Created attachment 120650 [details] Possible patch to keep m_paintOrder in synch with m_visiblePlacemarks SUMMARY Marble applications 19.04 compiled from sources on Windows 10 64 bit Qt 5.11.2 64 bit Visual Studio 2015 The crash happens only in the debug version, but it might be due to the speed difference, please see additional information STEPS TO REPRODUCE 1. Start Marble with the default OSM map (earth/openstreetmap/openstreetmap.dgml) 2. Show the annotate plugin toolbar and select "add placemark" 3. In the Add Placemark dialog change a coordinate 4. Move the dialog and move the mouse pointer on the map below OBSERVED RESULT The application crashes with the following call stack: Qt5Guid.dll!QPlatformPixmap::height() Line 124 Qt5Guid.dll!QPixmap::size() Line 532 > marblewidget-qt5d.dll!Marble::VisiblePlacemark::symbolRect() Line 171 marblewidget-qt5d.dll!Marble::PlacemarkLayout::hasPlacemarkAt(const QPoint & pos) Line 556 marblewidget-qt5d.dll!Marble::PlacemarkLayer::hasPlacemarkAt(const QPoint & pos) Line 219 marblewidget-qt5d.dll!Marble::MarbleMap::hasFeatureAt(const QPoint & position) Line 483 marblewidget-qt5d.dll!Marble::MarbleDefaultInputHandler::adjustCursorShape(const QPoint & mousePosition, const QPoint & mouseDirection) Line 663 marblewidget-qt5d.dll!Marble::MarbleDefaultInputHandler::handleMouseEvent(QMouseEvent * event) Line 884 marblewidget-qt5d.dll!Marble::MarbleDefaultInputHandler::eventFilter(QObject * o, QEvent * e) Line 923 Qt5Cored.dll!QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject * receiver, QEvent * event) Line 1174 Qt5Widgetsd.dll!QApplicationPrivate::notify_helper(QObject * receiver, QEvent * e) Line 3723 Qt5Widgetsd.dll!QApplication::notify(QObject * receiver, QEvent * e) Line 3203 Qt5Cored.dll!QCoreApplication::notifyInternal2(QObject * receiver, QEvent * event) Line 1048 Qt5Cored.dll!QCoreApplication::sendSpontaneousEvent(QObject * receiver, QEvent * event) Line 237 Qt5Widgetsd.dll!QApplicationPrivate::sendMouseEvent(QWidget * receiver, QMouseEvent * event, QWidget * alienWidget, QWidget * nativeWidget, QWidget * * buttonDown, QPointer<QWidget> & lastMouseReceiver, bool spontaneous) Line 2693 Qt5Widgetsd.dll!QWidgetWindow::handleMouseEvent(QMouseEvent * event) Line 661 Qt5Widgetsd.dll!QWidgetWindow::event(QEvent * event) Line 282 Qt5Widgetsd.dll!QApplicationPrivate::notify_helper(QObject * receiver, QEvent * e) Line 3727 Qt5Widgetsd.dll!QApplication::notify(QObject * receiver, QEvent * e) Line 3099 Qt5Cored.dll!QCoreApplication::notifyInternal2(QObject * receiver, QEvent * event) Line 1048 Qt5Cored.dll!QCoreApplication::sendSpontaneousEvent(QObject * receiver, QEvent * event) Line 237 Qt5Guid.dll!QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent * e) Line 2082 Qt5Guid.dll!QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent * e) Line 1817 Qt5Guid.dll!QWindowSystemInterface::sendWindowSystemEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags) Line 1038 qwindowsd.dll!QWindowsGuiEventDispatcher::sendPostedEvents() Line 83 Qt5Cored.dll!qt_internal_proc(HWND__ * hwnd, unsigned int message, unsigned __int64 wp, __int64 lp) Line 239 [External Code] Qt5Cored.dll!QEventDispatcherWin32::processEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags) Line 630 qwindowsd.dll!QWindowsGuiEventDispatcher::processEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags) Line 74 Qt5Cored.dll!QEventLoop::processEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags) Line 137 Qt5Cored.dll!QEventLoop::exec(QFlags<enum QEventLoop::ProcessEventsFlag> flags) Line 214 Qt5Cored.dll!QCoreApplication::exec() Line 1336 Qt5Guid.dll!QGuiApplication::exec() Line 1762 Qt5Widgetsd.dll!QApplication::exec() Line 2902 marble-qt.exe!main(int argc, char * * argv) Line 308 [External Code] EXPECTED RESULT SOFTWARE/OS VERSIONS Windows: 10 64 bit macOS: Linux/KDE Plasma: (available in About System) KDE Plasma Version: KDE Frameworks Version: Qt Version: 5.11.2 64bit ADDITIONAL INFORMATION The crash seems to happen because the mouse movement triggers an updateFeature: AnnotatePlugin::eventFilter -> AnnotatePlugin::handleUncaughtEvents -> m_marbleWidget->model()->treeModel()->updateFeature( m_focusItem->placemark() ); Which in turn calls RemoveFeature and AddFeature of GeoDataTreeModel and they emits rowsAboutToBeRemoved and rowsInserted signals, connected to removePlacemarks and addPlacemarks of PlacemarkLayout PlacemarkLayout::removePlacemarks -> remove the placemark from its cache and the associated VisibleItem. It doesn't deal with m_paintOrder. PlacemarkLayout::addPlacemarks -> add only the placemark to the internal cache. Creation of VisibleItem seems to be demanded to the first layoutPlacemark call At the end of addPlacemark an emit repaintNeeded() should cause a PlacemarkLayout::layoutPlacemark call, if that happens before any other mouse events, all is well. But if the mouse event is passed to MarbleDefaultInputHandler::eventFilter before the next render, then the following calls cause an invalid memory access. MarbleDefaultInputHandler::eventFilter -> MarbleDefaultInputHandler::adjustCursorShape -> MarbleInputHandler::d->m_marblePresenter->map()->hasFeatureAt(mousePosition) -> ... -> PlacemarkLayout::hasPlacemarkAt which uses m_paintOrder still containing an invalid VisibleItem from the preceding removePlacemarks I don't understand in detail the reasone of the debug/relase difference, but it would seem a sound and roboust approach to make PlacemarkLayout::m_paintOrder more in synch with m_visiblePlacemarks.
This is bug 378885. Please use https://phabricator.kde.org/differential/diff/create/ to propose patches; they tend to get lost in the bug tracker. For more information, please see https://community.kde.org/Infrastructure/Phabricator
Dario, any luck with the link from comment #1?
Thank you for reporting this crash in KDE software. As it has been a while since this issue was reported, can we please ask you to see if you can reproduce the crash with a recent software version? If you can reproduce the issue, please change the status to "CONFIRMED" when replying. Thank you!
Dear Bug Submitter, This bug has been in NEEDSINFO status with no change for at least 15 days. Please provide the requested information as soon as possible and set the bug status as REPORTED. Due to regular bug tracker maintenance, if the bug is still in NEEDSINFO status with no change in 30 days the bug will be closed as RESOLVED > WORKSFORME due to lack of needed information. For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging If you have already provided the requested information, please mark the bug as REPORTED so that the KDE team knows that the bug is ready to be confirmed. Thank you for helping us make KDE software even better for everyone!
This bug has been in NEEDSINFO status with no change for at least 30 days. The bug is now closed as RESOLVED > WORKSFORME due to lack of needed information. For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging Thank you for helping us make KDE software even better for everyone!