359241 – Crash on exit [PhpDocumentationWidget::documentLoaded]

Bug 359241 - Crash on exit [PhpDocumentationWidget::documentLoaded]

Summary: Crash on exit [PhpDocumentationWidget::documentLoaded]

Status:	RESOLVED FIXED

Alias:	None

Product:	kdevelop
Classification:	Applications
Component:	Language Support: PHP (show other bugs)
Version:	4.90.91
Platform:	Other Linux

Importance:	NOR crash
Target Milestone:	5.0.0
Assignee:	kdevelop-bugs-null

URL:
Keywords:	junior-jobs

Duplicates (1):	358847 (view as bug list)
Depends on:
Blocks:

Reported:	2016-02-10 17:22 UTC by Kevin Funk
Modified:	2016-02-21 21:16 UTC (History)
CC List:	2 users (show)

See Also:
Latest Commit:
Version Fixed In:	5.0.0

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Kevin Funk 2016-02-10 17:22:11 UTC

==6520==ERROR: AddressSanitizer: heap-use-after-free on address 0x6020008c96f0 at pc 0x7f14af82432d bp 0x7ffd7d3d4850 sp 0x7ffd7d3d4848
READ of size 8 at 0x6020008c96f0 thread T0
    #0 0x7f14af82432c in PhpDocumentationWidget::documentLoaded() /home/kfunk/devel/src/kf5/kdev-php-stable/docs/phpdocumentationwidget.cpp:93:66
    #1 0x7f14af82925d in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (PhpDocumentationWidget::*)()>::call(void (PhpDocumentationWidget::*)(), PhpDocumentationWidget*, void**) /usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:501:13
    #2 0x7f14af828de1 in void QtPrivate::FunctionPointer<void (PhpDocumentationWidget::*)()>::call<QtPrivate::List<>, void>(void (PhpDocumentationWidget::*)(), PhpDocumentationWidget*, void**) /usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:520:13
    #3 0x7f14af827b3b in QtPrivate::QSlotObject<void (PhpDocumentationWidget::*)(), QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) /usr/include/x86_64-linux-gnu/qt5/QtCore/qobject_impl.h:143:17
    #4 0x7f14d88d4776 in QMetaObject::activate(QObject*, int, int, void**) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b5776)
    #5 0x7f14d3bb81d1 in QWebView::loadFinished(bool) (/usr/lib/x86_64-linux-gnu/libQt5WebKitWidgets.so.5+0x2d1d1)
    #6 0x7f14d3bb90db  (/usr/lib/x86_64-linux-gnu/libQt5WebKitWidgets.so.5+0x2e0db)
    #7 0x7f14d88d48e9 in QMetaObject::activate(QObject*, int, int, void**) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b58e9)
    #8 0x7f14d3bae9a1 in QWebPage::loadFinished(bool) (/usr/lib/x86_64-linux-gnu/libQt5WebKitWidgets.so.5+0x239a1)
    #9 0x7f14d3bac600  (/usr/lib/x86_64-linux-gnu/libQt5WebKitWidgets.so.5+0x21600)
    #10 0x7f14d1bbb0bf  (/usr/lib/x86_64-linux-gnu/libQt5WebKit.so.5+0x48b0bf)
    #11 0x7f14d1ee90a8  (/usr/lib/x86_64-linux-gnu/libQt5WebKit.so.5+0x7b90a8)
    #12 0x7f14d1ee7f85  (/usr/lib/x86_64-linux-gnu/libQt5WebKit.so.5+0x7b7f85)
    #13 0x7f14d1ee9ea6  (/usr/lib/x86_64-linux-gnu/libQt5WebKit.so.5+0x7b9ea6)
    #14 0x7f14d1ebc077  (/usr/lib/x86_64-linux-gnu/libQt5WebKit.so.5+0x78c077)
    #15 0x7f14d1f162ef  (/usr/lib/x86_64-linux-gnu/libQt5WebKit.so.5+0x7e62ef)
    #16 0x7f14d1f0c7f6  (/usr/lib/x86_64-linux-gnu/libQt5WebKit.so.5+0x7dc7f6)
