504940 – Creating 2 new sequence diagrams then creating a new document segfaults

Bug 504940 - Creating 2 new sequence diagrams then creating a new document segfaults

Summary: Creating 2 new sequence diagrams then creating a new document segfaults

Status:	RESOLVED FIXED

Alias:	None

Product:	umbrello
Classification:	Applications
Component:	general (other bugs)
Version First Reported In:	Git
Platform:	Other Other

Importance:	NOR crash
Target Milestone:	---
Assignee:	Umbrello Development Group

URL:
Keywords:

Depends on:
Blocks:

Reported:	2025-05-29 00:28 UTC by Dillon
Modified:	2025-05-30 08:53 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:	https://invent.kde.org/sdk/umbrello/-/commit/46a94172026719d0d6687b2b0bd84f5ed2ba8f75
Version Fixed In:	25.04.2
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Dillon 2025-05-29 00:28:53 UTC

SUMMARY
Deterministic sequence of UI interactions leads to a segfault

STEPS TO REPRODUCE
1. On the welcome tab, click the "sequence diagram" link and make a new sequence diagram
2. Repeated step one to make a second sequence diagram
3. Hit New and select discard

BACKTRACE
Thread 1 "umbrello5" received signal SIGSEGV, Segmentation fault.
0x00007ffff6a67684 in QAbstractScrollArea::viewport() const () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#0  0x00007ffff6a67684 in QAbstractScrollArea::viewport() const () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#1  0x00005555562377ea in BirdView::mouseMoveEvent (this=0x555557311fe0, event=0x7fffffffd2d0) at /home/guifuzz/GUIFuzzBenchmarks/fuzzing/umbrello/umbrello/birdview.cpp:150
#2  0x00007ffff69b1258 in QWidget::event(QEvent*) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#3  0x00007ffff6a653a7 in QFrame::event(QEvent*) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#4  0x00007ffff696bef5 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#5  0x00007ffff69746af in QApplication::notify(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#6  0x00007ffff5ce8c98 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#7  0x00007ffff697252d in QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool, bool) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#8  0x00007ffff69cbcb7 in ?? () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#9  0x00007ffff69cf3cf in ?? () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#10 0x00007ffff696bef5 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#11 0x00007ffff5ce8c98 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#12 0x00007ffff614ab87 in QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*) () from /lib/x86_64-linux-gnu/libQt5Gui.so.5
#13 0x00007ffff611afac in QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib/x86_64-linux-gnu/libQt5Gui.so.5
#14 0x00007ffff10103f6 in ?? () from /lib/x86_64-linux-gnu/libQt5XcbQpa.so.5
#15 0x00007ffff41b7397 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#16 0x00007ffff4217dc7 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#17 0x00007ffff41b68b3 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#18 0x00007ffff5d47afd in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#19 0x00007ffff5ce75ab in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#20 0x00007ffff5cf0286 in QCoreApplication::exec() () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#21 0x0000555555668071 in main (argc=<optimized out>, argv=<optimized out>) at /home/guifuzz/GUIFuzzBenchmarks/fuzzing/umbrello/umbrello/main.cpp:258
A debugging session is active.

