458555 – GeoDataFolder iterator methods crash

Bug 458555 - GeoDataFolder iterator methods crash

Summary: GeoDataFolder iterator methods crash

Status:	REPORTED

Alias:	None

Product:	marble
Classification:	Applications
Component:	general (show other bugs)
Version:	22.04.3
Platform:	Debian stable Microsoft Windows

Importance:	NOR crash
Target Milestone:	---
Assignee:	marble-bugs

URL:
Keywords:

Depends on:
Blocks:

Reported:	2022-08-31 14:43 UTC by magliocca
Modified:	2023-06-22 14:23 UTC (History)
CC List:	1 user (show)

See Also:	471339
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description magliocca 2022-08-31 14:43:17 UTC

SUMMARY
***
With Marble versions 19.08 and 22.04.3, we are experiencing a seg fault when calling the iterator methods for GeoDataFolder. 

It looks like the d pointer is either becoming corrupted or is getting deleted, only for the iterator methods. I can call other methods without problems, such as at() and last(). I ran the same snippet with Marble 16.04 and it runs fine. 
***

STEPS TO REPRODUCE
1. Create an empty Qt+Marble project.
2. Add the following code to main:
    GeoDataFolder *myFolder = new GeoDataFolder();
    myFolder->begin();
3. Compile, build, and run the application.
4. Observe the crash.

OBSERVED RESULT
The application crashes due to a seg fault on the iterator begin command. 

I get a similar seg fault when I try to call end(). The stack trace shows the following:                                                                                        
                                                                                        
1 QVector<Marble::GeoDataFeature *>::isDetached qvector.h            113 0x7ffff78f0b36 
2 QVector<Marble::GeoDataFeature *>::detach     qvector.h            399 0x7ffff78f0cfa 
3 QVector<Marble::GeoDataFeature *>::begin      qvector.h            219 0x7ffff78ef4c9 
4 Marble::GeoDataContainer::begin               GeoDataContainer.cpp 349 0x7ffff78ee6fa 
5 main                                          main.cpp             54  0x55555555b6e4 


EXPECTED RESULT
The application should not crash when calling GeoDataFolder's begin/end methods.


SOFTWARE/OS VERSIONS
Windows: 10
macOS: 
Linux/KDE Plasma: Debian 10
(available in About System)
KDE Plasma Version: 
KDE Frameworks Version: 
Qt Version: 5.15.5

ADDITIONAL INFORMATION
This behavior has been observed on Debian. We have yet to test Windows.

Comment 1 Andrew Morris 2022-11-25 18:49:05 UTC

I can confirm the same problem is occurring on FreeBSD 12.3 on Marble 22.08.1 (FreeBSD port version 22.08.1_1), with Qt version 5.15.5p165, Plasma 5.24.6_1.

It's actually showing up in two different ways for me. If the GeoDataFolder is created in a different function, then within begin(), *this is null, and the attempt to set the d pointer segfaults, apparently because it's trying to access memory at this+0x18 or something like that. If it's created within the same function, then *this is some absurd value like 0x7fffffffe598 and the attempt to set d fails with a bus error. These seem to just be different expressions of the same problem.

I too can access at(), first(), and other methods within GeoDataFolder without any trouble, and they seem to return sensible results. This problem seems to affect just the methods that return a QVector<GeoDataFeature*>::Iterator, which are begin() and end().