Bug 410428 - Crash resizing vector shape (asan backtrace)
Summary: Crash resizing vector shape (asan backtrace)
Status: RESOLVED DUPLICATE of bug 409872
Alias: None
Product: krita
Classification: Applications
Component: Tools/Vector (show other bugs)
Version: git master (please specify the git hash!)
Platform: Other Linux
: NOR crash
Target Milestone: ---
Assignee: Krita Bugs
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-07-30 20:08 UTC by wolthera
Modified: 2019-07-30 20:32 UTC (History)
0 users

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description wolthera 2019-07-30 20:08:16 UTC 
SUMMARY
Was resizing a vector rectangle, got this. Have not tried to reproduce.

Krita

 Version: 4.3.0-prealpha (git 26e236d)
 Languages: en_US, en_GB, nl
 Hidpi: true

Qt

  Version (compiled): 5.12.3
  Version (loaded): 5.12.3

OS Information

  Build ABI: x86_64-little_endian-lp64
  Build CPU: x86_64
  CPU: x86_64
  Kernel Type: linux
  Kernel Version: 4.15.0-54-generic
  Pretty Productname: KDE neon User Edition 5.16
  Product Type: neon
  Product Version: 18.04

=================================================================
==21849==ERROR: AddressSanitizer: heap-use-after-free on address 0x6060022e4538 at pc 0x7fffe76ed195 bp 0x7fffffff8450 sp 0x7fffffff8440
READ of size 8 at 0x6060022e4538 thread T0
    #0 0x7fffe76ed194 in KoPathShape::Private::map(QTransform const&) /home/wolthera/krita/src/libs/flake/KoPathShape.cpp:783
    #1 0x7fffe76ea259 in KoPathShape::setSize(QSizeF const&) /home/wolthera/krita/src/libs/flake/KoPathShape.cpp:592
    #2 0x7fffe78015c4 in KoParameterShape::setSize(QSizeF const&) /home/wolthera/krita/src/libs/flake/KoParameterShape.cpp:120
    #3 0x7fffe7945976 in KoShapeResizeCommand::undoImpl() /home/wolthera/krita/src/libs/flake/commands/KoShapeResizeCommand.cpp:90
    #4 0x7fffe5f28c07 in KisCommandUtils::SkipFirstRedoBase::undo() /home/wolthera/krita/src/libs/command/kis_command_utils.cpp:137
    #5 0x7fffa5aef741 in ShapeResizeStrategy::resizeBy(QPointF const&, double, double) /home/wolthera/krita/src/plugins/tools/defaulttool/defaulttool/ShapeResizeStrategy.cpp:218
    #6 0x7fffa5aef5a9 in ShapeResizeStrategy::handleMouseMove(QPointF const&, QFlags<Qt::KeyboardModifier>) /home/wolthera/krita/src/plugins/tools/defaulttool/defaulttool/ShapeResizeStrategy.cpp:212
    #7 0x7fffe79e5702 in KoInteractionTool::mouseMoveEvent(KoPointerEvent*) /home/wolthera/krita/src/libs/flake/tools/KoInteractionTool.cpp:72
    #8 0x7fffa5aa7c80 in DefaultTool::mouseMoveEvent(KoPointerEvent*) /home/wolthera/krita/src/plugins/tools/defaulttool/defaulttool/DefaultTool.cpp:729
    #9 0x7fffe784338c in KoToolProxy::mouseMoveEvent(KoPointerEvent*) /home/wolthera/krita/src/libs/flake/KoToolProxy.cpp:297
    #10 0x7fffe7843000 in KoToolProxy::mouseMoveEvent(QMouseEvent*, QPointF const&) /home/wolthera/krita/src/libs/flake/KoToolProxy.cpp:281
    #11 0x7ffff1923cb3 in KisToolProxy::forwardEvent(KisToolProxy::ActionState, KisTool::ToolAction, QEvent*, QEvent*) /home/wolthera/krita/src/libs/ui/canvas/kis_tool_proxy.cpp:145
    #12 0x7ffff22e0d12 in KisToolInvocationAction::inputEvent(QEvent*) /home/wolthera/krita/src/libs/ui/input/kis_tool_invocation_action.cpp:167
    #13 0x7ffff22fa4cb in KisShortcutMatcher::pointerMoved(QEvent*) /home/wolthera/krita/src/libs/ui/input/kis_shortcut_matcher.cpp:267
    #14 0x7ffff22b8c50 in KisInputManager::Private::handleCompressedTabletEvent(QEvent*) /home/wolthera/krita/src/libs/ui/input/kis_input_manager_p.cpp:651
    #15 0x7ffff22a799e in KisInputManager::slotCompressedMoveEvent() /home/wolthera/krita/src/libs/ui/input/kis_input_manager.cpp:751
