| Summary: | Crash with ASAN when trying to annotate a screenshot | ||
|---|---|---|---|
| Product: | [Applications] Spectacle | Reporter: | Aleix Pol <aleixpol> |
| Component: | General | Assignee: | Boudhayan Gupta <me> |
| Status: | RESOLVED FIXED | ||
| Severity: | crash | CC: | kde |
| Priority: | NOR | ||
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Platform: | Other | ||
| OS: | Linux | ||
| Latest Commit: | https://invent.kde.org/graphics/spectacle/commit/019b9d14d518fc56d98e467ec5050575a43eb357 | Version Fixed In: | |
| Sentry Crash Report: | |||
Git commit 019b9d14d518fc56d98e467ec5050575a43eb357 by Aleix Pol. Committed on 18/01/2023 at 16:04. Pushed by apol into branch 'master'. Don't forget to break on switch cases M +2 -0 src/Gui/Annotations/Utils.cpp M +1 -0 src/Gui/OptionsMenu.cpp M +1 -0 src/Gui/SelectionEditor.cpp https://invent.kde.org/graphics/spectacle/commit/019b9d14d518fc56d98e467ec5050575a43eb357 |
This is with cmake configured with "-DECM_ENABLE_SANITIZERS='address;undefined'". /home/apol/devel/frameworks/spectacle/src/Gui/Annotations/AnnotationDocument.cpp:606:12: runtime error: load of value 3200171710, which is not a valid value for type 'AnnotationDocument::EditActionType' SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/apol/devel/frameworks/spectacle/src/Gui/Annotations/AnnotationDocument.cpp:606:12 in /home/apol/devel/frameworks/spectacle/src/Gui/Annotations/Utils.cpp:124:20: runtime error: downcast of address 0x60e0002cda00 which does not point to an object of type 'LineAction' 0x60e0002cda00: note: object is of type 'FreeHandAction' 00 00 00 00 30 89 f1 a3 22 56 00 00 01 00 00 00 04 00 00 00 01 00 00 00 ff ff ff ff 00 00 00 00 ^~~~~~~~~~~~~~~~~~~~~~~ vptr for 'FreeHandAction' SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/apol/devel/frameworks/spectacle/src/Gui/Annotations/Utils.cpp:124:20 in /home/apol/devel/frameworks/spectacle/src/Gui/Annotations/Utils.cpp:125:32: runtime error: member call on address 0x60e0002cda00 which does not point to an object of type 'LineAction' 0x60e0002cda00: note: object is of type 'FreeHandAction' 00 00 00 00 30 89 f1 a3 22 56 00 00 01 00 00 00 04 00 00 00 01 00 00 00 ff ff ff ff 00 00 00 00 ^~~~~~~~~~~~~~~~~~~~~~~ vptr for 'FreeHandAction' SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/apol/devel/frameworks/spectacle/src/Gui/Annotations/Utils.cpp:125:32 in /home/apol/devel/frameworks/spectacle/src/Gui/Annotations/EditAction.cpp:709:12: runtime error: member access within address 0x60e0002cda00 which does not point to an object of type 'const LineAction' 0x60e0002cda00: note: object is of type 'FreeHandAction' 00 00 00 00 30 89 f1 a3 22 56 00 00 01 00 00 00 04 00 00 00 01 00 00 00 ff ff ff ff 00 00 00 00 ^~~~~~~~~~~~~~~~~~~~~~~ vptr for 'FreeHandAction' SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/apol/devel/frameworks/spectacle/src/Gui/Annotations/EditAction.cpp:709:12 in ================================================================= ==128897==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60e0002cda98 at pc 0x5622a3920a7e bp 0x7ffceb9bc0d0 sp 0x7ffceb9bb890 