https://bugs.kde.org/show_bug.cgi?id=495160
Bug ID: 495160
Summary: Crash when selecting virtual output
Classification: Plasma
Product: xdg-desktop-portal-kde
Version: unspecified
Platform: Other
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: general
Assignee: plasma-b...@kde.org
Reporter: nicolas.fe...@gmx.de
CC: aleix...@kde.org
Target Milestone: ---
STEPS TO REPRODUCE
1. Start OBS studio
2. Add source > Screen Capture (Pipewire)
3. Click "New virtual output"
4. In the source properties, click "Open Selector"
5. Click "Virtual-Virtual0"
OBSERVED RESULT
=================================================================
==59860==ERROR: AddressSanitizer: heap-use-after-free on address 0x5020001e0858
at pc 0x7efcf4161aa1 bp 0x7ffd35a46690 sp 0x7ffd35a46688
READ of size 8 at 0x5020001e0858 thread T0
#0 0x7efcf4161aa0 in QScopedPointer<QObjectData,
QScopedPointerDeleter<QObjectData> >::get() const
/home/nico/workspace/qt6-dev/qtbase/src/corelib/tools/qscopedpointer.h:112
#1 0x7efcf4161aa0 in decltype (({parm#1}.get)())
qGetPtrHelper<QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> >
const>(QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> > const&)
/home/nico/workspace/qt6-dev/qtbase/src/corelib/global/qtclasshelpermacros.h:112
#2 0x7efcf4161aa0 in QScreen::d_func() const
/home/nico/workspace/qt6-dev/qtbase/src/gui/kernel/qscreen.h:34
#3 0x7efcf4161aa0 in QScreen::name() const
/home/nico/workspace/qt6-dev/qtbase/src/gui/kernel/qscreen.cpp:103
#4 0x62efcc in Screencasting::createOutputStream(QScreen*,
Screencasting::CursorMode)
/home/nico/kde-qtdev/src/xdg-desktop-portal-kde/src/screencasting.cpp:113
#5 0x6c41ea in
WaylandIntegration::WaylandIntegrationPrivate::startStreamingOutput(QScreen*,
Screencasting::CursorMode)
/home/nico/kde-qtdev/src/xdg-desktop-portal-kde/src/waylandintegration.cpp:278
#6 0x6c2db0 in WaylandIntegration::startStreamingOutput(QScreen*,
Screencasting::CursorMode)
/home/nico/kde-qtdev/src/xdg-desktop-portal-kde/src/waylandintegration.cpp:127
#7 0x624cce in ScreenCastPortal::Start(QDBusObjectPath const&,
QDBusObjectPath const&, QString const&, QString const&, QMap<QString, QVariant>
const&, QMap<QString, QVariant>&)
/home/nico/kde-qtdev/src/xdg-desktop-portal-kde/src/screencast.cpp:225
#8 0x444533 in ScreenCastPortal::qt_static_metacall(QObject*,
QMetaObject::Call, int, void**)
/home/nico/kde-qtdev/build/xdg-desktop-portal-kde/src/xdg-desktop-portal-kde_autogen/EWIEGA46WW/moc_screencast.cpp:251
#9 0x444f44 in ScreenCastPortal::qt_metacall(QMetaObject::Call, int,
void**)
/home/nico/kde-qtdev/build/xdg-desktop-portal-kde/src/xdg-desktop-portal-kde_autogen/EWIEGA46WW/moc_screencast.cpp:316
#10 0x7efcf38be3e5 in QDBusConnectionPrivate::deliverCall(QObject*,
QDBusMessage const&, QList<QMetaType> const&, int)
/home/nico/workspace/qt6-dev/qtbase/src/dbus/qdbusintegrator.cpp:1007
#11 0x7efcf38c66ce in QDBusConnectionPrivate::activateCall(QObject*,
QFlags<QDBusConnection::RegisterOption>, QDBusMessage const&)
/home/nico/workspace/qt6-dev/qtbase/src/dbus/qdbusintegrator.cpp:916
#12 0x7efcf38c7cc2 in
QDBusConnectionPrivate::activateObject(QDBusConnectionPrivate::ObjectTreeNode&,
QDBusMessage const&, int)
/home/nico/workspace/qt6-dev/qtbase/src/dbus/qdbusintegrator.cpp:1484
#13 0x7efcf38d0923 in QDBusActivateObjectEvent::placeMetaCall(QObject*)
/home/nico/workspace/qt6-dev/qtbase/src/dbus/qdbusintegrator.cpp:1604
#14 0x7efcf2aa38ed in QObject::event(QEvent*)
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qobject.cpp:1420
#15 0x7efcf5a7aaad in QApplicationPrivate::notify_helper(QObject*, QEvent*)
/home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qapplication.cpp:3294
#16 0x7efcf5a96958 in QApplication::notify(QObject*, QEvent*)
/home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qapplication.cpp:3245
#17 0x7efcf29a3a09 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1124
#18 0x7efcf29a3b7c in QCoreApplication::sendEvent(QObject*, QEvent*)
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1568
#19 0x7efcf29a6bf6 in QCoreApplicationPrivate::sendPostedEvents(QObject*,
int, QThreadData*)
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1923
#20 0x7efcf29a7314 in QCoreApplication::sendPostedEvents(QObject*, int)
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1755
#21 0x7efcf32076f9 in postEventSourceDispatch
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:246
#22 0x7efcf2510eb7 in g_main_dispatch ../glib/gmain.c:3357
