5.8.0 #1
Merged
5.8.0 #1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Same change as in QColor (d38f86e). No text and data reduction numbers (ubsan build). Change-Id: I7280a511e785c9442a3a6a1ed55e10011ce0a84e Reviewed-by: Edward Welbourne <[email protected]>
D2D support has been partially added to recent versions of MinGW, which one day could make compiling the plugin possible. Change-Id: I53f91c483d3b900698f4424cb6a72f626e32e60b Reviewed-by: Louai Al-Khanji <[email protected]>
Clang warns about self assignment, so use the same mechanism as Q_UNUSED for HB_UNUSED. Change-Id: I0894c72fb0936074b15198053464f5bc4b8991d4 Reviewed-by: Eskil Abrahamsen Blomfeldt <[email protected]>
The intention has probably been to reset a reference, which is not required. Task-number: QTBUG-56756 Change-Id: I1ef44b6c9b8365ac5c8d48234137e518558e9398 Reviewed-by: Oliver Wolff <[email protected]>
We do not need to check for an invalid timer id, as this can only happen if the above check is already true. Hence, this was doing the same check twice. Task-number: QTBUG-56756 Change-Id: Icca9b26c32ce88eab76dd02c6c10b24af07bfad7 Reviewed-by: Oliver Wolff <[email protected]>
QLabel already does that for QPixmap, so just do the same for QMovie's current pixmap. Task-number: QTBUG-48157 Change-Id: I7b26460f778e56ff017a5efd433f8929f30e4b41 Reviewed-by: Friedemann Kleint <[email protected]> Reviewed-by: Morten Johan Sørvig <[email protected]>
Since the macro is now just a wrapper for std::is_enum, its use is also deprecated. [ChangeLog][QtCore][Global] Q_IS_ENUM is deprecated. Use std::is_enum<>::value instead. Change-Id: I09b9f4559c02c81f338cace927873318f2acafde Reviewed-by: Thiago Macieira <[email protected]>
Any other use than for enums should use std::is_[un]signed. Make this explicit by renaming the type traits. Change-Id: I494158563c95c710e710d0d337f4e547006df171 Reviewed-by: Thiago Macieira <[email protected]>
Parameter in setPageSize is QSizeF. Without a specified unit it is hard to know what to use as input. Units depend upon the underlying paint device Change-Id: If001b3e9587d6085cc18017680fa20396e936adb Reviewed-by: Edward Welbourne <[email protected]> Reviewed-by: Topi Reiniö <[email protected]> Reviewed-by: Nico Vertriest <[email protected]> Reviewed-by: Steve Schilz <[email protected]>
Someone cut-and-pasted but forgot one of the changes. Change-Id: I647dc8117ebfe8ce3d4b26d468b80c15d4e533e8 Reviewed-by: Thiago Macieira <[email protected]>
Change-Id: Iebec7fb425a92199592cb3ea92190dd0bb5deabd Reviewed-by: Thiago Macieira <[email protected]>
No need to specify a format with alpha for the screen. Comparing to Windows, Format_ARGB32_Premultiplied was only set in the constructor, but never actually during runtime as detection enforces eith RGB32 or RGB16. Change-Id: I4c2fabbab0d14ee296f9b7e43b02de8a9836d5bb Reviewed-by: Oliver Wolff <[email protected]>
- screenshot: remove OS-dependent part of window - \image --> \borderedimage Change-Id: I3eb98595e5c2eb254d3857e4c81dfedac8b7939e Reviewed-by: Topi Reiniö <[email protected]>
Change-Id: I77ca4139cb8437b781f082195bf4c92034f55512 Reviewed-by: Marc Mutz <[email protected]> Reviewed-by: Lars Knoll <[email protected]>
Change-Id: Ia82f25f9bedfde77aeb711cb089ce3e0f95d0e59 Reviewed-by: Oswald Buddenhagen <[email protected]> Reviewed-by: Lars Knoll <[email protected]>
When we already have the hash-value we can give it to findNode to avoid recalculating it, and if don't need it later, we don't need to request it. Removes around 1% of qHash calls when running QtCreator. Change-Id: I0e5e61e26a407f4ac7e029a3ac13ddd553e4994b Reviewed-by: Thiago Macieira <[email protected]>
No-break-spaces should not be counted in the space data, but rather be treated as any other non-breakable character. We were already taking care of this in the loop we reach if the item starts with a character which isn't whitespace, but there is a second loop for items that begin with whitespace characters. The result of this was that in certain circumstances where you gave the nbsp its own format and made the line wrap, the previous line would count an extra trailing space and it would swallow the first character in its following line. [ChangeLog][QtGui][Text] Fixed a bug where a no-break space would sometimes cause the first character of the containing line to not be displayed. Task-number: QTBUG-56714 Change-Id: Idd760a389052e6de70f6cc397122b217987fa5f2 Reviewed-by: Lars Knoll <[email protected]>
the include path must be absolute, as otherwise the external module pri will contain a bogus path. amends 9a088e7. Task-number: QTBUG-56934 Change-Id: I701f5778d8c1b5586310b08e7763858460455d63 Reviewed-by: Joerg Bornemann <[email protected]>
Similar to what we recently did with the Windows font databases. The goal, again, is to add platform font database support for the minimal QPA plugin. Change-Id: Ide5f4ec452c920f169cc31c617cbcf19d8d1764d Reviewed-by: Oswald Buddenhagen <[email protected]> Reviewed-by: Oliver Wolff <[email protected]> Reviewed-by: Friedemann Kleint <[email protected]> Reviewed-by: Maurice Kalinowski <[email protected]>
On Mac, we use QComboMenuDelegate specifically as item delegate for the popup list. It happens that the order of resolving the font for each item individually would prioritize QComboBox's font instead of whatever the assigned model's FontRole would specify. The fix only requires checking whether FontRole is valid before falling back QComboBox's properties. Change-Id: I7208ad1911b30cc52c826c1884a1e19f5acd9fb4 Task-number: QTBUG-56693 Reviewed-by: Morten Johan Sørvig <[email protected]>
That relation is incorrect. We can have tslib support without evdev. Task-number: QTBUG-54998 Change-Id: I2c09bad73210fa4a13000077480c70365d482e2e Reviewed-by: Eirik Aavitsland <[email protected]>
Recent Khronos headers decided to break the world by guarding all function prototypes with GL_GLEXT_PROTOTYPES which has traditionally been used for extension headers only. Until this gets corrected - see https://lists.freedesktop.org/archives/mesa-dev/2016-September/128654.html - add the define to the config tests and qopengl.h. While 5.7 already has some of the qopengl.h fixes due to an upgraded ANGLE shipping with newer headers, this is a cross-platform issue that will surface everywhere eventually. Therefore we target the full set of fixes to 5.6. This time we also make sure the forced define of GL_GLEXT_PROTOTYPES is removed before including the ext header, thus apps get the ext protos only if they actually requested them. Task-number: QTBUG-56764 Change-Id: Ib2c6d2e7b71b8fb8683424f43e6289e64e4ee46c Reviewed-by: Oliver Wolff <[email protected]> Reviewed-by: Andy Nichols <[email protected]>
Do not move on to glGet since the behavior is undefined. Task-number: QTBUG-48986 Change-Id: Ifd279635ed1b8441f92697965d15ae3ecb59a7e3 Reviewed-by: Andy Nichols <[email protected]>
Avoid looking up by key twice in a row in various locations, but instead using iterators and index lookup. Change-Id: I61a079115199ab9c041ad3a26d36b45ee3f775e0 Reviewed-by: Thiago Macieira <[email protected]>
Add better boundary checks and catch (hopefully all) cases where invalid binary JSON could cause crashes. Change-Id: I206510b7c5e3ba953802a5f46645878e65704ecc Reviewed-by: Edward Welbourne <[email protected]>
