed194 in KoPathShape::Private::map(QTransform const&) /home/wolthera/krita/src/libs/flake/KoPathShape.cpp:783 #1 0x7fffe76ea259 in KoPathShape::setSize(QSizeF const&) /home/wolthera/krita/src/libs/flake/KoPathShape.cpp:592 #2 0x7fffe78015c4 in KoParameterShape::setSize(QSizeF const&) /home/wolthera/krita/src/libs/flake/KoParameterShape.cpp:120 #3 0x7fffe7945976 in KoShapeResizeCommand::undoImpl() /home/wolthera/krita/src/libs/flake/commands/KoShapeResizeCommand.cpp:90 #4 0x7fffe5f28c07 in KisCommandUtils::SkipFirstRedoBase::undo() /home/wolthera/krita/src/libs/command/kis_command_utils.cpp:137 #5 0x7fffa5aef741 in ShapeResizeStrategy::resizeBy(QPointF const&, double, double) /home/wolthera/krita/src/plugins/tools/defaulttool/defaulttool/ShapeResizeStrategy.cpp:218 #6 0x7fffa5aef5a9 in ShapeResizeStrategy::handleMouseMove(QPointF const&, QFlags<Qt::KeyboardModifier>) /home/wolthera/krita/src/plugins/tools/defaulttool/defaulttool/ShapeResizeStrategy.cpp:212 #7 0x7fffe79e5702 in KoInteractionTool::mouseMoveEvent(KoPointerEvent*) /home/wolthera/krita/src/libs/flake/tools/KoInteractionTool.cpp:72 #8 0x7fffa5aa7c80 in DefaultTool::mouseMoveEvent(KoPointerEvent*) /home/wolthera/krita/src/plugins/tools/defaulttool/defaulttool/DefaultTool.cpp:729 #9 0x7fffe784338c in KoToolProxy::mouseMoveEvent(KoPointerEvent*) /home/wolthera/krita/src/libs/flake/KoToolProxy.cpp:297 #10 0x7fffe7843000 in KoToolProxy::mouseMoveEvent(QMouseEvent*, QPointF const&) /home/wolthera/krita/src/libs/flake/KoToolProxy.cpp:281 #11 0x7ffff1923cb3 in KisToolProxy::forwardEvent(KisToolProxy::ActionState, KisTool::ToolAction, QEvent*, QEvent*) /home/wolthera/krita/src/libs/ui/canvas/kis_tool_proxy.cpp:145 #12 0x7ffff22e0d12 in KisToolInvocationAction::inputEvent(QEvent*) /home/wolthera/krita/src/libs/ui/input/kis_tool_invocation_action.cpp:167 #13 0x7ffff22fa4cb in KisShortcutMatcher::pointerMoved(QEvent*) /home/wolthera/krita/src/libs/ui/input/kis_shortcut_matcher.cpp:267 #14 0x7ffff22b8c50 in KisInputManager::Private::handleCompressedTabletEvent(QEvent*) /home/wolthera/krita/src/libs/ui/input/kis_input_manager_p.cpp:651 #15 0x7ffff22a799e in KisInputManager::slotCompressedMoveEvent() /home/wolthera/krita/src/libs/ui/input/kis_input_manager.cpp:751 #16 0x7ffff270c525 in KisInputManager::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/wolthera/krita/build/libs/ui/kritaui_autogen/RHTBEVGUKT/moc_kis_input_manager.cpp:89 #17 0x7fffeb522874 in QMetaObject::activate(QObject*, int, int, void**) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b0874) #18 0x7fffeccfb7b4 in KisSignalCompressor::timeout() /home/wolthera/krita/build/libs/global/kritaglobal_autogen/EWIEGA46WW/moc_kis_signal_compressor.cpp:151 #19 0x7fffeccb1c93 in KisSignalCompressor::tryEmitSignalSafely() /home/wolthera/krita/src/libs/global/kis_signal_compressor.cpp:170 #20 0x7fffeccb1b89 in KisSignalCompressor::tryEmitOnTick(bool) /home/wolthera/krita/src/libs/global/kis_signal_compressor.cpp:152 #21 0x7fffeccb17f4 in KisSignalCompressor::start() /home/wolthera/krita/src/libs/global/kis_signal_compressor.cpp:110 #22 0x7ffff22ad86a in bool KisInputManager::compressMoveEventCommon<QMouseEvent>(QMouseEvent*) (/home/wolthera/krita/inst/lib/x86_64-linux-gnu/libkritaui.so.19+0x33d686a) #23 0x7ffff22a4c69 in KisInputManager::eventFilterImpl(QEvent*) /home/wolthera/krita/src/libs/ui/input/kis_input_manager.cpp:383 #24 0x7ffff22a3445 in KisInputManager::eventFilter(QObject*, QEvent*) /home/wolthera/krita/src/libs/ui/input/kis_input_manager.cpp:201 #25 0x7fffeb4f2a9c in QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x280a9c) #26 0x7fffec2ee634 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x15c634) #27 0x7fffec2f6a57 