https://bugs.kde.org/show_bug.cgi?id=492444
Bug ID: 492444
Summary: Trying to delete QTextEdit with
Sonnet::SpellCheckDecorator attached results in memory
corruption
Classification: Frameworks and Libraries
Product: frameworks-sonnet
Version: 5.116.0
Platform: Other
OS: Other
Status: REPORTED
Severity: normal
Priority: NOR
Component: general
Assignee: martin.sandsm...@kde.org
Reporter: nikolayrovinskiy...@gmail.com
CC: kdelibs-b...@kde.org
Target Milestone: ---
Created attachment 173160
--> https://bugs.kde.org/attachment.cgi?id=173160&action=edit
The archive with full demo.
SUMMARY
Trying to delete QTextEdit with Sonnet::SpellCheckDecorator attached results in
memory corruption (For example please see attached demo).
STEPS TO REPRODUCE
1. Create a QWidget, which contain QTextEdit with SpellCheckDecorator and
QPushButton which calls `delete txtTarget`
2. Build an launch the application with -fsanitize=address flag.
OBSERVED RESULT
On QT 5.116.0
- Without -fsanitize=address: The application will remove text box, however,
eventually will fail in unexpected place, because the memory was corrupted.
- With -fsanitize=address: The application will fail while deleting QTextEdit,
because QTextEdit will try to remove dependent components, one of which is
SpellCheckDecorator instance, which destructor in turn, will call
m_plainTextEdit->removeEventFilter(q). But the m_plainTextEdit was already
destroyed at this time and cannot be read.
On QT 6.5.0
- Without -fsanitize=address error while calling malloc
- With -fsanitize=address: expected behavior.
EXPECTED RESULT
The text box should be removed without error.
SOFTWARE/OS VERSIONS
Linux/KDE Plasma:
KDE Plasma Version: 6.1.4
KDE Frameworks Version: 6.5.0
Qt Version: 5.116.0 and 6.5.0
ADDITIONAL INFORMATION
The error may be mitigated by calling
delete sonnet_instance
// Before calling
delete txtTarget
// See the commented code in
// void MyWindow::deleteClicked() method
The error:
AddressSanitizer:DEADLYSIGNAL
=================================================================
==8141==ERROR: AddressSanitizer: SEGV on unknown address 0x000000007bce (pc
0x7f62d54e8ff0 bp 0x7ffdd7e67e50 sp 0x7ffdd7e67e30 T0)
==8141==The signal is caused by a READ memory access.
#0 0x7f62d54e8ff0 in QObject::removeEventFilter(QObject*)
(/lib64/libQt5Core.so.5+0x2e8ff0) (BuildId:
cbe9627b0e3c019c0832a55096a129215d44377b)
#1 0x7f62d6f0e53e in Sonnet::SpellCheckDecorator::~SpellCheckDecorator()
(/lib64/libKF5SonnetUi.so.5+0x1d53e) (BuildId:
af8eca413a253133aec773e1002b979a12a95e5f)
#2 0x7f62d6f0e574 in Sonnet::SpellCheckDecorator::~SpellCheckDecorator()
(/lib64/libKF5SonnetUi.so.5+0x1d574) (BuildId:
af8eca413a253133aec773e1002b979a12a95e5f)
#3 0x7f62d54e0435 in QObjectPrivate::deleteChildren()
(/lib64/libQt5Core.so.5+0x2e0435) (BuildId:
cbe9627b0e3c019c0832a55096a129215d44377b)
#4 0x7f62d61ccad1 in QWidget::~QWidget()
(/lib64/libQt5Widgets.so.5+0x1ccad1) (BuildId:
7e21d3a186390804fdc5d6972a897f2a6db667a4)
#5 0x7f62d636f554 in QTextEdit::~QTextEdit()
(/lib64/libQt5Widgets.so.5+0x36f554) (BuildId:
7e21d3a186390804fdc5d6972a897f2a6db667a4)
#6 0x403ef4 in MyWindow::deleteClicked()
(/home/user/eclipse-workspace/QtSpellCheck/build/default/QtSpellCheck+0x403ef4)
(BuildId: 8277ed9c61963add82b468c7495f7e52f07f96ee)
#7 0x404abe in QtPrivate::FunctorCall<QtPrivate::IndexesList<>,
QtPrivate::List<>, void, void (MyWindow::*)()>::call(void (MyWindow::*)(),
MyWindow*, void**)
(/home/user/eclipse-workspace/QtSpellCheck/build/default/QtSpellCheck+0x404abe)
(BuildId: 8277ed9c61963add82b468c7495f7e52f07f96ee)
#8 0x4048da in void QtPrivate::FunctionPointer<void
(MyWindow::*)()>::call<QtPrivate::List<>, void>(void (MyWindow::*)(),
MyWindow*, void**)
(/home/user/eclipse-workspace/QtSpellCheck/build/default/QtSpellCheck+0x4048da)
(BuildId: 8277ed9c61963add82b468c7495f7e52f07f96ee)
#9 0x40477b in QtPrivate::QSlotObject<void (MyWindow::*)(),
QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*,
void**, bool*)
(/home/user/eclipse-workspace/QtSpellCheck/build/default/QtSpellCheck+0x40477b)
(BuildId: 8277ed9c61963add82b468c7495f7e52f07f96ee)
#10 0x7f62d54ebf1d in void doActivate<false>(QObject*, int, void**)