There is logic for clearing the qgl_curent_fbo pointer in release(), but it is not always called, causing the pointer to become stale on QOpenGLFramebufferObject deletion. As a last resort, clear the qgl_curent_fbo pointer on the current context if it’s pointing to the object that is being deleted. Change-Id: I0a91d686cec5fcbe4c1520a9ba96cea833bb2249 Task-number: QTBUG-56639 Reviewed-by: Laszlo Agocs <[email protected]>
Tests are not supposed to write into the build/application directory, but rather should output to the temp directory. Change-Id: Idcdf51226a2d547514aea2fbb2054998d8a3437e Reviewed-by: Friedemann Kleint <[email protected]>
Fix compilation with topleveldomain, textodfwriter and cssparser features disabled. Change-Id: I3f061fb09eef36cd640256a46cf77dde85a54d3d Reviewed-by: Oswald Buddenhagen <[email protected]> Reviewed-by: Lars Knoll <[email protected]>
Change-Id: Idac0b24631187063445ea5acfd078b2479359d52 Reviewed-by: Olivier Goffart (Woboq GmbH) <[email protected]>
qt_x11_set_global_double_buffer() is dead code since Qt 5. Change-Id: Ie9a33b6f03dc2e39f12bc790292bb0d227f05c44 Reviewed-by: Tor Arne Vestbø <[email protected]>
Commit 824f080 introduced QPlatformSystemTrayIcon::createMenu() as a way for platforms to provide a system tray menu independently of the menu created by QPlatformTheme::createPlatformMenu(), which would on some platforms be null. Commit 063997f then made menu creation lazy, which meant that the logic in QSystemTrayIconPrivate::addPlatformMenu() to create the menu turned from "create menu via QPSTI::createMenu() if QPT::createPlatformMenu() returned null", to "create menu via QPSTI::createMenu() if menu was not created yet". The latter logic relied on each platform having implementations of QPlatformSystemTrayIcon::createMenu() which they didn't, resulting in missing menus for system trays on e.g. macOS. With the new lazy logic, the reasonable approach is for the default implementation of createMenu() to use createPlatformMenu(), which will ensure system tray menus on platforms that implement createPlatformMenu(), while still allowing platforms that don't to override createMenu() for special-casing system tray menus. Task-number: QTBUG-57365 Change-Id: Id393e802ac0435200fc885a7f4436b744962f27f Reviewed-by: J-P Nurmi <[email protected]>
Change dcd2f82 introduced fake files with the extension .cbt for custom build tools that generate code from C++ source inputs. The moc_predefs.h header file falls into this category, because it is generated from dummy.cpp. It turns out that these fake files have to exist. Otherwise the custom build step is executed on every build. That means re-moccing all mocables on every build. Fix this by actually creating the fake .cbt files with some explanatory comment in them. Task-number: QTBUG-57695 Change-Id: I251294334425d9914677787d8ba6da1169b4cca5 Reviewed-by: Oswald Buddenhagen <[email protected]> Reviewed-by: Oliver Wolff <[email protected]> (cherry picked from commit 5fc2337) Reviewed-by: Maurice Kalinowski <[email protected]>
With QT_NO_PRINTER set via the feature system there is no symbol exported at all in a packaging build. This implies that no .lib is generated. When an application has QT+=printsupport the build will fail due to a missing file. For android and ios it only worked as there is no separation and linker works against the .so file Task-number: QTBUG-56321 Change-Id: I389adaca61669b302b6c431effed2ef6d1c499a3 Reviewed-by: Simon Hausmann <[email protected]> Reviewed-by: Friedemann Kleint <[email protected]>
QRect::setX/setY will change both position and size. In this case, the width and/or height of the input rectangle could end up negative. The correct functions to use are moveLeft/moveTop which will preserve the size when changing the position. Task-number: QTBUG-58179 Change-Id: I71a2e38958754dc53e062ad1c780e2337f72ec32 Reviewed-by: Eskil Abrahamsen Blomfeldt <[email protected]>
QPlatformFontDatabase::resolveFontFamilyAlias returns the input unchanged if the font-name is not found. This means we never register the system default font when it is only a virtual font name. Task-number: QTBUG-58225 Change-Id: Ib4f80bb758aa66a163d223573bfe624bb3c134ab Reviewed-by: Eskil Abrahamsen Blomfeldt <[email protected]>
…ablet mode The hint is not appropriate for Windows 10 tablet mode as it affects only main windows. Dialogs should still show up in normal size. Partially reverts change d377f14. Task-number: QTBUG-58227 Change-Id: If9cf4990eb40913904cd97e17a7622bc6cbe84ca Reviewed-by: Maurice Kalinowski <[email protected]>
deemru
pushed a commit
that referenced
this pull request
Jan 24, 2017
…in Private::canBeNativeDialog()
Found by UBSan:
qfontdialog_p.h:77:5: runtime error: downcast of address 0x7ffc3ceadc90 which does not point to an object of type 'QFontDialog'
0x7ffc3ceadc90: note: object is of type 'QDialog'
fc 7f 00 00 38 5f a8 27 fc 2a 00 00 60 e2 14 02 00 00 00 00 10 61 a8 27 fc 2a 00 00 00 00 00 00
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'QDialog'
#0 0x2afc24d29490 in QFontDialogPrivate::q_func() const qfontdialog_p.h:77
#1 0x2afc24d29490 in QFontDialogPrivate::canBeNativeDialog() const qfontdialog.cpp:1033
#2 0x2afc24c93f56 in QDialog::setVisible(bool) qdialog.cpp:696
#3 0x2afc24c7b27a in QDialog::~QDialog() qdialog.cpp:357
#4 0x2afc24d286a6 in QFontDialog::~QFontDialog() qfontdialog.cpp:339
#5 0x2afc24d481a2 in QFontDialogPrivate::getFont(bool*, QFont const&, QWidget*, QString const&, QFlags<QFontDialog::FontDialogOption>) qfontdialog.cpp:402
#6 0x2afc24d483f1 in QFontDialog::getFont(bool*, QWidget*) qfontdialog.cpp:396
#7 0x407652 in tst_QFontDialog::testGetFont() tst_qfontdialog.cpp:120
qcolordialog.cpp:86:5: runtime error: downcast of address 0x7ffdf50c1ec0 which does not point to an object of type 'QColorDialog'
0x7ffdf50c1ec0: note: object is of type 'QDialog'
fd 7f 00 00 d8 6e c7 23 b7 2a 00 00 50 c1 af 01 00 00 00 00 b0 70 c7 23 b7 2a 00 00 00 00 1a 1e
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'QDialog'
#0 0x2ab720e4ec97 in QColorDialogPrivate::q_func() const qcolordialog.cpp:86
#1 0x2ab720e4ec97 in QColorDialogPrivate::canBeNativeDialog() const qcolordialog.cpp:1865
#2 0x2ab720e84ed6 in QDialog::setVisible(bool) qdialog.cpp:696
#3 0x2ab720e6c1fa in QDialog::~QDialog() qdialog.cpp:357
#4 0x2ab720e2b276 in QColorDialog::~QColorDialog() qcolordialog.cpp:2187
#5 0x2ab720e5e2c6 in QColorDialog::getColor(QColor const&, QWidget*, QString const&, QFlags<QColorDialog::ColorDialogOption>) qcolordialog.cpp:2148
#6 0x2ab720e5e473 in QColorDialog::getRgba(unsigned int, bool*, QWidget*) qcolordialog.cpp:2176
#7 0x407180 in tst_QColorDialog::testGetRgba() tst_qcolordialog.cpp:118
qfiledialog_p.h:112:5: runtime error: downcast of address 0x7ffd6858cc60 which does not point to an object of type 'QFileDialog'
0x7ffd6858cc60: note: object is of type 'QDialog'
a1 2b 00 00 d8 1e 5e 0c a1 2b 00 00 b0 af 01 20 a1 2b 00 00 b0 20 5e 0c a1 2b 00 00 00 00 46 00
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'QDialog'
#0 0x2ba10980a9e7 in QFileDialogPrivate::q_func() const qfiledialog_p.h:112
#1 0x2ba10980a9e7 in QFileDialogPrivate::canBeNativeDialog() const qfiledialog.cpp:695
#2 0x2ba1097efe36 in QDialog::setVisible(bool) qdialog.cpp:696
#3 0x2ba1097d715a in QDialog::~QDialog() qdialog.cpp:357
#4 0x2ba109854c4b in QFileDialog::~QFileDialog() qfiledialog.cpp:380
#5 0x4179dc in tst_QFiledialog::init() tst_qfiledialog.cpp:175
Fix by replacing Q_Q with the the equivalent expression for QDialog.