    #16 0x7ffff270c525 in KisInputManager::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/wolthera/krita/build/libs/ui/kritaui_autogen/RHTBEVGUKT/moc_kis_input_manager.cpp:89
    #17 0x7fffeb522874 in QMetaObject::activate(QObject*, int, int, void**) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b0874)
    #18 0x7fffeccfb7b4 in KisSignalCompressor::timeout() /home/wolthera/krita/build/libs/global/kritaglobal_autogen/EWIEGA46WW/moc_kis_signal_compressor.cpp:151
    #19 0x7fffeccb1c93 in KisSignalCompressor::tryEmitSignalSafely() /home/wolthera/krita/src/libs/global/kis_signal_compressor.cpp:170
    #20 0x7fffeccb1b89 in KisSignalCompressor::tryEmitOnTick(bool) /home/wolthera/krita/src/libs/global/kis_signal_compressor.cpp:152
    #21 0x7fffeccb17f4 in KisSignalCompressor::start() /home/wolthera/krita/src/libs/global/kis_signal_compressor.cpp:110
    #22 0x7ffff22ad86a in bool KisInputManager::compressMoveEventCommon<QMouseEvent>(QMouseEvent*) (/home/wolthera/krita/inst/lib/x86_64-linux-gnu/libkritaui.so.19+0x33d686a)
    #23 0x7ffff22a4c69 in KisInputManager::eventFilterImpl(QEvent*) /home/wolthera/krita/src/libs/ui/input/kis_input_manager.cpp:383
    #24 0x7ffff22a3445 in KisInputManager::eventFilter(QObject*, QEvent*) /home/wolthera/krita/src/libs/ui/input/kis_input_manager.cpp:201
    #25 0x7fffeb4f2a9c in QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x280a9c)
    #26 0x7fffec2ee634 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x15c634)
    #27 0x7fffec2f6a57 in QApplication::notify(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x164a57)
    #28 0x7ffff2494bac in KisApplication::notify(QObject*, QEvent*) /home/wolthera/krita/src/libs/ui/KisApplication.cpp:653
    #29 0x7fffeb4f2d17 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x280d17)
    #30 0x7fffec2f505e in QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool, bool) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x16305e)
    #31 0x7fffec3498a0  (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x1b78a0)
    #32 0x7fffec34c6f9  (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x1ba6f9)
    #33 0x7fffec2ee65b in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x15c65b)
    #34 0x7fffec2f5b8f in QApplication::notify(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x163b8f)
    #35 0x7ffff2494bac in KisApplication::notify(QObject*, QEvent*) /home/wolthera/krita/src/libs/ui/KisApplication.cpp:653
    #36 0x7fffeb4f2d17 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x280d17)
    #37 0x7fffebabc1fa in QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5+0x1141fa)
    #38 0x7fffebabd364 in QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5+0x115364)
    #39 0x7fffeba95b4a in QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5+0xedb4a)
    #40 0x7fffd69d7599  (/usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5+0x6c599)
    #41 0x7fffe12c1416 in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4c416)
    #42 0x7fffe12c164f  (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4c64f)
    #43 0x7fffe12c16db in g_main_context_iteration (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4c6db)
    #44 0x7fffeb54fdae in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2dddae)
    #45 0x7fffeb4f1039 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x27f039)
    #46 0x7fffeb4fa16f in QCoreApplication::exec() (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x28816f)
    #47 0x555557933430 in main /home/wolthera/krita/src/krita/main.cc:535
    #48 0x7fffea901b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    #49 0x55555792ca69 in _start (/home/wolthera/krita/inst/bin/krita+0x23d8a69)