VIDEO
https://youtu.be/JiGo8ETjKI8 

OBSERVED RESULT
Umbrello crashes with a segfault

SOFTWARE/OS VERSIONS
Ubuntu 24.10
Umbrello 25.07.70

Comment 1 Dillon 2025-05-29 00:30:51 UTC

(In reply to Dillon from comment #0)
> SUMMARY
> Deterministic sequence of UI interactions leads to a segfault
> 
> STEPS TO REPRODUCE
> 1. On the welcome tab, click the "sequence diagram" link and make a new
> sequence diagram
> 2. Repeated step one to make a second sequence diagram
> 3. Hit New and select discard
> 
> BACKTRACE
> Thread 1 "umbrello5" received signal SIGSEGV, Segmentation fault.
> 0x00007ffff6a67684 in QAbstractScrollArea::viewport() const () from
> /lib/x86_64-linux-gnu/libQt5Widgets.so.5
> #0  0x00007ffff6a67684 in QAbstractScrollArea::viewport() const () from
> /lib/x86_64-linux-gnu/libQt5Widgets.so.5
> #1  0x00005555562377ea in BirdView::mouseMoveEvent (this=0x555557311fe0,
> event=0x7fffffffd2d0) at
> /home/guifuzz/GUIFuzzBenchmarks/fuzzing/umbrello/umbrello/birdview.cpp:150
> #2  0x00007ffff69b1258 in QWidget::event(QEvent*) () from
> /lib/x86_64-linux-gnu/libQt5Widgets.so.5
> #3  0x00007ffff6a653a7 in QFrame::event(QEvent*) () from
> /lib/x86_64-linux-gnu/libQt5Widgets.so.5
> #4  0x00007ffff696bef5 in QApplicationPrivate::notify_helper(QObject*,
> QEvent*) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
> #5  0x00007ffff69746af in QApplication::notify(QObject*, QEvent*) () from
> /lib/x86_64-linux-gnu/libQt5Widgets.so.5
> #6  0x00007ffff5ce8c98 in QCoreApplication::notifyInternal2(QObject*,
> QEvent*) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
> #7  0x00007ffff697252d in QApplicationPrivate::sendMouseEvent(QWidget*,
> QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool, bool)
> () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
> #8  0x00007ffff69cbcb7 in ?? () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
> #9  0x00007ffff69cf3cf in ?? () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
> #10 0x00007ffff696bef5 in QApplicationPrivate::notify_helper(QObject*,
> QEvent*) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
> #11 0x00007ffff5ce8c98 in QCoreApplication::notifyInternal2(QObject*,
> QEvent*) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
> #12 0x00007ffff614ab87 in
> QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::
> MouseEvent*) () from /lib/x86_64-linux-gnu/libQt5Gui.so.5
> #13 0x00007ffff611afac in
> QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::
> ProcessEventsFlag>) () from /lib/x86_64-linux-gnu/libQt5Gui.so.5
> #14 0x00007ffff10103f6 in ?? () from /lib/x86_64-linux-gnu/libQt5XcbQpa.so.5
> #15 0x00007ffff41b7397 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
> #16 0x00007ffff4217dc7 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
> #17 0x00007ffff41b68b3 in g_main_context_iteration () from
> /lib/x86_64-linux-gnu/libglib-2.0.so.0
> #18 0x00007ffff5d47afd in
> QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
> () from /lib/x86_64-linux-gnu/libQt5Core.so.5
> #19 0x00007ffff5ce75ab in
> QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from
> /lib/x86_64-linux-gnu/libQt5Core.so.5
> #20 0x00007ffff5cf0286 in QCoreApplication::exec() () from
> /lib/x86_64-linux-gnu/libQt5Core.so.5
> #21 0x0000555555668071 in main (argc=<optimized out>, argv=<optimized out>)
> at /home/guifuzz/GUIFuzzBenchmarks/fuzzing/umbrello/umbrello/main.cpp:258
> A debugging session is active.
> 
> VIDEO
> https://youtu.be/JiGo8ETjKI8 
> 
> OBSERVED RESULT
> Umbrello crashes with a segfault
> 
> SOFTWARE/OS VERSIONS
> Ubuntu 24.10
> Umbrello 25.07.70