We can't re-use QDialogPrivate::q_func() here, since that is private,
and probably should stay like that.
Also fix an invalid member call in
QColorDialogPrivate::canBeNativeDialog():
qcolordialog.cpp:2050:5: runtime error: member call on address 0x7ffdf50c1ec0 which does not point to an object of type 'QColorDialog'
0x7ffdf50c1ec0: note: object is of type 'QDialog'
fd 7f 00 00 d8 6e c7 23 b7 2a 00 00 50 c1 af 01 00 00 00 00 b0 70 c7 23 b7 2a 00 00 00 00 1a 1e
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'QDialog'
#0 0x2ab720e4e5ea in QColorDialog::options() const qcolordialog.cpp:2050
#1 0x2ab720e4e8c8 in QColorDialogPrivate::canBeNativeDialog() const qcolordialog.cpp:1870
#2 0x2ab720e84ed6 in QDialog::setVisible(bool) qdialog.cpp:696
#3 0x2ab720e6c1fa in QDialog::~QDialog() qdialog.cpp:357
#4 0x2ab720e2b276 in QColorDialog::~QColorDialog() qcolordialog.cpp:2187
#5 0x2ab720e5e2c6 in QColorDialog::getColor(QColor const&, QWidget*, QString const&, QFlags<QColorDialog::ColorDialogOption>) qcolordialog.cpp:2148
#6 0x2ab720e5e473 in QColorDialog::getRgba(unsigned int, bool*, QWidget*) qcolordialog.cpp:2176
#7 0x407180 in tst_QColorDialog::testGetRgba() tst_qcolordialog.cpp:118
by accessing the data member directly instead of through the Public API.
Fix the same code in QFileDialog, even though the autotest coverage is
too limited for UBSan to point that one out explicitly.
Change-Id: Idd278744961435e417d91fb2f89b6d91a94e0c71
Reviewed-by: Friedemann Kleint <[email protected]>
deemru
pushed a commit
that referenced
this pull request
Jan 24, 2017
Found by UBSan:
qgraphicsscene.cpp:1000:40: runtime error: downcast of address 0x2af0d4072b00 which does not point to an object of type 'QGraphicsWidget'
0x2af0d4072b00: note: object is of type 'QGraphicsObject'
00 00 00 00 30 f5 26 bd f0 2a 00 00 90 e1 05 d4 f0 2a 00 00 a8 e3 26 bd f0 2a 00 00 d0 33 0f d4
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'QGraphicsObject'
#0 0x2af0badf1305 in QGraphicsScenePrivate::ungrabMouse(QGraphicsItem*, bool) qgraphicsscene.cpp:1000
#1 0x2af0bae0fc24 in QGraphicsScenePrivate::removeItemHelper(QGraphicsItem*) qgraphicsscene.cpp:692
#2 0x2af0bacd21f6 in QGraphicsItem::~QGraphicsItem() qgraphicsitem.cpp:1555
#3 0x2af0bacd4c48 in QGraphicsObject::~QGraphicsObject() qgraphicsitem.cpp:7766
#4 0x2af0baf7e99c in QGraphicsWidget::~QGraphicsWidget() qgraphicswidget.cpp:231
#5 0x2af0baf7f8c0 in QGraphicsWidget::~QGraphicsWidget() qgraphicswidget.cpp:282
#6 0x2af0badcee34 in QGraphicsScene::clear() qgraphicsscene.cpp:2388
#7 0x2af0badcf3fc in QGraphicsScene::~QGraphicsScene() qgraphicsscene.cpp:1682
#8 0x4b26f0 in tst_QGraphicsWidget::popupMouseGrabber() tst_qgraphicswidget.cpp:47
Fix by using the existing graphics widget pointer,
determined a line above to be equivalent to 'item',
for the removePopup() function call instead of
casting 'item' itself.
The rest of removePopup() appears to be well-behaved
and doesn't trigger any more UBSan errors, so it was
indeed just the cast which was undefined, no member
calls.
Change-Id: Ia54da90262a7a02f527914a90b0208be0ffc0f0b
Reviewed-by: Thiago Macieira <[email protected]>
deemru
pushed a commit
that referenced
this pull request
Jan 24, 2017
…ivate::canBeNativeDialog()
Found by UBSan:
qcolordialog.cpp:86:5: runtime error: downcast of address 0x7ffdf50c1ec0 which does not point to an object of type 'QColorDialog'
0x7ffdf50c1ec0: note: object is of type 'QDialog'
fd 7f 00 00 d8 6e c7 23 b7 2a 00 00 50 c1 af 01 00 00 00 00 b0 70 c7 23 b7 2a 00 00 00 00 1a 1e
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'QDialog'
#0 0x2ab720e4ec97 in QColorDialogPrivate::q_func() const qcolordialog.cpp:86
#1 0x2ab720e4ec97 in QColorDialogPrivate::canBeNativeDialog() const qcolordialog.cpp:1865
#2 0x2ab720e84ed6 in QDialog::setVisible(bool) qdialog.cpp:696
#3 0x2ab720e6c1fa in QDialog::~QDialog() qdialog.cpp:357
#4 0x2ab720e2b276 in QColorDialog::~QColorDialog() qcolordialog.cpp:2187
#5 0x2ab720e5e2c6 in QColorDialog::getColor(QColor const&, QWidget*, QString const&, QFlags<QColorDialog::ColorDialogOption>) qcolordialog.cpp:2148
#6 0x2ab720e5e473 in QColorDialog::getRgba(unsigned int, bool*, QWidget*) qcolordialog.cpp:2176
#7 0x407180 in tst_QColorDialog::testGetRgba() tst_qcolordialog.cpp:118
qfiledialog_p.h:112:5: runtime error: downcast of address 0x7ffd6858cc60 which does not point to an object of type 'QFileDialog'
0x7ffd6858cc60: note: object is of type 'QDialog'
a1 2b 00 00 d8 1e 5e 0c a1 2b 00 00 b0 af 01 20 a1 2b 00 00 b0 20 5e 0c a1 2b 00 00 00 00 46 00
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'QDialog'
#0 0x2ba10980a9e7 in QFileDialogPrivate::q_func() const qfiledialog_p.h:112
#1 0x2ba10980a9e7 in QFileDialogPrivate::canBeNativeDialog() const qfiledialog.cpp:695
#2 0x2ba1097efe36 in QDialog::setVisible(bool) qdialog.cpp:696
#3 0x2ba1097d715a in QDialog::~QDialog() qdialog.cpp:357
#4 0x2ba109854c4b in QFileDialog::~QFileDialog() qfiledialog.cpp:380
#5 0x4179dc in tst_QFiledialog::init() tst_qfiledialog.cpp:175
Fix by replacing Q_Q with the the equivalent expression for QDialog.
