Bug 495160 - Crash when selecting virtual output
Summary: Crash when selecting virtual output
Status: RESOLVED FIXED
Alias: None
Product: xdg-desktop-portal-kde
Classification: Plasma
Component: general (show other bugs)
Version: unspecified
Platform: Other Linux
: NOR crash
Target Milestone: ---
Assignee: Plasma Bugs List
URL: https://invent.kde.org/plasma/xdg-des...
Keywords:
Depends on:
Blocks:
 
Reported: 2024-10-21 22:34 UTC by Nicolas Fella
Modified: 2025-02-07 13:09 UTC (History)
5 users (show)

See Also:
Latest Commit: https://invent.kde.org/plasma/xdg-desktop-portal-kde/-/commit/e7faf69cd80bdf135b4ea632c5f6f4bcf125b75e
Version Fixed In: 6.3.1
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Nicolas Fella 2024-10-21 22:34:09 UTC 
STEPS TO REPRODUCE
1. Start OBS studio 
2. Add source > Screen Capture (Pipewire)
3. Click "New virtual output"
4. In the source properties, click "Open Selector"
5. Click "Virtual-Virtual0"

OBSERVED RESULT

=================================================================
==59860==ERROR: AddressSanitizer: heap-use-after-free on address 0x5020001e0858 at pc 0x7efcf4161aa1 bp 0x7ffd35a46690 sp 0x7ffd35a46688
READ of size 8 at 0x5020001e0858 thread T0
    #0 0x7efcf4161aa0 in QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> >::get() const /home/nico/workspace/qt6-dev/qtbase/src/corelib/tools/qscopedpointer.h:112
    #1 0x7efcf4161aa0 in decltype (({parm#1}.get)()) qGetPtrHelper<QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> > const>(QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> > const&) /home/nico/workspace/qt6-dev/qtbase/src/corelib/global/qtclasshelpermacros.h:112
    #2 0x7efcf4161aa0 in QScreen::d_func() const /home/nico/workspace/qt6-dev/qtbase/src/gui/kernel/qscreen.h:34
    #3 0x7efcf4161aa0 in QScreen::name() const /home/nico/workspace/qt6-dev/qtbase/src/gui/kernel/qscreen.cpp:103
    #4 0x62efcc in Screencasting::createOutputStream(QScreen*, Screencasting::CursorMode) /home/nico/kde-qtdev/src/xdg-desktop-portal-kde/src/screencasting.cpp:113
    #5 0x6c41ea in WaylandIntegration::WaylandIntegrationPrivate::startStreamingOutput(QScreen*, Screencasting::CursorMode) /home/nico/kde-qtdev/src/xdg-desktop-portal-kde/src/waylandintegration.cpp:278
    #6 0x6c2db0 in WaylandIntegration::startStreamingOutput(QScreen*, Screencasting::CursorMode) /home/nico/kde-qtdev/src/xdg-desktop-portal-kde/src/waylandintegration.cpp:127
    #7 0x624cce in ScreenCastPortal::Start(QDBusObjectPath const&, QDBusObjectPath const&, QString const&, QString const&, QMap<QString, QVariant> const&, QMap<QString, QVariant>&) /home/nico/kde-qtdev/src/xdg-desktop-portal-kde/src/screencast.cpp:225
    #8 0x444533 in ScreenCastPortal::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/nico/kde-qtdev/build/xdg-desktop-portal-kde/src/xdg-desktop-portal-kde_autogen/EWIEGA46WW/moc_screencast.cpp:251
    #9 0x444f44 in ScreenCastPortal::qt_metacall(QMetaObject::Call, int, void**) /home/nico/kde-qtdev/build/xdg-desktop-portal-kde/src/xdg-desktop-portal-kde_autogen/EWIEGA46WW/moc_screencast.cpp:316
    #10 0x7efcf38be3e5 in QDBusConnectionPrivate::deliverCall(QObject*, QDBusMessage const&, QList<QMetaType> const&, int) /home/nico/workspace/qt6-dev/qtbase/src/dbus/qdbusintegrator.cpp:1007
    #11 0x7efcf38c66ce in QDBusConnectionPrivate::activateCall(QObject*, QFlags<QDBusConnection::RegisterOption>, QDBusMessage const&) /home/nico/workspace/qt6-dev/qtbase/src/dbus/qdbusintegrator.cpp:916
    #12 0x7efcf38c7cc2 in QDBusConnectionPrivate::activateObject(QDBusConnectionPrivate::ObjectTreeNode&, QDBusMessage const&, int) /home/nico/workspace/qt6-dev/qtbase/src/dbus/qdbusintegrator.cpp:1484
    #13 0x7efcf38d0923 in QDBusActivateObjectEvent::placeMetaCall(QObject*) /home/nico/workspace/qt6-dev/qtbase/src/dbus/qdbusintegrator.cpp:1604
    #14 0x7efcf2aa38ed in QObject::event(QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qobject.cpp:1420
    #15 0x7efcf5a7aaad in QApplicationPrivate::notify_helper(QObject*, QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qapplication.cpp:3294
    #16 0x7efcf5a96958 in QApplication::notify(QObject*, QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qapplication.cpp:3245
    #17 0x7efcf29a3a09 in QCoreApplication::notifyInternal2(QObject*, QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1124
    #18 0x7efcf29a3b7c in QCoreApplication::sendEvent(QObject*, QEvent*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1568
    #19 0x7efcf29a6bf6 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1923