    #17 0x7f14d1ed07cf  (/usr/lib/x86_64-linux-gnu/libQt5WebKit.so.5+0x7a07cf)
    #18 0x7f14d1ed2357  (/usr/lib/x86_64-linux-gnu/libQt5WebKit.so.5+0x7a2357)
    #19 0x7f14d1ee287d  (/usr/lib/x86_64-linux-gnu/libQt5WebKit.so.5+0x7b287d)
    #20 0x7f14d1ee8c59  (/usr/lib/x86_64-linux-gnu/libQt5WebKit.so.5+0x7b8c59)
    #21 0x7f14d1bd4bd0 in QWebPageAdapter::deletePage() (/usr/lib/x86_64-linux-gnu/libQt5WebKit.so.5+0x4a4bd0)
    #22 0x7f14d3baf698  (/usr/lib/x86_64-linux-gnu/libQt5WebKitWidgets.so.5+0x24698)
    #23 0x7f14d3baf7b8  (/usr/lib/x86_64-linux-gnu/libQt5WebKitWidgets.so.5+0x247b8)
    #24 0x7f14d3bae6e0 in QWebPage::~QWebPage() (/usr/lib/x86_64-linux-gnu/libQt5WebKitWidgets.so.5+0x236e0)
    #25 0x7f14d3bae6f8 in QWebPage::~QWebPage() (/usr/lib/x86_64-linux-gnu/libQt5WebKitWidgets.so.5+0x236f8)
    #26 0x7f14d3bb85bf  (/usr/lib/x86_64-linux-gnu/libQt5WebKitWidgets.so.5+0x2d5bf)
    #27 0x7f14d3bb8622  (/usr/lib/x86_64-linux-gnu/libQt5WebKitWidgets.so.5+0x2d622)
    #28 0x7f14d3bb7f7a in QWebView::~QWebView() (/usr/lib/x86_64-linux-gnu/libQt5WebKitWidgets.so.5+0x2cf7a)
    #29 0x7f14d52cc841 in KDevelop::StandardDocumentationView::~StandardDocumentationView() /home/kfunk/devel/build/kf5/kdevplatform-stable/documentation/../../../../src/kf5/kdevplatform-stable/documentation/standarddocumentationview.h:35:46
    #30 0x7f14d52cc841 in KDevelop::StandardDocumentationView::~StandardDocumentationView() /home/kfunk/devel/build/kf5/kdevplatform-stable/documentation/../../../../src/kf5/kdevplatform-stable/documentation/standarddocumentationview.h:35
    #31 0x7f14d88d2e5a in QObjectPrivate::deleteChildren() (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b3e5a)
    #32 0x7f14d91d912f in QWidget::~QWidget() (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x19a12f)
    #33 0x7f14af86b919 in PhpDocumentationWidget::~PhpDocumentationWidget() /home/kfunk/devel/build/kf5/kdev-php-stable/docs/../../../../src/kf5/kdev-php-stable/docs/phpdocumentationwidget.h:37:7
    #34 0x7f14af86baa3 in PhpDocumentationWidget::~PhpDocumentationWidget() /home/kfunk/devel/build/kf5/kdev-php-stable/docs/../../../../src/kf5/kdev-php-stable/docs/phpdocumentationwidget.h:37:7
    #35 0x7f14d88d2e5a in QObjectPrivate::deleteChildren() (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b3e5a)
    #36 0x7f14d91d912f in QWidget::~QWidget() (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x19a12f)
    #37 0x7f14d52cbdab in DocumentationView::~DocumentationView() /home/kfunk/devel/build/kf5/kdevplatform-stable/documentation/../../../../src/kf5/kdevplatform-stable/documentation/documentationview.h:39:46
    #38 0x7f14d52cbdab in DocumentationView::~DocumentationView() /home/kfunk/devel/build/kf5/kdevplatform-stable/documentation/../../../../src/kf5/kdevplatform-stable/documentation/documentationview.h:39
    #39 0x7f14d88d2e5a in QObjectPrivate::deleteChildren() (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b3e5a)
    #40 0x7f14d91d912f in QWidget::~QWidget() (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x19a12f)