We can't re-use QDialogPrivate::q_func() here, since that is private,
and probably should stay like that.
Also fix an invalid member call in
QColorDialogPrivate::canBeNativeDialog():
qcolordialog.cpp:2050:5: runtime error: member call on address 0x7ffdf50c1ec0 which does not point to an object of type 'QColorDialog'
0x7ffdf50c1ec0: note: object is of type 'QDialog'
fd 7f 00 00 d8 6e c7 23 b7 2a 00 00 50 c1 af 01 00 00 00 00 b0 70 c7 23 b7 2a 00 00 00 00 1a 1e
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'QDialog'
#0 0x2ab720e4e5ea in QColorDialog::options() const qcolordialog.cpp:2050
#1 0x2ab720e4e8c8 in QColorDialogPrivate::canBeNativeDialog() const qcolordialog.cpp:1870
#2 0x2ab720e84ed6 in QDialog::setVisible(bool) qdialog.cpp:696
#3 0x2ab720e6c1fa in QDialog::~QDialog() qdialog.cpp:357
#4 0x2ab720e2b276 in QColorDialog::~QColorDialog() qcolordialog.cpp:2187
#5 0x2ab720e5e2c6 in QColorDialog::getColor(QColor const&, QWidget*, QString const&, QFlags<QColorDialog::ColorDialogOption>) qcolordialog.cpp:2148
#6 0x2ab720e5e473 in QColorDialog::getRgba(unsigned int, bool*, QWidget*) qcolordialog.cpp:2176
#7 0x407180 in tst_QColorDialog::testGetRgba() tst_qcolordialog.cpp:118
by accessing the data member directly instead of through the Public API.
Fix the same code in QFileDialog, even though the autotest coverage is
too limited for UBSan to point that one out explicitly.
This commit amends abe8b4a, in which
it should have been included in the first place...
Change-Id: Iff0538eba61d2381359f0b61f35918d643f7aa0c
Reviewed-by: Thiago Macieira <[email protected]>
deemru
pushed a commit
that referenced
this pull request
Jan 24, 2017
Found by UBSan:
qstackedlayout.cpp:261:98: runtime error: downcast of address 0x60400003cd10 which does not point to an object of type 'QtFriendlyLayoutWidget'
0x60400003cd10: note: object is of type 'QWidget'
0e 00 80 76 70 0b 06 3f d6 2a 00 00 00 99 00 00 50 61 00 00 20 0d 06 3f d6 2a 00 00 00 00 be be
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'QWidget'
#0 0x2ad637b8f58f in qt_wasDeleted qstackedlayout.cpp:261
#1 0x2ad637b8f58f in QStackedLayout::takeAt(int) qstackedlayout.cpp:285
#2 0x2ad637b4afcb in QLayout::removeWidget(QWidget*) qlayout.cpp:1369
#3 0x413534 in tst_QStackedLayout::testCase() tst_qstackedlayout.cpp:155
Caused by using a struct to get access to QWidgetPrivate::wasDeleted
using a cast. That cast is invalid, of course, so simply use
QWidgetPrivate::get().
Caveat: we need a const version of that function, but that didn't
exist, yet, so added one.
Change-Id: I27d449b90be7e2072646d950c676b500ef698349
Reviewed-by: Thiago Macieira <[email protected]>
deemru
pushed a commit
that referenced
this pull request
Jan 24, 2017
Found by UBSan:
qlayout.cpp:612:50: runtime error: downcast of address 0x7ffcd4c39a70 which does not point to an object of type 'QWidget'
0x7ffcd4c39a70: note: object is of type 'QObject'
00 00 00 00 b0 43 4c 7b f5 2a 00 00 70 c9 28 02 00 00 00 00 08 93 9a 77 f5 2a 00 00 00 00 c3 d4
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'QObject'
#0 0x2af56f189960 in QLayout::widgetEvent(QEvent*) qlayout.cpp:612
#1 0x2af56f037660 in QApplicationPrivate::notify_helper(QObject*, QEvent*) qapplication.cpp:3732
#2 0x2af56f06ae5b in QApplication::notify(QObject*, QEvent*) qapplication.cpp:3704
#3 0x2af57989e383 in QCoreApplication::notifyInternal2(QObject*, QEvent*) qcoreapplication.cpp:988
#4 0x2af5799c1696 in QCoreApplication::sendEvent(QObject*, QEvent*) qcoreapplication.h:231
#5 0x2af5799c1696 in QObjectPrivate::setParent_helper(QObject*) qobject.cpp:2043
#6 0x2af5799c4823 in QObject::~QObject() qobject.cpp:1095
#7 0x2af56f2d205d in QWidget::~QWidget() qwidget.cpp:1549
#8 0x2af56f9c1366 in QFrame::~QFrame() qframe.cpp:262
#9 0x2af56f9e76cb in QLabel::~QLabel() qlabel.cpp:247
#10 0x458077 in tst_QStyleSheetStyle::emptyStyleSheet() tst_qstylesheetstyle.cpp:1400
Fix by not casting at all (or, to be precise, casting implicitly up
instead of explicitly down).
Change-Id: Ic19fd29e0cabd1aee5b1c93ca4c0fc70bc7a5927
Reviewed-by: Thiago Macieira <[email protected]>
deemru
pushed a commit
that referenced
this pull request
Jan 24, 2017
Found by UBSan:
qwidget.cpp:5228:62: runtime error: downcast of address 0x61b00003d480 which does not point to an object of type 'QWidget'
0x61b00003d480: note: object is of type 'QMainWindowLayout'
bc 00 00 75 90 2e 2a 78 4f 2b 00 00 40 c1 02 00 f0 60 00 00 78 2f 2a 78 4f 2b 00 00 00 00 00 00
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'QMainWindowLayout'
#0 0x2b4f70efb1c2 in sendResizeEvents qwidget.cpp:5228
#1 0x2b4f70f65f7f in QWidget::grab(QRect const&) qwidget.cpp:5252
#2 0x6b1746 in tst_QWidget::render_task188133() tst_qwidget.cpp:6615
Fix by performing the cast only after the test for isWidgetType() has
succeeded.