    #20 0x7efcf29a7314 in QCoreApplication::sendPostedEvents(QObject*, int) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1755
    #21 0x7efcf32076f9 in postEventSourceDispatch /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:246
    #22 0x7efcf2510eb7 in g_main_dispatch ../glib/gmain.c:3357
    #23 0x7efcf2510eb7 in g_main_context_dispatch_unlocked ../glib/gmain.c:4208
    #24 0x7efcf2512ca7 in g_main_context_iterate_unlocked ../glib/gmain.c:4273
    #25 0x7efcf25134bb in g_main_context_iteration ../glib/gmain.c:4338
    #26 0x7efcf32059b6 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:399
    #27 0x7efcf4f817db in QPAEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) /home/nico/workspace/qt6-dev/qtbase/src/gui/platform/unix/qeventdispatcher_glib.cpp:89
    #28 0x7efcf29c4fc1 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qeventloop.cpp:103
    #29 0x7efcf29c7208 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qeventloop.cpp:194
    #30 0x7efcf29ae891 in QCoreApplication::exec() /home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1469
    #31 0x7efcf40266c5 in QGuiApplication::exec() /home/nico/workspace/qt6-dev/qtbase/src/gui/kernel/qguiapplication.cpp:1975
    #32 0x7efcf5a7795e in QApplication::exec() /home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qapplication.cpp:2562
    #33 0x6d2199 in main /home/nico/kde-qtdev/src/xdg-desktop-portal-kde/src/xdg-desktop-portal-kde.cpp:50
    #34 0x7efcf1e2a2ad in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #35 0x7efcf1e2a378 in __libc_start_main_impl ../csu/libc-start.c:360
    #36 0x42daf4 in _start ../sysdeps/x86_64/start.S:115
0x5020001e0858 is located 8 bytes inside of 16-byte region [0x5020001e0850,0x5020001e0860)
freed by thread T0 here:
    #0 0x7efd002fe198 in operator delete(void*, unsigned long) ../../../../libsanitizer/asan/asan_new_delete.cpp:164
    #1 0x7efcf41671d9 in QScreen::~QScreen() /home/nico/workspace/qt6-dev/qtbase/src/gui/kernel/qscreen.cpp:77
    #2 0x7efcf41b6ecf in QWindowSystemInterface::handleScreenRemoved(QPlatformScreen*) /home/nico/workspace/qt6-dev/qtbase/src/gui/kernel/qwindowsysteminterface.cpp:781
    #3 0x7efcfe2c105f in QtWaylandClient::QWaylandDisplay::registry_global_remove(unsigned int) /home/nico/workspace/qt6-dev/qtwayland/src/client/qwaylanddisplay.cpp:814
    #4 0x7efcfe3ab217 in QtWayland::wl_registry::handle_global_remove(void*, wl_registry*, unsigned int) /home/nico/workspace/qt6-dev/qtwayland/src/client/qwayland-wayland.cpp:112
    #5 0x7efcffee1971 in ffi_call_unix64 ../src/x86/unix64.S:104
previously allocated by thread T0 here:
    #0 0x7efd002fd298 in operator new(unsigned long) ../../../../libsanitizer/asan/asan_new_delete.cpp:95
    #1 0x7efcf41ba5e2 in QWindowSystemInterface::handleScreenAdded(QPlatformScreen*, bool) /home/nico/workspace/qt6-dev/qtbase/src/gui/kernel/qwindowsysteminterface.cpp:716
    #2 0x7efcfe2c586d in QtWaylandClient::QWaylandDisplay::handleScreenInitialized(QtWaylandClient::QWaylandScreen*) /home/nico/workspace/qt6-dev/qtwayland/src/client/qwaylanddisplay.cpp:603
    #3 0x7efcfe35466c in QtWaylandClient::QWaylandScreen::maybeInitialize() /home/nico/workspace/qt6-dev/qtwayland/src/client/qwaylandscreen.cpp:81
    #4 0x7efcfe354737 in QtWaylandClient::QWaylandScreen::output_done() /home/nico/workspace/qt6-dev/qtwayland/src/client/qwaylandscreen.cpp:321
    #5 0x7efcfe3ac3d7 in QtWayland::wl_output::handle_done(void*, wl_output*) /home/nico/workspace/qt6-dev/qtwayland/src/client/qwayland-wayland.cpp:2413
    #6 0x7efcffee1971 in ffi_call_unix64 ../src/x86/unix64.S:104
SUMMARY: AddressSanitizer: heap-use-after-free /home/nico/workspace/qt6-dev/qtbase/src/corelib/tools/qscopedpointer.h:112 in QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> >::get() const
Shadow bytes around the buggy address:
  0x5020001e0580: fa fa fd fd fa fa fd fd fa fa fd fa fa fa fd fd
  0x5020001e0600: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
  0x5020001e0680: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
  0x5020001e0700: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
  0x5020001e0780: fa fa fd fa fa fa fd fd fa fa fd fa fa fa fd fa
=>0x5020001e0800: fa fa fd fd fa fa fd fd fa fa fd[fd]fa fa 00 00
  0x5020001e0880: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
  0x5020001e0900: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
  0x5020001e0980: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
  0x5020001e0a00: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fd
  0x5020001e0a80: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==59860==ABORTING