#23 0x7efcf2510eb7 in g_main_context_dispatch_unlocked ../glib/gmain.c:4208
#24 0x7efcf2512ca7 in g_main_context_iterate_unlocked ../glib/gmain.c:4273
#25 0x7efcf25134bb in g_main_context_iteration ../glib/gmain.c:4338
#26 0x7efcf32059b6 in
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:399
#27 0x7efcf4f817db in
QPAEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
/home/nico/workspace/qt6-dev/qtbase/src/gui/platform/unix/qeventdispatcher_glib.cpp:89
#28 0x7efcf29c4fc1 in
QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qeventloop.cpp:103
#29 0x7efcf29c7208 in
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>)
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qeventloop.cpp:194
#30 0x7efcf29ae891 in QCoreApplication::exec()
/home/nico/workspace/qt6-dev/qtbase/src/corelib/kernel/qcoreapplication.cpp:1469
#31 0x7efcf40266c5 in QGuiApplication::exec()
/home/nico/workspace/qt6-dev/qtbase/src/gui/kernel/qguiapplication.cpp:1975
#32 0x7efcf5a7795e in QApplication::exec()
/home/nico/workspace/qt6-dev/qtbase/src/widgets/kernel/qapplication.cpp:2562
#33 0x6d2199 in main
/home/nico/kde-qtdev/src/xdg-desktop-portal-kde/src/xdg-desktop-portal-kde.cpp:50
#34 0x7efcf1e2a2ad in __libc_start_call_main
../sysdeps/nptl/libc_start_call_main.h:58
#35 0x7efcf1e2a378 in __libc_start_main_impl ../csu/libc-start.c:360
#36 0x42daf4 in _start ../sysdeps/x86_64/start.S:115
0x5020001e0858 is located 8 bytes inside of 16-byte region
[0x5020001e0850,0x5020001e0860)
freed by thread T0 here:
#0 0x7efd002fe198 in operator delete(void*, unsigned long)
../../../../libsanitizer/asan/asan_new_delete.cpp:164
#1 0x7efcf41671d9 in QScreen::~QScreen()
/home/nico/workspace/qt6-dev/qtbase/src/gui/kernel/qscreen.cpp:77
#2 0x7efcf41b6ecf in
QWindowSystemInterface::handleScreenRemoved(QPlatformScreen*)
/home/nico/workspace/qt6-dev/qtbase/src/gui/kernel/qwindowsysteminterface.cpp:781
#3 0x7efcfe2c105f in
QtWaylandClient::QWaylandDisplay::registry_global_remove(unsigned int)
/home/nico/workspace/qt6-dev/qtwayland/src/client/qwaylanddisplay.cpp:814
#4 0x7efcfe3ab217 in QtWayland::wl_registry::handle_global_remove(void*,
wl_registry*, unsigned int)
/home/nico/workspace/qt6-dev/qtwayland/src/client/qwayland-wayland.cpp:112
#5 0x7efcffee1971 in ffi_call_unix64 ../src/x86/unix64.S:104
previously allocated by thread T0 here:
#0 0x7efd002fd298 in operator new(unsigned long)
../../../../libsanitizer/asan/asan_new_delete.cpp:95
#1 0x7efcf41ba5e2 in
QWindowSystemInterface::handleScreenAdded(QPlatformScreen*, bool)
/home/nico/workspace/qt6-dev/qtbase/src/gui/kernel/qwindowsysteminterface.cpp:716
#2 0x7efcfe2c586d in
QtWaylandClient::QWaylandDisplay::handleScreenInitialized(QtWaylandClient::QWaylandScreen*)
/home/nico/workspace/qt6-dev/qtwayland/src/client/qwaylanddisplay.cpp:603
#3 0x7efcfe35466c in QtWaylandClient::QWaylandScreen::maybeInitialize()
/home/nico/workspace/qt6-dev/qtwayland/src/client/qwaylandscreen.cpp:81
#4 0x7efcfe354737 in QtWaylandClient::QWaylandScreen::output_done()
/home/nico/workspace/qt6-dev/qtwayland/src/client/qwaylandscreen.cpp:321
#5 0x7efcfe3ac3d7 in QtWayland::wl_output::handle_done(void*, wl_output*)
/home/nico/workspace/qt6-dev/qtwayland/src/client/qwayland-wayland.cpp:2413
#6 0x7efcffee1971 in ffi_call_unix64 ../src/x86/unix64.S:104
SUMMARY: AddressSanitizer: heap-use-after-free
/home/nico/workspace/qt6-dev/qtbase/src/corelib/tools/qscopedpointer.h:112 in
QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> >::get() const
Shadow bytes around the buggy address:
0x5020001e0580: fa fa fd fd fa fa fd fd fa fa fd fa fa fa fd fd
0x5020001e0600: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
0x5020001e0680: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
0x5020001e0700: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
0x5020001e0780: fa fa fd fa fa fa fd fd fa fa fd fa fa fa fd fa
=>0x5020001e0800: fa fa fd fd fa fa fd fd fa fa fd[fd]fa fa 00 00
0x5020001e0880: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
0x5020001e0900: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
0x5020001e0980: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
0x5020001e0a00: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fd
0x5020001e0a80: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==59860==ABORTING
SOFTWARE/OS VERSIONS
KDE Plasma Version: master
KDE Frameworks Version: master
Qt Version: dev
ADDITIONAL INFORMATION
--
You are receiving this mail because:
You are watching all bug changes.
