Bug 458555

Summary: GeoDataFolder iterator methods crash
Product: [Applications] marble Reporter: magliocca
Component: generalAssignee: marble-bugs
Status: REPORTED ---    
Severity: crash CC: morrand276
Priority: NOR    
Version: 22.04.3   
Target Milestone: ---   
Platform: Debian stable   
OS: Microsoft Windows   
See Also: https://bugs.kde.org/show_bug.cgi?id=471339
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description magliocca 2022-08-31 14:43:17 UTC 
SUMMARY
***
With Marble versions 19.08 and 22.04.3, we are experiencing a seg fault when calling the iterator methods for GeoDataFolder. 

It looks like the d pointer is either becoming corrupted or is getting deleted, only for the iterator methods. I can call other methods without problems, such as at() and last(). I ran the same snippet with Marble 16.04 and it runs fine. 
***

STEPS TO REPRODUCE
1. Create an empty Qt+Marble project.
2. Add the following code to main:
    GeoDataFolder *myFolder = new GeoDataFolder();
    myFolder->begin();
3. Compile, build, and run the application.
4. Observe the crash.

OBSERVED RESULT
The application crashes due to a seg fault on the iterator begin command. 

I get a similar seg fault when I try to call end(). The stack trace shows the following:                                                                                        
                                                                                        
1 QVector<Marble::GeoDataFeature *>::isDetached qvector.h            113 0x7ffff78f0b36 
2 QVector<Marble::GeoDataFeature *>::detach     qvector.h            399 0x7ffff78f0cfa 
3 QVector<Marble::GeoDataFeature *>::begin      qvector.h            219 0x7ffff78ef4c9 
4 Marble::GeoDataContainer::begin               GeoDataContainer.cpp 349 0x7ffff78ee6fa 
5 main                                          main.cpp             54  0x55555555b6e4 


EXPECTED RESULT
The application should not crash when calling GeoDataFolder's begin/end methods.


SOFTWARE/OS VERSIONS
Windows: 10
macOS: 
Linux/KDE Plasma: Debian 10
(available in About System)
KDE Plasma Version: 
KDE Frameworks Version: 
Qt Version: 5.15.5

ADDITIONAL INFORMATION
This behavior has been observed on Debian. We have yet to test Windows.
Comment 1 Andrew Morris 2022-11-25 18:49:05 UTC 
I can confirm the same problem is occurring on FreeBSD 12.3 on Marble 22.08.1 (FreeBSD port version 22.08.1_1), with Qt version 5.15.5p165, Plasma 5.24.6_1.

It's actually showing up in two different ways for me. If the GeoDataFolder is created in a different function, then within begin(), *this is null, and the attempt to set the d pointer segfaults, apparently because it's trying to access memory at this+0x18 or something like that. If it's created within the same function, then *this is some absurd value like 0x7fffffffe598 and the attempt to set d fails with a bus error. These seem to just be different expressions of the same problem.

I too can access at(), first(), and other methods within GeoDataFolder without any trouble, and they seem to return sensible results. This problem seems to affect just the methods that return a QVector<GeoDataFeature*>::Iterator, which are begin() and end().