SUMMARY Deterministic sequence of UI interactions crashes Umbrello STEPS TO REPRODUCE 1. Modify the diagram (e.g. double click the select ok) 2. Click open, then discard 3. Close out of the file picker, then press undo OBSERVED RESULT Umbrello crashes with a segfault VIDEO https://youtu.be/4s4sN0nOzeE BACKTRACE Thread 1 "umbrello5" received signal SIGSEGV, Segmentation fault. QWeakPointer<QObject>::internalData (this=0x555557468ce8) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qsharedpointer_impl.h:704 704 return d == nullptr || d->strongref.loadRelaxed() == 0 ? nullptr : value; #0 QWeakPointer<QObject>::internalData (this=0x555557468ce8) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qsharedpointer_impl.h:704 #1 QPointer<UMLStereotype>::data (this=0x555557468ce8) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qpointer.h:77 #2 QPointer<UMLStereotype>::operator-> (this=0x555557468ce8) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qpointer.h:79 #3 operator==<UMLStereotype> (o=0x0, p=...) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qpointer.h:103 #4 UMLObject::setUMLStereotype (this=0x555557468cb0, stereo=0x0) at /home/guifuzz/GUIFuzzBenchmarks/fuzzing/umbrello/umbrello/umlmodel/umlobject.cpp:499 #5 0x000055555638f3be in UMLDoc::removeUMLObject (this=0x555556e38f60, umlobject=0x555557468cb0, deleteObject=false) at /home/guifuzz/GUIFuzzBenchmarks/fuzzing/umbrello/umbrello/umldoc.cpp:1772 #6 0x00007ffff6d4015e in QUndoCommand::undo() () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5 #7 0x00007ffff6d41552 in QUndoStack::setIndex(int) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5 #8 0x00007ffff5d24862 in ?? () from /lib/x86_64-linux-gnu/libQt5Core.so.5 #9 0x00007ffff5c8d2f0 in QItemSelectionModel::currentChanged(QModelIndex const&, QModelIndex const&) () from /lib/x86_64-linux-gnu/libQt5Core.so.5 #10 0x00007ffff5c910c0 in QItemSelectionModel::setCurrentIndex(QModelIndex const&, QFlags<QItemSelectionModel::SelectionFlag>) () from /lib/x86_64-linux-gnu/libQt5Core.so.5 #11 0x00007ffff6c03346 in QAbstractItemView::mousePressEvent(QMouseEvent*) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5 #12 0x00007ffff69b1258 in QWidget::event(QEvent*) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5 #13 0x00007ffff6a653a7 in QFrame::event(QEvent*) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5 #14 0x00007ffff5ce8a02 in QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt5Core.so.5 #15 0x00007ffff696bee5 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5 #16 0x00007ffff69746af in QApplication::notify(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5 #17 0x00007ffff5ce8c98 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt5Core.so.5 #18 0x00007ffff697252d in QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool, bool) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5 #19 0x00007ffff69cbcb7 in ?? () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5 #20 0x00007ffff69cf3cf in ?? () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5 #21 0x00007ffff696bef5 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5 #22 0x00007ffff5ce8c98 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt5Core.so.5 #23 0x00007ffff614ab87 in QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*) () from /lib/x86_64-linux-gnu/libQt5Gui.so.5 #24 0x00007ffff611afac in QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib/x86_64-linux-gnu/libQt5Gui.so.5 #25 0x00007ffff10103f6 in ?? () from /lib/x86_64-linux-gnu/libQt5XcbQpa.so.5 #26 0x00007ffff41b7397 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #27 0x00007ffff4217dc7 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #28 0x00007ffff41b68b3 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #29 0x00007ffff5d47afd in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib/x86_64-linux-gnu/libQt5Core.so.5 #30 0x00007ffff5ce75ab in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib/x86_64-linux-gnu/libQt5Core.so.5 #31 0x00007ffff5cf0286 in QCoreApplication::exec() () from /lib/x86_64-linux-gnu/libQt5Core.so.5 #32 0x0000555555668071 in main (argc=<optimized out>, argv=<optimized out>) at /home/guifuzz/GUIFuzzBenchmarks/fuzzing/umbrello/umbrello/main.cpp:258 A debugging session is active. SOFTWARE/OS VERSIONS Umbrello 25.07.70 Ubuntu 24.10
Git commit cd997979795900408b911b4507e4880d837dd91a by Ralf Habacker. Committed on 15/08/2025 at 10:44. Pushed by habacker into branch 'master'. Prevent a crash when opening a new file with a modified document is canceled When closing a document, the undo stack is deleted to avoid accessing objects that no longer exist. FIXED-IN:25.08.1 M +3 -0 umbrello/uml.cpp M +4 -0 umbrello/umldoc.cpp https://invent.kde.org/sdk/umbrello/-/commit/cd997979795900408b911b4507e4880d837dd91a
Git commit c637e56d6730b0d1450b243e47869cfdf01d84fe by Ralf Habacker. Committed on 15/08/2025 at 10:45. Pushed by habacker into branch 'release/25.08'. Prevent a crash when opening a new file with a modified document is canceled When closing a document, the undo stack is deleted to avoid accessing objects that no longer exist. FIXED-IN:25.08.1 (cherry picked from commit cd997979795900408b911b4507e4880d837dd91a) M +3 -0 umbrello/uml.cpp M +4 -0 umbrello/umldoc.cpp https://invent.kde.org/sdk/umbrello/-/commit/c637e56d6730b0d1450b243e47869cfdf01d84fe