Change-Id: I061a60ef35bcb5fbefb9bc7b84706c9dd5afd207
Reviewed-by: Thiago Macieira <[email protected]>
deemru
pushed a commit
that referenced
this pull request
Jan 24, 2017
…nize()
As found by UBSan:
qstandardgestures.cpp:511:67: runtime error: downcast of address 0x7ffc9beb1b90 which does not point to an object of type 'QTouchEvent'
0x7ffc9beb1b90: note: object is of type 'QPlatformSurfaceEvent'
fc 7f 00 00 08 93 b1 6f f5 2a 00 00 00 00 00 00 00 00 00 00 d9 00 ec 9b 00 00 00 00 49 01 c1 5e
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'QPlatformSurfaceEvent'
#0 0x2af55edfa66a in QTapAndHoldGestureRecognizer::recognize(QGesture*, QObject*, QEvent*) qstandardgestures.cpp:511
#1 0x2af55ee3d9bb in QGestureManager::filterEventThroughContexts(QMultiMap<QObject*, Qt::GestureType> const&, QEvent*) qgesturemanager.cpp:276
#2 0x2af55ee4565b in QGestureManager::filterEvent(QWidget*, QEvent*) qgesturemanager.cpp:512
#3 0x2af55ee53945 in QGestureManager::filterEvent(QObject*, QEvent*) qgesturemanager.cpp:556
#4 0x2af55ea1b83a in QApplication::notify(QObject*, QEvent*) qapplication.cpp:3053
#5 0x2af573949d0f in QCoreApplication::notifyInternal2(QObject*, QEvent*) qcoreapplication.cpp:988
#6 0x2af56982ff94 in QCoreApplication::sendEvent(QObject*, QEvent*) qcoreapplication.h:231
#7 0x2af56982ff94 in QWindowPrivate::create(bool) qwindow.cpp:435
#8 0x2af55ecd10fe in QWidgetPrivate::create_sys(unsigned long long, bool, bool) qwidget.cpp:1471
#9 0x2af55ecc770e in QWidget::create(unsigned long long, bool, bool) qwidget.cpp:1333
#10 0x2af55ed80618 in QWidget::setVisible(bool) qwidget.cpp:8156
#11 0x4feec4 in tst_QWidget::touchEventsForGesturePendingWidgets() tst_qwidget.cpp:9824
qstandardgestures.cpp:512:67: runtime error: downcast of address 0x7ffc9beb1b90 which does not point to an object of type 'QMouseEvent'
0x7ffc9beb1b90: note: object is of type 'QPlatformSurfaceEvent'
fc 7f 00 00 08 93 b1 6f f5 2a 00 00 00 00 00 00 00 00 00 00 d9 00 ec 9b 00 00 00 00 49 01 c1 5e
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'QPlatformSurfaceEvent'
#0 0x2af55edfaa19 in QTapAndHoldGestureRecognizer::recognize(QGesture*, QObject*, QEvent*) qstandardgestures.cpp:512
[... skipping common lines ...]
qstandardgestures.cpp:514:95: runtime error: downcast of address 0x
0x7ffc9beb1b90: note: object is of type 'QPlatformSurfaceEvent'
fc 7f 00 00 08 93 b1 6f f5 2a 00 00 00 00 00 00 00 00 00 00 d9 00 ec 9b 00 00 00 0
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'QPlatformSurfaceEvent'
#0 0x2af55edfa966 in QTapAndHoldGestureRecognizer::recognize(QGesture*, QObject*, QEvent*) qstandardgestures.cpp:514
[... skipping common lines ...]
The problem is that the casts are done outside the switch that
determines the event's type, so for any given event object, at least
any two of the casts are invalid.
This could actually be a real problem, because it's trivial for a
compiler to prove that these three lines unconditionally invoke UB, so
it has all the right in the world to decide to drop the complete rest
of the function, using this line of reasoning:
1. The only way for these three casts not to be UB is if event ==
nullptr.
2. If event == nullptr, then event->type() invokes UB, so event cannot
be nullptr.
3. The only way both can be true is if this code path is never
taken. I can thus assume that
object == state && event->type() == QEvent::Timer
is always true, drop the check and execute the if block
unconditionally (I need to call QEvent::type(), to satisfy the
as-if-rule, but I needn't check its return value).
Fix by moving the casts where they belong: into each case of the
switch, where the type of the event has been checked to match the
target type of the cast.
Change-Id: I3aee8e213dc19d2f51636bcc5221cc92b3142e58
Reviewed-by: Thiago Macieira <[email protected]>
deemru
pushed a commit
that referenced
this pull request
Jan 24, 2017
The slot is invoked from QObject::destroyed(), which is emitted
from ~QObject. By that time the object is no longer a QShortcut,
so the static_cast it invalid.
Found by UBSan:
tst_qshortcut.cpp:1210:53: runtime error: downcast of address 0x6020000289d0 which does not point to an object of type 'QShortcut'
0x6020000289d0: note: object is of type 'QObject'
10 00 80 17 c0 ce 63 df 93 2b 00 00 b0 02 00 00 d0 60 00 00 02 00 00 00 ff ff ff 04 04 00 00 00
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'QObject'
#0 0x42b3bb in tst_QShortcut::shortcutDestroyed(QObject*) tst_qshortcut.cpp:1210
#1 0x446cc9 in tst_QShortcut::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) .moc/tst_qshortcut.moc:186
#2 0x2b93dba52c86 in QMetaObject::activate(QObject*, int, int, void**) qobject.cpp:3787
#3 0x2b93dba55400 in QObject::destroyed(QObject*) .moc/moc_qobject.cpp:213
#4 0x2b93dba8d80d in QObject::~QObject() qobject.cpp:967
#5 0x2b93c6b6e032 in QShortcut::~QShortcut() qshortcut.cpp:476
#6 0x2b93c6b6e370 in QShortcut::~QShortcut() qshortcut.cpp:481
#7 0x42a5de in void qDeleteAll<QList<QShortcut*>::const_iterator>(QList<QShortcut*>::const_iterator, QList<QShortcut*>::const_iterator) qalgorithms.h:317
#8 0x42a5de in void qDeleteAll<QList<QShortcut*> >(QList<QShortcut*> const&) qalgorithms.h:325
#9 0x42a5de in tst_QShortcut::clearAllShortcuts() tst_qshortcut.cpp:1136
Fix by replacing QVector::replaceAll() with the erase-remove idiom,
which does not require the cast, because it can perform mixed-type
lookups.