    #41 0x7f14de32475d in Sublime::IdealDockWidget::~IdealDockWidget() /home/kfunk/devel/src/kf5/kdevplatform-stable/sublime/idealdockwidget.cpp:68:1
    #42 0x7f14de32475d in Sublime::IdealDockWidget::~IdealDockWidget() /home/kfunk/devel/src/kf5/kdevplatform-stable/sublime/idealdockwidget.cpp:67
    #43 0x7f14d88d2e5a in QObjectPrivate::deleteChildren() (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b3e5a)
    #44 0x7f14d91d912f in QWidget::~QWidget() (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x19a12f)
    #45 0x7f14dc097d8f in KMainWindow::~KMainWindow() (/usr/lib/x86_64-linux-gnu/libKF5XmlGui.so.5+0x77d8f)
    #46 0x7f14de2e1c2b in Sublime::MainWindow::~MainWindow() /home/kfunk/devel/src/kf5/kdevplatform-stable/sublime/mainwindow.cpp:76:1
    #47 0x7f14dddebb99 in KDevelop::MainWindow::~MainWindow() /home/kfunk/devel/src/kf5/kdevplatform-stable/shell/mainwindow.cpp:156:1
    #48 0x7f14dddebeb8 in KDevelop::MainWindow::~MainWindow() /home/kfunk/devel/src/kf5/kdevplatform-stable/shell/mainwindow.cpp:149:1
    #49 0x7f14dddebeb8 in KDevelop::MainWindow::~MainWindow() /home/kfunk/devel/src/kf5/kdevplatform-stable/shell/mainwindow.cpp:149
    #50 0x7f14d88d57cf in QObject::event(QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b67cf)
    #51 0x7f14d91dd74a in QWidget::event(QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x19e74a)
    #52 0x7f14d92f3a4a in QMainWindow::event(QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x2b4a4a)
    #53 0x7f14dc09a2a6 in KMainWindow::event(QEvent*) (/usr/lib/x86_64-linux-gnu/libKF5XmlGui.so.5+0x7a2a6)
    #54 0x7f14dc0d2754 in KXmlGuiWindow::event(QEvent*) (/usr/lib/x86_64-linux-gnu/libKF5XmlGui.so.5+0xb2754)
    #55 0x7f14d919a9db in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x15b9db)
    #56 0x7f14d919fea5 in QApplication::notify(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x160ea5)
    #57 0x7f14d88a5d7a in QCoreApplication::notifyInternal(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x286d7a)
    #58 0x7f14d88a8175 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x289175)
    #59 0x7f14d88fc0e2  (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2dd0e2)
    #60 0x7f14cf67dff6 in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x49ff6)
    #61 0x7f14cf67e24f  (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4a24f)
    #62 0x7f14cf67e2fb in g_main_context_iteration (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4a2fb)
    #63 0x7f14d88fc4ee in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2dd4ee)
    #64 0x7f14d88a3509 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x284509)
    #65 0x7f14d88ab5eb in QCoreApplication::exec() (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x28c5eb)
    #66 0x504cc6 in main /home/kfunk/devel/src/kf5/kdevelop-stable/app/main.cpp:674:12
    #67 0x7f14d73aaa3f in __libc_start_main /build/buildd/glibc-2.21/csu/libc-start.c:289
    #68 0x43d948 in _start (/home/kfunk/devel/install/kf5-stable/bin/kdevelop+0x43d948)

