https://bugs.kde.org/show_bug.cgi?id=419140
L. E. Segovia <a...@amyspark.me> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|CONFIRMED |ASSIGNED
--- Comment #4 from L. E. Segovia <a...@amyspark.me> ---
I was playing today with Krita, and I managed to trace this to an
use-after-free condition in the resource server.
The only place that observes it is the palette docker. In Windows, the main
window is destroyed before the resource server, bringing the docker down with
her; see below for the stacktrace of PaletteDockerDock::~PaletteDockerDock.
The dock doesn't remove itself from the observer, unlike every other widget
that uses this functionality. Thus, when the server is destroyed, it attempts
to dereference a long dead object.
I wonder why this happens only with debuggable builds, though?
#0 PaletteDockerDock::~PaletteDockerDock (this=0x2215dd60,
__in_chrg=<optimized out>) at
C:\krita-win\src\plugins\dockers\palettedocker\palettedocker_dock.cpp:148
#1 0x00007ffad6bb592d in PaletteDockerDock::~PaletteDockerDock
(this=0x2215dd60, __in_chrg=<optimized out>) at
C:\krita-win\src\plugins\dockers\palettedocker\palettedocker_dock.cpp:150
#2 0x00007ffb47996867 in QObjectPrivate::deleteChildren() () from
C:\krita-win\i_deps\bin\Qt5Core.dll
#3 0x00007ffb47e312c3 in QWidget::~QWidget() () from
C:\krita-win\i_deps\bin\Qt5Widgets.dll
#4 0x00007ffb42606fda in KMainWindow::~KMainWindow (this=0x1fb6b530,
__in_chrg=<optimized out>) at
C:\krita-win\src\libs\widgetutils\xmlgui\kmainwindow.cpp:349
#5 0x00007ffb18519685 in KisMainWindow::~KisMainWindow (this=0x1fb6b530,
__in_chrg=<optimized out>, __vtt_parm=<optimized out>) at
C:\krita-win\src\libs\ui\KisMainWindow.cpp:582
#6 0x00007ffb185196fd in KisMainWindow::~KisMainWindow (this=0x1fb6b530,
__in_chrg=<optimized out>, __vtt_parm=<optimized out>) at
C:\krita-win\src\libs\ui\KisMainWindow.cpp:610
#7 0x00007ffb47999a1a in QObject::event(QEvent*) () from
C:\krita-win\i_deps\bin\Qt5Core.dll
#8 0x00007ffb47e3612c in QWidget::event(QEvent*) () from
C:\krita-win\i_deps\bin\Qt5Widgets.dll
#9 0x00007ffb47f251eb in QMainWindow::event(QEvent*) () from
C:\krita-win\i_deps\bin\Qt5Widgets.dll
#10 0x00007ffb42608eec in KMainWindow::event (this=0x1fb6b530, ev=0x182f2960)
at C:\krita-win\src\libs\widgetutils\xmlgui\kmainwindow.cpp:765
#11 0x00007ffb47df7bdc in QApplicationPrivate::notify_helper(QObject*, QEvent*)
() from C:\krita-win\i_deps\bin\Qt5Widgets.dll
#12 0x00007ffb47dfec23 in QApplication::notify(QObject*, QEvent*) () from
C:\krita-win\i_deps\bin\Qt5Widgets.dll
#13 0x00007ffb184f1e46 in KisApplication::notify (this=<optimized out>,
receiver=0x1fb6b530, event=0x182f2960) at
C:\krita-win\src\libs\ui\KisApplication.cpp:688
#14 0x00007ffb4796d0d8 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
() from C:\krita-win\i_deps\bin\Qt5Core.dll
#15 0x00007ffb47973709 in QCoreApplicationPrivate::sendPostedEvents(QObject*,
int, QThreadData*) () from C:\krita-win\i_deps\bin\Qt5Core.dll
#16 0x000000006a8fe90e in qwindows!qt_plugin_instance () from
C:\krita-win\i_deps\plugins\platforms\qwindows.dll
#17 0x00007ffb479c814a in QEventDispatcherWin32Private::sendTimerEvent(int) ()
from C:\krita-win\i_deps\bin\Qt5Core.dll
#18 0x00007ffb9cc85c0d in USER32!CallWindowProcW () from
C:\WINDOWS\System32\user32.dll
#19 0x00007ffb9cc85602 in USER32!DispatchMessageW () from
C:\WINDOWS\System32\user32.dll
#20 0x00007ffb479c75eb in
QEventDispatcherWin32::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
from C:\krita-win\i_deps\bin\Qt5Core.dll
#21 0x000000006a8fe8f5 in qwindows!qt_plugin_instance () from
C:\krita-win\i_deps\plugins\platforms\qwindows.dll
#22 0x00007ffb4796b8ff in
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from
C:\krita-win\i_deps\bin\Qt5Core.dll
#23 0x00007ffb47974b77 in QCoreApplication::exec() () from
C:\krita-win\i_deps\bin\Qt5Core.dll
#24 0x0000000140006e90 in main (argc=<optimized out>, argv=0x2946c70) at
C:\krita-win\src\krita\main.cc:594
--
You are receiving this mail because:
You are watching all bug changes.