READ of size 32 at 0x60e0002cda98 thread T0 #0 0x5622a3920a7d in __asan_memcpy (/home/apol/devel/kde5/bin/spectacle+0x331a7d) (BuildId: c6a6a8555efb310c5e0a5b4cdf76afc88aa9443e) #1 0x5622a3caab68 in LineAction::line() const /home/apol/devel/frameworks/spectacle/src/Gui/Annotations/EditAction.cpp:709:12 #2 0x5622a3cbd6c8 in shapeShadow(EditAction*, double) /home/apol/devel/frameworks/spectacle/src/Gui/Annotations/Utils.cpp:125:32 #3 0x5622a3c3ab09 in AnnotationDocument::paint(QPainter*, QRectF const&, double) const /home/apol/devel/frameworks/spectacle/src/Gui/Annotations/AnnotationDocument.cpp:988:29 #4 0x5622a3c83d78 in AnnotationViewport::paint(QPainter*) /home/apol/devel/frameworks/spectacle/src/Gui/Annotations/AnnotationViewport.cpp:84:17 #5 0x7f05a3a0144f in QSGDefaultPainterNode::paint() /home/apol/devel/frameworks/qt5/qtdeclarative/src/quick/scenegraph/util/qsgdefaultpainternode.cpp:188:18 #6 0x7f05a3a0221b in QSGDefaultPainterNode::update() /home/apol/devel/frameworks/qt5/qtdeclarative/src/quick/scenegraph/util/qsgdefaultpainternode.cpp:216:14 #7 0x7f05a3a7b972 in QQuickPaintedItem::updatePaintNode(QSGNode*, QQuickItem::UpdatePaintNodeData*) /home/apol/devel/frameworks/qt5/qtdeclarative/src/quick/items/qquickpainteditem.cpp:610:17 #8 0x7f05a3a68917 in QQuickWindowPrivate::updateDirtyNode(QQuickItem*) /home/apol/devel/frameworks/qt5/qtdeclarative/src/quick/items/qquickwindow.cpp:3888:56 #9 0x7f05a3a68e3a in QQuickWindowPrivate::updateDirtyNodes() /home/apol/devel/frameworks/qt5/qtdeclarative/src/quick/items/qquickwindow.cpp:3633:24 #10 0x7f05a3a6a98c in QQuickWindowPrivate::syncSceneGraph() /home/apol/devel/frameworks/qt5/qtdeclarative/src/quick/items/qquickwindow.cpp:524:21 #11 0x7f05a39e76d6 in QSGGuiThreadRenderLoop::renderWindow(QQuickWindow*) /home/apol/devel/frameworks/qt5/qtdeclarative/src/quick/scenegraph/qsgrenderloop.cpp:752:23 #12 0x7f05a3a78c2f in QQuickWindow::event(QEvent*) /home/apol/devel/frameworks/qt5/qtdeclarative/src/quick/items/qquickwindow.cpp:1863:50 #13 0x7f05a216801d in QApplicationPrivate::notify_helper(QObject*, QEvent*) /home/apol/devel/frameworks/qt5/qtbase/src/widgets/kernel/qapplication.cpp:3640:31 #14 0x7f05a12b60d7 in QCoreApplication::notifyInternal2(QObject*, QEvent*) /home/apol/devel/frameworks/qt5/qtbase/src/corelib/kernel/qcoreapplication.cpp:1064:24 #15 0x7f05a19329c7 in QPlatformWindow::deliverUpdateRequest() /home/apol/devel/frameworks/qt5/qtbase/src/gui/kernel/qplatformwindow.cpp:796:32 #16 0x7f05a12e222f in QObject::event(QEvent*) /home/apol/devel/frameworks/qt5/qtbase/src/corelib/kernel/qobject.cpp:1347:31 #17 0x7f05a216801d in QApplicationPrivate::notify_helper(QObject*, QEvent*) /home/apol/devel/frameworks/qt5/qtbase/src/widgets/kernel/qapplication.cpp:3640:31 #18 0x7f05a12b60d7 in QCoreApplication::notifyInternal2(QObject*, QEvent*) /home/apol/devel/frameworks/qt5/qtbase/src/corelib/kernel/qcoreapplication.cpp:1064:24 #19 0x7f05a12b9070 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) /home/apol/devel/frameworks/qt5/qtbase/src/corelib/kernel/qcoreapplication.cpp:1821:36 #20 0x7f05a130ed52 in postEventSourceDispatch(_GSource*, int (*)(void*), void*) /home/apol/devel/frameworks/qt5/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:277:39 #21 0x7f059ed1687a in g_main_context_dispatch (/usr/lib/libglib-2.0.so.0+0x5587a) (BuildId: 06fc89a56e8514a4b42ccd3f3624eebf00e6b97c) #22 0x7f059ed6dc88 (/usr/lib/libglib-2.0.so.0+0xacc88) (BuildId: 06fc89a56e8514a4b42ccd3f3624eebf00e6b97c) #23 0x7f059ed15131 in g_main_context_iteration (/usr/lib/libglib-2.0.so.0+0x54131) (BuildId: 06fc89a56e8514a4b42ccd3f3624eebf00e6b97c) #24 0x7f05a130e435 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) /home/apol/devel/frameworks/qt5/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:423:43 #25 0x7f05a12b4b4a in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) /home/apol/devel/frameworks/qt5/qtbase/src/corelib/kernel/qeventloop.cpp:235:22 #26 0x7f05a12bccb5 in QCoreApplication::exec() /home/apol/devel/frameworks/qt5/qtbase/src/corelib/kernel/qcoreapplication.cpp:1375:36 #27 0x5622a3a389d7 in main /home/apol/devel/frameworks/spectacle/src/Main.cpp:105:12 #28 0x7f05a0a3c28f (/usr/lib/libc.so.6+0x2328f) (BuildId: 768945cdf5e5796c2ab39f38ed160748fd94d12e) #29 0x7f05a0a3c349 in __libc_start_main (/usr/lib/libc.so.6+0x23349) (BuildId: 768945cdf5e5796c2ab39f38ed160748fd94d12e) #30 0x5622a386b454 in _start (/home/apol/devel/kde5/bin/spectacle+0x27c454) (BuildId: c6a6a8555efb310c5e0a5b4cdf76afc88aa9443e) 0x60e0002cda98 is located 0 bytes to the right of 152-byte region [0x60e0002cda00,0x60e0002cda98) allocated by thread T0 here: #0 0x5622a3967552 in operator new(unsigned long) (/home/apol/devel/kde5/bin/spectacle+0x378552) (BuildId: c6a6a8555efb310c5e0a5b4cdf76afc88aa9443e) #1 0x5622a3c47fde in AnnotationDocument::beginAction(QPointF const&) /home/apol/devel/frameworks/spectacle/src/Gui/Annotations/AnnotationDocument.cpp:1265:18 #2 0x5622a3c858e3 in AnnotationViewport::mousePressEvent(QMouseEvent*) /home/apol/devel/frameworks/spectacle/src/Gui/Annotations/AnnotationViewport.cpp:110:21 #3 0x7f05a3a59a07 in QQuickItem::event(QEvent*) /home/apol/devel/frameworks/qt5/qtdeclarative/src/quick/items/qquickitem.cpp:8308:18 SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/apol/devel/kde5/bin/spectacle+0x331a7d) (BuildId: c6a6a8555efb310c5e0a5b4cdf76afc88aa9443e) in __asan_memcpy Shadow bytes around the buggy address: 0x0c1c80051b00: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 0x0c1c80051b10: 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa fa 0x0c1c80051b20: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00 0x0c1c80051b30: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa 0x0c1c80051b40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c1c80051b50: 00 00 00[fa]fa fa fa fa fa fa fa fa fd fd fd fd 0x0c1c80051b60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c1c80051b70: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x0c1c80051b80: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa 0x0c1c80051b90: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd 0x0c1c80051ba0: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==128897==ABORTING *** Exited with return code: 01 ***