SOFTWARE/OS VERSIONS
KDE Plasma Version: master
KDE Frameworks Version: master 
Qt Version: dev

ADDITIONAL INFORMATION
Comment 1 Nicolas Fella 2024-10-21 22:37:17 UTC 
Looks like https://crash-reports.kde.org/organizations/kde/issues/79384
Comment 2 David Redondo 2025-02-07 08:12:37 UTC 
It seems what is happening that  we  are trying to stream the virtual output  which is removed because OBS recreates the whole session.
Comment 3 Marco Martin 2025-02-07 09:27:23 UTC 
different process, but a very similar backtrace to https://bugs.kde.org/show_bug.cgi?id=444386
Comment 5 David Redondo 2025-02-07 12:58:05 UTC 
Git commit 5d075beb35d5923af5208eafbdcd72f3816da071 by David Redondo.
Committed on 07/02/2025 at 09:37.
Pushed by davidre into branch 'master'.

outputsmodel: Handle screens going away
SENTRY:XDG-DESKTOP-PORTAL-KDE-1Z
FIXED-IN:6.3.1

M  +10   -0    src/outputsmodel.cpp

https://invent.kde.org/plasma/xdg-desktop-portal-kde/-/commit/5d075beb35d5923af5208eafbdcd72f3816da071
Comment 6 David Redondo 2025-02-07 13:09:07 UTC 
Git commit e7faf69cd80bdf135b4ea632c5f6f4bcf125b75e by David Redondo.
Committed on 07/02/2025 at 12:58.
Pushed by davidre into branch 'Plasma/6.3'.

outputsmodel: Handle screens going away
SENTRY:XDG-DESKTOP-PORTAL-KDE-1Z
FIXED-IN:6.3.1


(cherry picked from commit 5d075beb35d5923af5208eafbdcd72f3816da071)

Co-authored-by: David Redondo <kde@david-redondo.de>

M  +10   -0    src/outputsmodel.cpp

https://invent.kde.org/plasma/xdg-desktop-portal-kde/-/commit/e7faf69cd80bdf135b4ea632c5f6f4bcf125b75e