Change-Id: I4251c1895fa4398023f489dbfd7108d90c1a6c94
Reviewed-by: Giuseppe D'Angelo <[email protected]>
deemru
pushed a commit
that referenced
this pull request
Jan 24, 2017
Found by UBSan:
qgraphicswidget_p.h:72:5: runtime error: downcast of address 0x2ab6a8021400 which does not point to an object of type 'QGraphicsWidget'
0x2ab6a8021400: note: object is of type 'QGraphicsObject'
00 00 00 00 70 93 5c 91 b6 2a 00 00 f0 c0 01 a8 b6 2a 00 00 e8 81 5c 91 b6 2a 00 00 10 bf 01 a8
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'QGraphicsObject'
#0 0x2ab68f2fdd7c in QGraphicsWidgetPrivate::q_func() qgraphicswidget_p.h:72
#1 0x2ab68f2fdd7c in QGraphicsWidgetPrivate::fixFocusChainBeforeReparenting(QGraphicsWidget*, QGraphicsScene*, QGraphicsScene*) qgraphicswidget_p.cpp:775
#2 0x2ab68f020d2a in QGraphicsItemPrivate::setParentItemHelper(QGraphicsItem*, QVariant const*, QVariant const*) qgraphicsitem.cpp:1181
#3 0x2ab68f024f73 in QGraphicsItem::setParentItem(QGraphicsItem*) qgraphicsitem.cpp:1781
#4 0x2ab68f168401 in QGraphicsScenePrivate::removeItemHelper(QGraphicsItem*) qgraphicsscene.cpp:620
#5 0x2ab68f02c166 in QGraphicsItem::~QGraphicsItem() qgraphicsitem.cpp:1555
#6 0x2ab68f02ebb8 in QGraphicsObject::~QGraphicsObject() qgraphicsitem.cpp:7766
#7 0x2ab68f2d8888 in QGraphicsWidget::~QGraphicsWidget() qgraphicswidget.cpp:231
#8 0x4bce62 in SubQGraphicsWidget::~SubQGraphicsWidget() /tst_qgraphicswidget.cpp:175
#9 0x4bce62 in SubQGraphicsWidget::~SubQGraphicsWidget() /tst_qgraphicswidget.cpp:175
#10 0x2ab68f02c9ec in QGraphicsItem::~QGraphicsItem() qgraphicsitem.cpp:1550
#11 0x2ab68f02ebb8 in QGraphicsObject::~QGraphicsObject() qgraphicsitem.cpp:7766
#12 0x2ab68f2d8888 in QGraphicsWidget::~QGraphicsWidget() qgraphicswidget.cpp:231
#13 0x4bce62 in SubQGraphicsWidget::~SubQGraphicsWidget() /tst_qgraphicswidget.cpp:175
#14 0x4bce62 in SubQGraphicsWidget::~SubQGraphicsWidget() /tst_qgraphicswidget.cpp:175
qt#15 0x2ab68f128da4 in QGraphicsScene::clear() qgraphicsscene.cpp:2388
qt#16 0x2ab68f12936c in QGraphicsScene::~QGraphicsScene() qgraphicsscene.cpp:1682
qt#17 0x44d44c in tst_QGraphicsWidget::focusWidget() /tst_qgraphicswidget.cpp:435
qgraphicswidget_p.cpp:805:24: runtime error: member call on address 0x2ab6a8021400 which does not point to an object of type 'QGraphicsWidget'
0x2ab6a8021400: note: object is of type 'QGraphicsObject'
00 00 00 00 70 93 5c 91 b6 2a 00 00 f0 c0 01 a8 b6 2a 00 00 e8 81 5c 91 b6 2a 00 00 10 bf 01 a8
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'QGraphicsObject'
#0 0x2ab68f2fdc68 in QGraphicsWidgetPrivate::fixFocusChainBeforeReparenting(QGraphicsWidget*, QGraphicsScene*, QGraphicsScene*) qgraphicswidget_p.cpp:805
#1 0x2ab68f020d2a in QGraphicsItemPrivate::setParentItemHelper(QGraphicsItem*, QVariant const*, QVariant const*) qgraphicsitem.cpp:1181
[... identical lines omitted ...]
qgraphicswidget_p.cpp:806:23: runtime error: member call on address 0x2ab6a8021400 which does not point to an object of type 'QGraphicsWidget'
0x2ab6a8021400: note: object is of type 'QGraphicsObject'
00 00 00 00 70 93 5c 91 b6 2a 00 00 f0 c0 01 a8 b6 2a 00 00 e8 81 5c 91 b6 2a 00 00 10 bf 01 a8
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'QGraphicsObject'
#0 0x2ab68f2fdb6b in QGraphicsWidgetPrivate::fixFocusChainBeforeReparenting(QGraphicsWidget*, QGraphicsScene*, QGraphicsScene*) qgraphicswidget_p.cpp:806
#1 0x2ab68f020d2a in QGraphicsItemPrivate::setParentItemHelper(QGraphicsItem*, QVariant const*, QVariant const*) qgraphicsitem.cpp:1181
[... identical lines omitted ...]
qgraphicswidget_p.cpp:827:26: runtime error: member call on address 0x2ab6a8021400 which does not point to an object of type 'QGraphicsWidget'
0x2ab6a8021400: note: object is of type 'QGraphicsObject'
00 00 00 00 70 93 5c 91 b6 2a 00 00 f0 c0 01 a8 b6 2a 00 00 e8 81 5c 91 b6 2a 00 00 10 bf 01 a8
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'QGraphicsObject'
#0 0x2ab68f2fdf91 in QGraphicsWidgetPrivate::fixFocusChainBeforeReparenting(QGraphicsWidget*, QGraphicsScene*, QGraphicsScene*) qgraphicswidget_p.cpp:827
#1 0x2ab68f020d2a in QGraphicsItemPrivate::setParentItemHelper(QGraphicsItem*, QVariant const*, QVariant const*) qgraphicsitem.cpp:1181
[... identical lines omitted ...]
Fix by moving the setParentItem(nullptr) call up the call stack
into ~QGraphicsWidget(), ensuring that the object is still a
QGraphicsWidget when these calls are made.
Change-Id: I264779e33098e9752de9a312a146fb203578a3cc
Reviewed-by: Thiago Macieira <[email protected]>
Reviewed-by: Giuseppe D'Angelo <[email protected]>
deemru
pushed a commit
that referenced
this pull request
Jan 24, 2017
…ventFilter()
Found by UBSan:
tst_qwidget.cpp:10207:29: runtime error: member access within address 0x6060000e8880 which does not point to an object of type 'EnterTestModalDialog'
0x6060000e8880: note: object is of type 'QWidget'
eb 00 80 45 10 4b 32 ab 11 2b 00 00 80 df 08 00 60 61 00 00 c0 4c 32 ab 11 2b 00 00 00 00 be be
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'QWidget'
#0 0x6ca13f in EnterTestMainDialog::eventFilter(QObject*, QEvent*) tst_qwidget.cpp:10207
#1 0x2b11b8bc90c3 in QCoreApplicationPrivate::sendThroughApplicationEventFilters(QObject*, QEvent*) qcoreapplication.cpp:1081
#2 0x2b11a3c49b4a in QApplicationPrivate::notify_helper(QObject*, QEvent*) qapplication.cpp:3716
#3 0x2b11a3c8ec72 in QApplication::notify(QObject*, QEvent*) qapplication.cpp:3704
#4 0x2b11b8bccd0f in QCoreApplication::notifyInternal2(QObject*, QEvent*) qcoreapplication.cpp:988
#5 0x2b11aea5c34d in QCoreApplication::sendEvent(QObject*, QEvent*) qcoreapplication.h:231
#6 0x2b11aea5c34d in QGuiApplicationPrivate::_q_updateFocusObject(QObject*) qguiapplication.cpp:3690
#7 0x2b11aea61360 in QGuiApplication::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) .moc/moc_qguiapplication.cpp:177
#8 0x2b11b8d1dc86 in QMetaObject::activate(QObject*, int, int, void**) qobject.cpp:3787
#9 0x2b11aea784a3 in QWindow::focusObjectChanged(QObject*) .moc/moc_qwindow.cpp:760
#10 0x2b11a3fb24f2 in QWidget::clearFocus() qwidget.cpp:6705
#11 0x2b11a3fc87b1 in QWidget::~QWidget() qwidget.cpp:1608
#12 0x2b11a526688c in QDialog::~QDialog() qdialog.cpp:352
#13 0x6c43e2 in EnterTestModalDialog::~EnterTestModalDialog() tst_qwidget.cpp:10160
#14 0x6c43e2 in EnterTestModalDialog::~EnterTestModalDialog() tst_qwidget.cpp:10160
qt#15 0x492be3 in EnterTestMainDialog::buttonPressed() tst_qwidget.cpp:10188
qt#16 0x492be3 in EnterTestMainDialog::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) .moc/tst_qwidget.moc:2056
qt#17 0x2b11b8d1dc86 in QMetaObject::activate(QObject*, int, int, void**) qobject.cpp:3787
qt#18 0x2b11a45cb833 in QAbstractButton::clicked(bool) .moc/moc_qabstractbutton.cpp:307
qt#19 0x2b11a45cd54b in QAbstractButtonPrivate::emitClicked() qabstractbutton.cpp:411
qt#20 0x2b11a45df73a in QAbstractButtonPrivate::click() qabstractbutton.cpp:404
[...]
qt#41 0x6bb2cf in tst_QWidget::taskQTBUG_27643_enterEvents() tst_qwidget.cpp:10249
[...]