in QApplication::notify(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x164a57) #28 0x7ffff2494bac in KisApplication::notify(QObject*, QEvent*) /home/wolthera/krita/src/libs/ui/KisApplication.cpp:653 #29 0x7fffeb4f2d17 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x280d17) #30 0x7fffec2f505e in QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool, bool) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x16305e) #31 0x7fffec3498a0 (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x1b78a0) #32 0x7fffec34c6f9 (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x1ba6f9) #33 0x7fffec2ee65b in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x15c65b) #34 0x7fffec2f5b8f in QApplication::notify(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x163b8f) #35 0x7ffff2494bac in KisApplication::notify(QObject*, QEvent*) /home/wolthera/krita/src/libs/ui/KisApplication.cpp:653 #36 0x7fffeb4f2d17 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x280d17) #37 0x7fffebabc1fa in QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5+0x1141fa) #38 0x7fffebabd364 in QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5+0x115364) #39 0x7fffeba95b4a in QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5+0xedb4a) #40 0x7fffd69d7599 (/usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5+0x6c599) #41 0x7fffe12c1416 in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4c416) #42 0x7fffe12c164f (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4c64f) #43 0x7fffe12c16db in g_main_context_iteration (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4c6db) #44 0x7fffeb54fdae in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2dddae) #45 0x7fffeb4f1039 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x27f039) #46 0x7fffeb4fa16f in QCoreApplication::exec() (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x28816f) #47 0x555557933430 in main /home/wolthera/krita/src/krita/main.cc:535 #48 0x7fffea901b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96) #49 0x55555792ca69 in _start (/home/wolthera/krita/inst/bin/krita+0x23d8a69) 0x6060022e4538 is located 24 bytes inside of 64-byte region [0x6060022e4520,0x6060022e4560) freed by thread T0 here: #0 0x7ffff6ef87b8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7b8) #1 0x7fffe770519a in QList<KoPathPoint*>::dealloc(QListData::Data*) /usr/include/x86_64-linux-gnu/qt5/QtCore/qlist.h:870 #2 0x7fffe7701449 in QList<KoPathPoint*>::~QList() /usr/include/x86_64-linux-gnu/qt5/QtCore/qlist.h:830 #3 0x7fffe7700405 in QtPrivate::QForeachContainer<QList<KoPathPoint*> >::~QForeachContainer() /usr/include/x86_64-linux-gnu/qt5/QtCore/qglobal.h:973 #4 0x7fffe76e8813 in KoPathShape::outline() const /home/wolthera/krita/src/libs/flake/KoPathShape.cpp:474 #5 0x7fffe76fd846 in KoPathShape::pathStroke(QPen const&) const /home/wolthera/krita/src/libs/flake/KoPathShape.cpp:1667 #6 0x7fffe76e96ee in KoPathShape::boundingRect() const /home/wolthera/krita/src/libs/flake/KoPathShape.cpp:566 #7 0x7fffe7796d1c in KoShapeManager::Private::DetectCollision::detect(KoRTree<KoShape*>&, KoShape*, int) /home/wolthera/krita/src/libs/flake/KoShapeManager_p.h:86 #8 0x7fffe778a57b in KoShapeManager::Private::updateTree() /home/wolthera/krita/src/libs/flake/KoShapeManager.cpp:74 #9 0x7fffe7794f60 in KoShapeManager::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/wolthera/krita/build/libs/flake/kritaflake_autogen/include/moc_KoShapeManager.cpp:105 #10 0x7fffeb522874 in QMetaObject::activate(QObject*, int, int, void**) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b0874) #11 0x7fffeccfc2b0 in KisThreadSafeSignalCompressor::timeout() /home/wolthera/krita/build/libs/global/kritaglobal_autogen/EWIEGA46WW/moc_kis_thread_safe_signal_compressor.cpp:182 #12 0x7fffeccfb9f9 in KisThreadSafeSignalCompressor::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/wolthera/krita/build/libs/global/kritaglobal_autogen/EWIEGA46WW/moc_kis_thread_safe_signal_compressor.cpp:97 #13 0x7fffeb522874 in QMetaObject::activate(QObject*, int, int, void**) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b0874) #14 0x7fffeccfb7b4 in KisSignalCompressor::timeout() /home/wolthera/krita/build/libs/global/kritaglobal_autogen/EWIEGA46WW/moc_kis_signal_compressor.cpp:151 #15 0x7fffeccb1c93 in KisSignalCompressor::tryEmitSignalSafely() /home/wolthera/krita/src/libs/global/kis_signal_compressor.cpp:170 #16 0x7fffeccb1b89 in KisSignalCompressor::tryEmitOnTick(bool) /home/wolthera/krita/src/libs/global/kis_signal_compressor.cpp:152 #17 0x7fffeccb1930 in KisSignalCompressor::start() /home/wolthera/krita/src/libs/global/kis_signal_compressor.cpp:124 #18 0x7fffeccfb435 in KisSignalCompressor::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/wolthera/krita/build/libs/global/kritaglobal_autogen/EWIEGA46WW/moc_kis_signal_compressor.cpp:91 #19 0x7fffeb522874 in QMetaObject::activate(QObject*, int, int, void**) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b0874) #20 0x7fffeccfc2dc in KisThreadSafeSignalCompressor::internalRequestSignal() /home/wolthera/krita/build/libs/global/kritaglobal_autogen/EWIEGA46WW/moc_kis_thread_safe_signal_compressor.cpp:188 #21 0x7fffeccb2907 in KisThreadSafeSignalCompressor::start() /home/wolthera/krita/src/libs/global/kis_thread_safe_signal_compressor.cpp:49 #22 0x7fffe7794618 in KoShapeManager::notifyShapeChanged(KoShape*) /home/wolthera/krita/src/libs/flake/KoShapeManager.cpp:602 #23 0x7fffe7744c23 in KoShape::notifyChanged() /home/wolthera/krita/src/libs/flake/KoShape.cpp:821 #24 0x7fffe770cfa3 in KoPathPoint::map(QTransform const&) /home/wolthera/krita/src/libs/flake/KoPathPoint.cpp:262 #25 0x7fffe76ed1a9 in KoPathShape::Private::map(QTransform const&) /home/wolthera/krita/src/libs/flake/KoPathShape.cpp:783 #26 0x7fffe76ea259 in KoPathShape::setSize(QSizeF const&) /home/wolthera/krita/src/libs/flake/KoPathShape.cpp:592 #27 0x7fffe78015c4 in KoParameterShape::setSize(QSizeF const&) /home/wolthera/krita/src/libs/flake/KoParameterShape.cpp:120 #28 0x7fffe7945976 in KoShapeResizeCommand::undoImpl() /home/wolthera/krita/src/libs/flake/commands/KoShapeResizeCommand.cpp:90 #29 0x7fffe5f28c07 in KisCommandUtils::SkipFirstRedoBase::undo() /home/wolthera/krita/src/libs/command/kis_command_utils.cpp:137 previously allocated by thread T0 here: #0 0x7ffff6ef8b50 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb50) #1 0x7fffeb3789db in QListData::detach(int) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x1069db) SUMMARY: AddressSanitizer: heap-use-after-free /home/wolthera/krita/src/libs/flake/KoPathShape.cpp:783 in KoPathShape::Private::map(QTransform const&) Shadow bytes around the buggy address: 0x0c0c80454850: 00 00 00 00 00 00 00 fa fa fa fa fa 00 00 00 00 0x0c0c80454860: 00 00 00 fa fa fa fa fa 00 00 00 00 00 00 00 fa 0x0c0c80454870: fa fa fa fa 00 00 00 00 00 00 00 fa fa fa fa fa 0x0c0c80454880: 00 00 00 00 00 00 00 fa fa fa fa fa 00 00 00 00 0x0c0c80454890: 00 00 00 fa fa fa fa fa fd fd fd fd fd fd fd fa =>0x0c0c804548a0: fa fa fa fa fd fd fd[fd]fd fd fd fd fa fa fa fa 0x0c0c804548b0: 00 00 00 00 00 00 00 02 fa fa fa fa fd fd fd fd 0x0c0c804548c0: fd fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0c804548d0: fa fa fa fa 00 00 00 00 00 00 00 00 fa fa fa fa 0x0c0c804548e0: 00 00 00 00 00 00 00 00 fa fa fa fa 00 00 00 00 0x0c0c804548f0: 00 00 00 00 fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==21849==ABORTING