(/lib64/libQt5Core.so.5+0x2ebf1d) (BuildId:
cbe9627b0e3c019c0832a55096a129215d44377b)
#11 0x7f62d628a6f3 in QAbstractButton::clicked(bool)
(/lib64/libQt5Widgets.so.5+0x28a6f3) (BuildId:
7e21d3a186390804fdc5d6972a897f2a6db667a4)
#12 0x7f62d628a9de in QAbstractButtonPrivate::emitClicked()
(/lib64/libQt5Widgets.so.5+0x28a9de) (BuildId:
7e21d3a186390804fdc5d6972a897f2a6db667a4)
#13 0x7f62d628c37e in QAbstractButtonPrivate::click()
(/lib64/libQt5Widgets.so.5+0x28c37e) (BuildId:
7e21d3a186390804fdc5d6972a897f2a6db667a4)
#14 0x7f62d628c5aa in QAbstractButton::mouseReleaseEvent(QMouseEvent*)
(/lib64/libQt5Widgets.so.5+0x28c5aa) (BuildId:
7e21d3a186390804fdc5d6972a897f2a6db667a4)
#15 0x7f62d61d1597 in QWidget::event(QEvent*)
(/lib64/libQt5Widgets.so.5+0x1d1597) (BuildId:
7e21d3a186390804fdc5d6972a897f2a6db667a4)
#16 0x7f62d618cc34 in QApplicationPrivate::notify_helper(QObject*, QEvent*)
(/lib64/libQt5Widgets.so.5+0x18cc34) (BuildId:
7e21d3a186390804fdc5d6972a897f2a6db667a4)
#17 0x7f62d619540e in QApplication::notify(QObject*, QEvent*)
(/lib64/libQt5Widgets.so.5+0x19540e) (BuildId:
7e21d3a186390804fdc5d6972a897f2a6db667a4)
#18 0x7f62d54b7177 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
(/lib64/libQt5Core.so.5+0x2b7177) (BuildId:
cbe9627b0e3c019c0832a55096a129215d44377b)
#19 0x7f62d619328c in QApplicationPrivate::sendMouseEvent(QWidget*,
QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool, bool)
(/lib64/libQt5Widgets.so.5+0x19328c) (BuildId:
7e21d3a186390804fdc5d6972a897f2a6db667a4)
#20 0x7f62d61ec006 in QWidgetWindow::handleMouseEvent(QMouseEvent*)
(/lib64/libQt5Widgets.so.5+0x1ec006) (BuildId:
7e21d3a186390804fdc5d6972a897f2a6db667a4)
#21 0x7f62d61ef71e in QWidgetWindow::event(QEvent*)
(/lib64/libQt5Widgets.so.5+0x1ef71e) (BuildId:
7e21d3a186390804fdc5d6972a897f2a6db667a4)
#22 0x7f62d618cc34 in QApplicationPrivate::notify_helper(QObject*, QEvent*)
(/lib64/libQt5Widgets.so.5+0x18cc34) (BuildId:
7e21d3a186390804fdc5d6972a897f2a6db667a4)
#23 0x7f62d54b7177 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
(/lib64/libQt5Core.so.5+0x2b7177) (BuildId:
cbe9627b0e3c019c0832a55096a129215d44377b)
#24 0x7f62d595d3f6 in
QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*)
(/lib64/libQt5Gui.so.5+0x15d3f6) (BuildId:
c09f1fa05ff2307c0fe81246a5b9d28c64a9660b)
#25 0x7f62d5939d5b in
QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(/lib64/libQt5Gui.so.5+0x139d5b) (BuildId:
c09f1fa05ff2307c0fe81246a5b9d28c64a9660b)
#26 0x7f62cfdc1ba3 in userEventSourceDispatch(_GSource*, int (*)(void*),
void*) (/lib64/libQt5WaylandClient.so.5+0xb3ba3) (BuildId:
a0efeb3b2e2097819825fd38642e9eecc5eac042)
#27 0x7f62d431ae8b in g_main_context_dispatch_unlocked.lto_priv.0
(/lib64/libglib-2.0.so.0+0x5ce8b) (BuildId:
36b60dbd02e796145a982d0151ce37202ec05649)
#28 0x7f62d437cc97 in g_main_context_iterate_unlocked.isra.0
(/lib64/libglib-2.0.so.0+0xbec97) (BuildId:
36b60dbd02e796145a982d0151ce37202ec05649)
#29 0x7f62d431c382 in g_main_context_iteration
(/lib64/libglib-2.0.so.0+0x5e382) (BuildId:
36b60dbd02e796145a982d0151ce37202ec05649)
#30 0x7f62d550bbec in
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(/lib64/libQt5Core.so.5+0x30bbec) (BuildId:
cbe9627b0e3c019c0832a55096a129215d44377b)
#31 0x7f62d54b5ada in
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>)
(/lib64/libQt5Core.so.5+0x2b5ada) (BuildId:
cbe9627b0e3c019c0832a55096a129215d44377b)
#32 0x7f62d54bdf45 in QCoreApplication::exec()
(/lib64/libQt5Core.so.5+0x2bdf45) (BuildId:
cbe9627b0e3c019c0832a55096a129215d44377b)
#33 0x404c90 in main
(/home/user/eclipse-workspace/QtSpellCheck/build/default/QtSpellCheck+0x404c90)
(BuildId: 8277ed9c61963add82b468c7495f7e52f07f96ee)
#34 0x7f62d4c39087 in __libc_start_call_main (/lib64/libc.so.6+0x2a087)
(BuildId: 77c77fee058b19c6f001cf2cb0371ce3b8341211)
#35 0x7f62d4c3914a in __libc_start_main_alias_1 (/lib64/libc.so.6+0x2a14a)
(BuildId: 77c77fee058b19c6f001cf2cb0371ce3b8341211)
#36 0x4032d4 in _start
(/home/user/eclipse-workspace/QtSpellCheck/build/default/QtSpellCheck+0x4032d4)
(BuildId: 8277ed9c61963add82b468c7495f7e52f07f96ee)
--
You are receiving this mail because:
You are watching all bug changes.