Fix by checking the event type first, and accessing
modal->button only if it's QEvent::Enter.
Change-Id: I2c7df3a1f43ecbfe14741b5861729078a91a32d6
Reviewed-by: Friedemann Kleint <[email protected]>
deemru
pushed a commit
that referenced
this pull request
Jan 24, 2017
Found by UBSan:
qnetworkreplyhttpimpl.cpp:457:29: runtime error: member call on address 0x602000009cf0 which does not point to an object of type 'QNetworkReplyHttpImpl'
0x602000009cf0: note: object is of type 'QObject'
1e 00 80 18 20 e0 bb 12 54 7f 00 00 00 f2 00 00 70 61 00 00 02 00 00 00 ff ff ff 06 08 00 00 00
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'QObject'
#0 0x7f541461b71b in QNetworkReplyHttpImplPrivate::~QNetworkReplyHttpImplPrivate() qnetworkreplyhttpimpl.cpp:457
#1 0x7f541461b7f0 in QNetworkReplyHttpImplPrivate::~QNetworkReplyHttpImplPrivate() qnetworkreplyhttpimpl.cpp:458
#2 0x7f540f26df1a in QScopedPointerDeleter<QObjectData>::cleanup(QObjectData*) qscopedpointer.h:54
#3 0x7f540f26df1a in QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> >::~QScopedPointer() qscopedpointer.h:101
#4 0x7f540f26df1a in QObject::~QObject() qobject.cpp:940
#5 0x7f540e915f6e in QIODevice::~QIODevice() qiodevice.cpp:416
#6 0x7f5414599bae in QNetworkReply::~QNetworkReply() qnetworkreply.cpp:444
#7 0x7f54145e6f5e in QNetworkReplyHttpImpl::~QNetworkReplyHttpImpl() qnetworkreplyhttpimpl.cpp:239
#8 0x7f54145e6f5e in QNetworkReplyHttpImpl::~QNetworkReplyHttpImpl() qnetworkreplyhttpimpl.cpp:242
#9 0x7f54144b3539 in void qDeleteAll<QList<QNetworkReply*>::const_iterator>(QList<QNetworkReply*>::const_iterator, QList<QNetworkReply*>::const_iterator) qalgorithms.h:317
#10 0x7f54144b3539 in void qDeleteAll<QList<QNetworkReply*> >(QList<QNetworkReply*> const&) qalgorithms.h:325
#11 0x7f54144b3539 in QNetworkAccessManager::~QNetworkAccessManager() qnetworkaccessmanager.cpp:496
Fix by moving the emission of the QNetworkReplyHttpImpl::abortHttpRequest()
signal from ~Private, when the public object is merely a QObject anymore,
to ~QNetworkReplyHttpImpl(), when the public class is still itself.
Change-Id: Ifb3b19f6d180452bdf3fc26f54629ef780a5d9d9
Reviewed-by: Timur Pocheptsov <[email protected]>
deemru
pushed a commit
that referenced
this pull request
Jun 1, 2017
QString::toUtf8() returns QByteArray, which got implicitly converted to
C strings and promptly deleted. Instead, return the QByteArray to the
caller.
Found by ASAN:
==13935==ERROR: AddressSanitizer: heap-use-after-free on address 0x6060000dffb8 at pc 0x7f764f27320b bp 0x7ffd49b11bb0 sp 0x7ffd49b11358
READ of size 7 at 0x6060000dffb8 thread T0
#1 0x7f7649d174e2 in g_strdup (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x684e2)
#2 0x7f763f7abe5b (/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x39e5b)
#3 0x7f763f78915a in g_object_new_valist (/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x1715a)
#4 0x7f763f789520 in g_object_new (/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x17520)
#5 0x7f7640f6bcb0 in gtk_dialog_add_button (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x186cb0)
#6 0x7f7640f8d2c9 in gtk_file_chooser_dialog_new (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x1a82c9)
#7 0x7f7641727281 (/opt/Qt5.8.0/5.8/gcc_64/plugins/platformthemes/libqgtk3.so+0x13281)
Task-number: QTBUG-59611
Change-Id: I37cc967e689f4523b504fffd14adbf944b53b754
Reviewed-by: J-P Nurmi <[email protected]>
deemru
pushed a commit
that referenced
this pull request
Jun 1, 2017
Delete the QGraphicsEffect from the QWidget destructor instead of from
the QWidgetPrivate destructor. The destructor of QGraphicsEffect still
access methods of the QWidget, but the QObjectPrivate being destroyed
from ~QObject, the pointer is no longer a QWidget.