Sorry, I provided the wrong backtrace. This is the proper one:
Thread 1 "umbrello5" received signal SIGSEGV, Segmentation fault.
0x00007ffff6cf8078 in QGraphicsView::scene() const () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#0  0x00007ffff6cf8078 in QGraphicsView::scene() const () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#1  0x00005555564871e9 in UMLView::umlScene (this=<optimized out>) at /home/guifuzz/GUIFuzzBenchmarks/fuzzing/umbrello/umbrello/umlview.cpp:53
#2  0x0000555555f434ac in UMLFolder::removeAllViews (this=0x555556e833b0) at /home/guifuzz/GUIFuzzBenchmarks/fuzzing/umbrello/umbrello/umlmodel/folder.cpp:237
#3  0x0000555556367bc9 in UMLDoc::removeAllViews (this=0x555556e3aef0) at /home/guifuzz/GUIFuzzBenchmarks/fuzzing/umbrello/umbrello/umldoc.cpp:2810
#4  UMLDoc::closeDocument (this=this@entry=0x555556e3aef0) at /home/guifuzz/GUIFuzzBenchmarks/fuzzing/umbrello/umbrello/umldoc.cpp:430
#5  0x00005555563ab200 in UMLDoc::saveModified (this=0x555556e3aef0) at /home/guifuzz/GUIFuzzBenchmarks/fuzzing/umbrello/umbrello/umldoc.cpp:381
#6  0x0000555556348710 in UMLApp::slotFileNew (this=0x555556c4c480) at /home/guifuzz/GUIFuzzBenchmarks/fuzzing/umbrello/umbrello/uml.cpp:1246
#7  0x00007ffff5d24862 in ?? () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#8  0x00007ffff6964954 in QAction::triggered(bool) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#9  0x00007ffff696788c in QAction::activate(QAction::ActionEvent) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#10 0x00007ffff6a6c60a in ?? () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#11 0x00007ffff6a6c77b in QAbstractButton::mouseReleaseEvent(QMouseEvent*) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#12 0x00007ffff6b732e6 in QToolButton::mouseReleaseEvent(QMouseEvent*) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#13 0x00007ffff69b1258 in QWidget::event(QEvent*) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#14 0x00007ffff696bef5 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#15 0x00007ffff69746af in QApplication::notify(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#16 0x00007ffff5ce8c98 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#17 0x00007ffff697252d in QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool, bool) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#18 0x00007ffff69cbcb7 in ?? () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#19 0x00007ffff69cf3cf in ?? () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#20 0x00007ffff696bef5 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#21 0x00007ffff5ce8c98 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#22 0x00007ffff614ab87 in QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*) () from /lib/x86_64-linux-gnu/libQt5Gui.so.5
#23 0x00007ffff611afac in QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib/x86_64-linux-gnu/libQt5Gui.so.5
#24 0x00007ffff10103f6 in ?? () from /lib/x86_64-linux-gnu/libQt5XcbQpa.so.5
#25 0x00007ffff41b7397 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#26 0x00007ffff4217dc7 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#27 0x00007ffff41b68b3 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#28 0x00007ffff5d47afd in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#29 0x00007ffff5ce75ab in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#30 0x00007ffff5cf0286 in QCoreApplication::exec() () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#31 0x0000555555668071 in main (argc=<optimized out>, argv=<optimized out>) at /home/guifuzz/GUIFuzzBenchmarks/fuzzing/umbrello/umbrello/main.cpp:258
A debugging session is active.

Comment 2 Ralf Habacker 2025-05-30 07:43:27 UTC

Git commit 8eb6d84c17f8e230965cabf60d496ece29800d96 by Ralf Habacker.
Committed on 30/05/2025 at 07:43.
Pushed by habacker into branch 'release/25.04'.

Fix  'Creating a new document after adding two diagrams segfaults'

Use a copy of the used list to avoid accessing null pointers that
are created when QPointer based entries are removed during iteration.
FIXED-IN:25.04.2

M  +1    -1    umbrello/umlmodel/folder.cpp

https://invent.kde.org/sdk/umbrello/-/commit/8eb6d84c17f8e230965cabf60d496ece29800d96

Comment 3 Ralf Habacker 2025-05-30 07:46:35 UTC

Git commit 46a94172026719d0d6687b2b0bd84f5ed2ba8f75 by Ralf Habacker.
Committed on 30/05/2025 at 07:46.
Pushed by habacker into branch 'master'.

Fix  'Creating a new document after adding two diagrams segfaults'

Use a copy of the used list to avoid accessing null pointers that
are created when QPointer based entries are removed during iteration.
FIXED-IN:25.04.2
(cherry picked from commit 8eb6d84c17f8e230965cabf60d496ece29800d96)

M  +1    -1    umbrello/umlmodel/folder.cpp

https://invent.kde.org/sdk/umbrello/-/commit/46a94172026719d0d6687b2b0bd84f5ed2ba8f75

Comment 4 Ralf Habacker 2025-05-30 08:53:55 UTC

Thanks for reporting this issue.