0x6020008c96f0 is located 0 bytes inside of 16-byte region [0x6020008c96f0,0x6020008c9700)
freed by thread T0 here:
    #0 0x4e43a2 in operator delete(void*) (/home/kfunk/devel/install/kf5-stable/bin/kdevelop+0x4e43a2)
    #1 0x7f14d88d2e5a in QObjectPrivate::deleteChildren() (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b3e5a)

previously allocated by thread T0 here:
    #0 0x4e3de2 in operator new(unsigned long) (/home/kfunk/devel/install/kf5-stable/bin/kdevelop+0x4e3de2)
    #1 0x7f14af8221f4 in createStyleSheet(QObject*) /home/kfunk/devel/src/kf5/kdev-php-stable/docs/phpdocumentationwidget.cpp:37:28
    #2 0x7f14af822b3f in PhpDocumentationWidget::PhpDocumentationWidget(KDevelop::DocumentationFindWidget*, QUrl const&, PhpDocsPlugin*, QWidget*) /home/kfunk/devel/src/kf5/kdev-php-stable/docs/phpdocumentationwidget.cpp:51:16
    #3 0x7f14af82e52b in PhpDocumentation::documentationWidget(KDevelop::DocumentationFindWidget*, QWidget*) /home/kfunk/devel/src/kf5/kdev-php-stable/docs/phpdocumentation.cpp:50:12
    #4 0x7f14d52c2ee1 in DocumentationView::updateView() /home/kfunk/devel/src/kf5/kdevplatform-stable/documentation/documentationview.cpp:222:20
    #5 0x7f14d52c3aab in DocumentationView::showDocumentation(QExplicitlySharedDataPointer<KDevelop::IDocumentation> const&) /home/kfunk/devel/src/kf5/kdevplatform-stable/documentation/documentationview.cpp:167:5
    #6 0x7f14d52c341e in DocumentationView::showHome() /home/kfunk/devel/src/kf5/kdevplatform-stable/documentation/documentationview.cpp:143:5
    #7 0x7f14d52c27d7 in DocumentationView::changedProvider(int) /home/kfunk/devel/src/kf5/kdevplatform-stable/documentation/documentationview.cpp:241:5
    #8 0x7f14d52c27d7 in DocumentationView::emptyHistory() /home/kfunk/devel/src/kf5/kdevplatform-stable/documentation/documentationview.cpp:202
    #9 0x7f14d52ca31d in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (DocumentationView::*)()>::call(void (DocumentationView::*)(), DocumentationView*, void**) /usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:501:13
    #10 0x7f14d52ca31d in void QtPrivate::FunctionPointer<void (DocumentationView::*)()>::call<QtPrivate::List<>, void>(void (DocumentationView::*)(), DocumentationView*, void**) /usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:520
    #11 0x7f14d52ca31d in QtPrivate::QSlotObject<void (DocumentationView::*)(), QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) /usr/include/x86_64-linux-gnu/qt5/QtCore/qobject_impl.h:143
    #12 0x7f14d88d4776 in QMetaObject::activate(QObject*, int, int, void**) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b5776)
    #13 0x7f14d52cb423 in ProvidersModel::providersChanged() /home/kfunk/devel/build/kf5/kdevplatform-stable/documentation/moc_documentationview.cpp:281:5
    #14 0x7f14d52c69ce in ProvidersModel::removeProviders(QList<KDevelop::IDocumentationProvider*> const&) /home/kfunk/devel/src/kf5/kdevplatform-stable/documentation/documentationview.cpp:295:10
    #15 0x7f14d52c4f58 in ProvidersModel::unloaded(KDevelop::IPlugin*) /home/kfunk/devel/src/kf5/kdevplatform-stable/documentation/documentationview.cpp:302:9
    #16 0x7f14d52c96b3 in QtPrivate::FunctorCall<QtPrivate::IndexesList<0>, QtPrivate::List<KDevelop::IPlugin*>, void, void (ProvidersModel::*)(KDevelop::IPlugin*)>::call(void (ProvidersModel::*)(KDevelop::IPlugin*), ProvidersModel*, void**) /usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:501:14
    #17 0x7f14d52c96b3 in void QtPrivate::FunctionPointer<void (ProvidersModel::*)(KDevelop::IPlugin*)>::call<QtPrivate::List<KDevelop::IPlugin*>, void>(void (ProvidersModel::*)(KDevelop::IPlugin*), ProvidersModel*, void**) /usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:520
    #18 0x7f14d52c96b3 in QtPrivate::QSlotObject<void (ProvidersModel::*)(KDevelop::IPlugin*), QtPrivate::List<KDevelop::IPlugin*>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) /usr/include/x86_64-linux-gnu/qt5/QtCore/qobject_impl.h:143
    #19 0x7f14d88d4776 in QMetaObject::activate(QObject*, int, int, void**) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b5776)
    #20 0x7f14de1f1b9b in KDevelop::IPluginController::unloadingPlugin(KDevelop::IPlugin*) /home/kfunk/devel/build/kf5/kdevplatform-stable/interfaces/moc_iplugincontroller.cpp:238:5
    #21 0x7f14dde0fe5a in KDevelop::PluginController::unloadPlugin(KDevelop::IPlugin*, KDevelop::PluginController::PluginDeletion) /home/kfunk/devel/src/kf5/kdevplatform-stable/shell/plugincontroller.cpp:419:10
    #22 0x7f14dde0f7bd in KDevelop::PluginController::cleanup() /home/kfunk/devel/src/kf5/kdevplatform-stable/shell/plugincontroller.cpp:321:9
    #23 0x7f14dde4ab92 in KDevelop::Core::cleanup() /home/kfunk/devel/src/kf5/kdevplatform-stable/shell/core.cpp:446:9
    #24 0x7f14dde49bdd in KDevelop::Core::shutdown() /home/kfunk/devel/src/kf5/kdevplatform-stable/shell/core.cpp:409:9
    #25 0x7f14dddebb39 in KDevelop::MainWindow::~MainWindow() /home/kfunk/devel/src/kf5/kdevplatform-stable/shell/mainwindow.cpp:152:9
    #26 0x7f14dddebeb8 in KDevelop::MainWindow::~MainWindow() /home/kfunk/devel/src/kf5/kdevplatform-stable/shell/mainwindow.cpp:149:1
    #27 0x7f14dddebeb8 in KDevelop::MainWindow::~MainWindow() /home/kfunk/devel/src/kf5/kdevplatform-stable/shell/mainwindow.cpp:149
    #28 0x7f14d88d57cf in QObject::event(QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b67cf)
    #29 0x7f14d91dd74a in QWidget::event(QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x19e74a)

