Bug 452504

Summary: KActionCollection static_cast<QAction*> relies on UB
Product: [Applications] krita Reporter: Alvin Wong <alvin>
Component: GeneralAssignee: amyspark <amy>
Status: RESOLVED FIXED    
Severity: normal    
Priority: NOR    
Version First Reported In: git master (please specify the git hash!)   
Target Milestone: ---   
Platform: unspecified   
OS: Unspecified   
Latest Commit: https://invent.kde.org/graphics/krita/commit/cbafea01e8e1056140642f92c7699988afa340e2 Version Fixed/Implemented In:
Sentry Crash Report:

Description Alvin Wong 2022-04-11 14:30:05 UTC 
A previous attempt at removing the UB [1] failed (caused bug 452063, subsequently reverted in [2]).

The problematic code is called from the QObject::deleteLater signal of a QAction, which at that point is already no longer a QAction since its destructor had returned. static_cast-ing the QObject* to QAction* is undefined behavior.

[1]: https://invent.kde.org/graphics/krita/-/commit/e3d359608b9d6038b2428e8a49b833e7a5188ba4#1c36f0db18ca0e87f7da1033e19d6af8d00102ab_616_615
[2]: https://invent.kde.org/graphics/krita/-/commit/bcff23b8f01e483fdde3807cb19eef6ad7ea4eca
Comment 2 Alvin Wong 2022-04-11 14:52:27 UTC 
Assigning to amyspark
Comment 3 Dmitry Kazakov 2022-04-20 13:02:23 UTC 
Git commit cbafea01e8e1056140642f92c7699988afa340e2 by Dmitry Kazakov, on behalf of L. E. Segovia.
Committed on 20/04/2022 at 11:28.
Pushed by dkazakov into branch 'master'.

Fix ASAN on KActionCollection*

M  +19   -17   libs/widgetutils/xmlgui/kactioncollection.cpp
M  +0    -6    libs/widgetutils/xmlgui/kactioncollection.h

https://invent.kde.org/graphics/krita/commit/cbafea01e8e1056140642f92c7699988afa340e2
Comment 4 Bug Janitor Service 2022-05-17 13:26:55 UTC 
A possibly relevant merge request was started @ https://invent.kde.org/frameworks/kxmlgui/-/merge_requests/110