0x6060022e4538 is located 24 bytes inside of 64-byte region [0x6060022e4520,0x6060022e4560)
freed by thread T0 here:
    #0 0x7ffff6ef87b8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7b8)
    #1 0x7fffe770519a in QList<KoPathPoint*>::dealloc(QListData::Data*) /usr/include/x86_64-linux-gnu/qt5/QtCore/qlist.h:870
    #2 0x7fffe7701449 in QList<KoPathPoint*>::~QList() /usr/include/x86_64-linux-gnu/qt5/QtCore/qlist.h:830
    #3 0x7fffe7700405 in QtPrivate::QForeachContainer<QList<KoPathPoint*> >::~QForeachContainer() /usr/include/x86_64-linux-gnu/qt5/QtCore/qglobal.h:973
    #4 0x7fffe76e8813 in KoPathShape::outline() const /home/wolthera/krita/src/libs/flake/KoPathShape.cpp:474
    #5 0x7fffe76fd846 in KoPathShape::pathStroke(QPen const&) const /home/wolthera/krita/src/libs/flake/KoPathShape.cpp:1667
    #6 0x7fffe76e96ee in KoPathShape::boundingRect() const /home/wolthera/krita/src/libs/flake/KoPathShape.cpp:566
    #7 0x7fffe7796d1c in KoShapeManager::Private::DetectCollision::detect(KoRTree<KoShape*>&, KoShape*, int) /home/wolthera/krita/src/libs/flake/KoShapeManager_p.h:86
    #8 0x7fffe778a57b in KoShapeManager::Private::updateTree() /home/wolthera/krita/src/libs/flake/KoShapeManager.cpp:74
    #9 0x7fffe7794f60 in KoShapeManager::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/wolthera/krita/build/libs/flake/kritaflake_autogen/include/moc_KoShapeManager.cpp:105
    #10 0x7fffeb522874 in QMetaObject::activate(QObject*, int, int, void**) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b0874)
    #11 0x7fffeccfc2b0 in KisThreadSafeSignalCompressor::timeout() /home/wolthera/krita/build/libs/global/kritaglobal_autogen/EWIEGA46WW/moc_kis_thread_safe_signal_compressor.cpp:182
    #12 0x7fffeccfb9f9 in KisThreadSafeSignalCompressor::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/wolthera/krita/build/libs/global/kritaglobal_autogen/EWIEGA46WW/moc_kis_thread_safe_signal_compressor.cpp:97
    #13 0x7fffeb522874 in QMetaObject::activate(QObject*, int, int, void**) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b0874)
    #14 0x7fffeccfb7b4 in KisSignalCompressor::timeout() /home/wolthera/krita/build/libs/global/kritaglobal_autogen/EWIEGA46WW/moc_kis_signal_compressor.cpp:151
    #15 0x7fffeccb1c93 in KisSignalCompressor::tryEmitSignalSafely() /home/wolthera/krita/src/libs/global/kis_signal_compressor.cpp:170
    #16 0x7fffeccb1b89 in KisSignalCompressor::tryEmitOnTick(bool) /home/wolthera/krita/src/libs/global/kis_signal_compressor.cpp:152
    #17 0x7fffeccb1930 in KisSignalCompressor::start() /home/wolthera/krita/src/libs/global/kis_signal_compressor.cpp:124
    #18 0x7fffeccfb435 in KisSignalCompressor::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/wolthera/krita/build/libs/global/kritaglobal_autogen/EWIEGA46WW/moc_kis_signal_compressor.cpp:91
    #19 0x7fffeb522874 in QMetaObject::activate(QObject*, int, int, void**) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b0874)
    #20 0x7fffeccfc2dc in KisThreadSafeSignalCompressor::internalRequestSignal() /home/wolthera/krita/build/libs/global/kritaglobal_autogen/EWIEGA46WW/moc_kis_thread_safe_signal_compressor.cpp:188
    #21 0x7fffeccb2907 in KisThreadSafeSignalCompressor::start() /home/wolthera/krita/src/libs/global/kis_thread_safe_signal_compressor.cpp:49
    #22 0x7fffe7794618 in KoShapeManager::notifyShapeChanged(KoShape*) /home/wolthera/krita/src/libs/flake/KoShapeManager.cpp:602
    #23 0x7fffe7744c23 in KoShape::notifyChanged() /home/wolthera/krita/src/libs/flake/KoShape.cpp:821
    #24 0x7fffe770cfa3 in KoPathPoint::map(QTransform const&) /home/wolthera/krita/src/libs/flake/KoPathPoint.cpp:262
    #25 0x7fffe76ed1a9 in KoPathShape::Private::map(QTransform const&) /home/wolthera/krita/src/libs/flake/KoPathShape.cpp:783
    #26 0x7fffe76ea259 in KoPathShape::setSize(QSizeF const&) /home/wolthera/krita/src/libs/flake/KoPathShape.cpp:592
    #27 0x7fffe78015c4 in KoParameterShape::setSize(QSizeF const&) /home/wolthera/krita/src/libs/flake/KoParameterShape.cpp:120
    #28 0x7fffe7945976 in KoShapeResizeCommand::undoImpl() /home/wolthera/krita/src/libs/flake/commands/KoShapeResizeCommand.cpp:90
    #29 0x7fffe5f28c07 in KisCommandUtils::SkipFirstRedoBase::undo() /home/wolthera/krita/src/libs/command/kis_command_utils.cpp:137