SUMMARY: AddressSanitizer: heap-use-after-free /home/kfunk/devel/src/kf5/kdev-php-stable/docs/phpdocumentationwidget.cpp:93 PhpDocumentationWidget::documentLoaded()
Shadow bytes around the buggy address:
  0x0c0480111280: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0480111290: fa fa fa fa fa fa fd fd fa fa fd fd fa fa fa fa
  0x0c04801112a0: fa fa fa fa fa fa fd fd fa fa fa fa fa fa fa fa
  0x0c04801112b0: fa fa fa fa fa fa fa fa fa fa fd fd fa fa fd fd
  0x0c04801112c0: fa fa fd fd fa fa fa fa fa fa fd fd fa fa fd fd
=>0x0c04801112d0: fa fa fa fa fa fa fd fd fa fa 00 00 fa fa[fd]fd
  0x0c04801112e0: fa fa 04 fa fa fa 00 00 fa fa 00 fa fa fa 04 fa
  0x0c04801112f0: fa fa fd fd fa fa fa fa fa fa fa fa fa fa fd fd
  0x0c0480111300: fa fa fd fd fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0480111310: fa fa fd fd fa fa 00 00 fa fa 00 00 fa fa fd fd
  0x0c0480111320: fa fa 00 00 fa fa fd fd fa fa fd fd fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==6520==ABORTING


Reproducible: Sometimes

Comment 1 Milian Wolff 2016-02-11 17:34:42 UTC

Didn't I just fix that yesterday with the following commit?

commit fae4e7ea2be0510362ecd2a202764bb2a28fd35d
Author: Milian Wolff <mail@milianw.de>
Date:   Wed Feb 10 10:42:22 2016 +0100

    Fix crash on shutdown in PHP documentation view.
    
    This happens when the documentation view emits its documentLoaded
    signal on shutdown, e.g. when a load operation is canceled.
    The new Qt signal/slot connection syntax would deliver this signal
    to the half-destroyed parent object, resulting in a crash.
    
    See also: https://codereview.qt-project.org/#/c/83800/

Comment 2 Kevin Funk 2016-02-11 17:55:00 UTC

Ah, right, didn't see that one.

Looks like this would fix the issue, yes.

Comment 3 Milian Wolff 2016-02-21 21:16:10 UTC

*** Bug 358847 has been marked as a duplicate of this bug. ***