previously allocated by thread T0 here:
    #0 0x7ffff6ef8b50 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb50)
    #1 0x7fffeb3789db in QListData::detach(int) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x1069db)

SUMMARY: AddressSanitizer: heap-use-after-free /home/wolthera/krita/src/libs/flake/KoPathShape.cpp:783 in KoPathShape::Private::map(QTransform const&)
Shadow bytes around the buggy address:
  0x0c0c80454850: 00 00 00 00 00 00 00 fa fa fa fa fa 00 00 00 00
  0x0c0c80454860: 00 00 00 fa fa fa fa fa 00 00 00 00 00 00 00 fa
  0x0c0c80454870: fa fa fa fa 00 00 00 00 00 00 00 fa fa fa fa fa
  0x0c0c80454880: 00 00 00 00 00 00 00 fa fa fa fa fa 00 00 00 00
  0x0c0c80454890: 00 00 00 fa fa fa fa fa fd fd fd fd fd fd fd fa
=>0x0c0c804548a0: fa fa fa fa fd fd fd[fd]fd fd fd fd fa fa fa fa
  0x0c0c804548b0: 00 00 00 00 00 00 00 02 fa fa fa fa fd fd fd fd
  0x0c0c804548c0: fd fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0c804548d0: fa fa fa fa 00 00 00 00 00 00 00 00 fa fa fa fa
  0x0c0c804548e0: 00 00 00 00 00 00 00 00 fa fa fa fa 00 00 00 00
  0x0c0c804548f0: 00 00 00 00 fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==21849==ABORTING
Comment 1 wolthera 2019-07-30 20:32:16 UTC 

*** This bug has been marked as a duplicate of bug 409872 ***