Fix warning with UB sanitizer in tst_QWidget::setGraphicsEffect
qwidget_p.h:900:23: runtime error: member call on address 0x000001d822c0 which does not point to an object of type 'QWidget'
0x000001d822c0: note: object is of type 'QObject'
00 00 00 00 b0 46 5f 40 e5 7f 00 00 00 23 d8 01 00 00 00 00 f0 e6 00 44 e5 7f 00 00 00 00 74 47
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'QObject'
#0 0x7fe54767db76 in QWidgetEffectSourcePrivate::detach()
#1 0x7fe548f29815 in QGraphicsEffect::~QGraphicsEffect()
#2 0x7fe548f2a1b7 in QGraphicsBlurEffect::~QGraphicsBlurEffect()
#3 0x7fe548f2a208 in QGraphicsBlurEffect::~QGraphicsBlurEffect()
#4 0x7fe5475cd463 in QWidgetPrivate::~QWidgetPrivate()
#5 0x7fe5475ce62c in QWidgetPrivate::~QWidgetPrivate()
#6 0x7fe5400d0dda in QObject::~QObject()
#7 0x7fe54763d411 in QWidget::~QWidget()
#8 0x7fe54763d7f4 in QWidget::~QWidget()
#9 0x4cc309 in QScopedPointerDeleter<QWidget>::cleanup(QWidget*)
#10 0x4cc309 in QScopedPointer<QWidget, QScopedPointerDeleter<QWidget> >::reset(QWidget*)
#11 0x4cc309 in tst_QWidget::setGraphicsEffect()
Change-Id: I19c049e979cfce2adda908af8336cb4adac8f6c4
Reviewed-by: Marc Mutz <[email protected]>
deemru
pushed a commit
that referenced
this pull request
Oct 17, 2017
CID 10994 (#1 of 1): Resource leak in object (CTOR_DTOR_LEAK) The font database was not destroyed in the destructor. Coverity-Id: 10994 Change-Id: Ibd4cb0b65d1e554593295a3654e8d8c946551cc2 Reviewed-by: Laszlo Agocs <[email protected]> Reviewed-by: Jesus Fernandez <[email protected]>
deemru
pushed a commit
that referenced
this pull request
Oct 17, 2017
CID 11161 (#1 of 1): Missing break in switch (MISSING_BREAK) unterminated_case: The case for value Qt::BottomToolBarArea is not terminated by a 'break' statement. Coverity-Id: 11161 Change-Id: Ie254d0339e41a58004632e9997febac4a1ab4edd Reviewed-by: Jan Arve Sæther <[email protected]>
deemru
pushed a commit
that referenced
this pull request
Oct 17, 2017
I'm getting crashes in Akonadi processes due to libproxy. I don't have direct evidence that this was caused by a threading condition, but it's clear from the source code of libproxy that the plugins it runs for expanding PAC scripts are not thread-safe. To overcome this problem, we only run libproxy functions in one thread only. #0 0x00007f745f0ac1d8 in JSC::HeapTimer::timerDidFire() () at /usr/lib64/libjavascriptcoregtk-4.0.so.18 #1 0x00007f745f0ac287 in () at /usr/lib64/libjavascriptcoregtk-4.0.so.18 #2 0x00007f748e5ae9c5 in g_main_context_dispatch () at /usr/lib64/libglib-2.0.so.0 #3 0x00007f748e5aed88 in () at /usr/lib64/libglib-2.0.so.0 #4 0x00007f748e5aee1c in g_main_context_iteration () at /usr/lib64/libglib-2.0.so.0 #5 0x00007f7494f4268f in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib64/libQt5Core.so.5 #6 0x00007f7494eeb35a in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib64/libQt5Core.so.5 #7 0x00007f7494d1b31a in QThread::exec() () at /usr/lib64/libQt5Core.so.5 #8 0x00007f7494d1fd2e in () at /usr/lib64/libQt5Core.so.5 #9 0x00007f74913174e7 in start_thread () at /lib64/libpthread.so.0 The pacrunner implementation of libproxy uses libdbus-1 which (officially) is thread-safe, but experience tells that it has problems. Since it is not running a JS engine, we don't need a thread, but we do need to lock around it. Change-Id: I84e45059a888497fb55ffffd14d2f638f21e807d Reviewed-by: Edward Welbourne <[email protected]>
deemru
pushed a commit
that referenced
this pull request
Dec 8, 2017
CID 178811 (#1 of 1): Resource leak (RESOURCE_LEAK) 25. leaked_storage: Variable dptr going out of scope leaks the storage it points to. Change-Id: I3354fe46cfb08701f387f65aaaa5c4f235079501 Coverity-Id: 178811 Reviewed-by: Edward Welbourne <[email protected]>
deemru
pushed a commit
that referenced
this pull request
Dec 8, 2017
CID 158429 (#1 of 1): Dereference before null check (REVERSE_INULL) check_after_deref: Null-checking ctx suggests that it may be null, but it has already been dereferenced on all paths leading to the check. Coverity-Id: 158429 Change-Id: I6d202599e962dae5ea4a45401f34237dd496d38b Reviewed-by: Edward Welbourne <[email protected]>
deemru
pushed a commit
that referenced
this pull request
Aug 2, 2018
This is a regression introduced with commit cb14295 that changed the code from using QString:fromUtf8(name, propertyLength) to QString::fromUtf8(name), assuming that the property name is a zero-terminated string. That however is not correct. ASAN trace: ==4039==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60400001e0b4 at pc 0x7f3383c7d66e bp 0x7ffdc8e3d9b0 sp 0x7ffdc8e3d158 READ of size 5 at 0x60400001e0b4 thread T0 #0 0x7f3383c7d66d (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x5166d) #1 0x7f337602f32a in QString::fromUtf8(char const*, int) ../../../../include/QtCore/../../src/corelib/tools/qstring.h:569 #2 0x7f337602f32a in QXcbWindow::windowTitle(QXcbConnection const*, unsigned int) /home/simon/dev/qt-5.11/qtbase/src/plugins/platforms/xcb/qxcbwindow.cpp:2861 [...] 0x60400001e0b4 is located 0 bytes to the right of 36-byte region [0x60400001e090,0x60400001e0b4) allocated by thread T1 (QXcbEventReader) here: #0 0x7f3383d0ab50 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb50) #1 0x7f337b397e2b (/usr/lib/x86_64-linux-gnu/libxcb.so.1+0xde2b) Change-Id: Ia5024602d3aacb924b5dcd3956672da2a8f10feb Reviewed-by: Friedemann Kleint <[email protected]>
deemru
pushed a commit
that referenced
this pull request
Aug 2, 2018
disableNotifiersInActivatedSlot(disable_signaled2) fails, if a signaled state of the event #2 is detected prior to the event #1. In this case, we get a timeout on waiting for event #1 which was disabled by the first notification. So, accept a disabled state of the notifier in condition for successful exit from the loop. Change-Id: I8a2fe76f8ec9362556d1ca1fe0be39a93ed58977 Reviewed-by: Joerg Bornemann <[email protected]>
deemru
pushed a commit
that referenced
this pull request
Apr 9, 2020
oss-fuzz found at least width is sometimes not initialized, and we're initializing almost all of them in most cases so be complete. the oss-fuzz instance was ==1==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x667c43 in operator!= /src/qtbase/src/corelib/tools/qsize.h:173:25 #1 0x667c43 in setup_qt /src/qtbase/src/gui/image/qpnghandler.cpp:403 Change-Id: Idb9aaf5ab85509d9c893beaf8d9118339ba46be7 Reviewed-by: Allan Sandfeld Jensen <[email protected]>
deemru
pushed a commit
that referenced
this pull request
Feb 3, 2023
We can't guarantee that the library didn't define Objective-C classes that still have lingering references, resulting in warnings such as: Attempt to use unknown class 0x10e52e110. And possibly crashes such as: thread #1, queue = 'com.apple.main-thread' frame #0: 0x00007fff203829ee libsystem_kernel.dylib`__ulock_wait + 10 frame #1: 0x00007fff203fa0c5 libsystem_platform.dylib`_os_unfair_lock_lock_slow + 162 frame #2: 0x00007fff2026226b libobjc.A.dylib`unmap_image + 85 frame #3: 0x000000010001e11f dyld`dyld::removeImage(ImageLoader*) + 557 frame #4: 0x000000010002291d dyld`dyld::garbageCollectImages() + 956 frame #5: 0x000000010002e35d dyld`dlclose + 191 frame #6: 0x00007fff203cf1c9 libdyld.dylib`dlclose + 183 frame #7: 0x0000000103f9f2f1 libQt6Core_debug.6.dylib`QLibraryPrivate::unload_sys(this=0x000000011ba2c7d0) at qlibrary_unix.cpp:294:9 frame #8: 0x0000000103f93f3f libQt6Core_debug.6.dylib`QLibraryPrivate::unload(this=0x000000011ba2c7d0, flag=UnloadSys) at qlibrary.cpp:614:36 frame #9: 0x0000000103f971fb libQt6Core_debug.6.dylib`QLibraryStore::cleanup() at qlibrary.cpp:425:22 frame #10: 0x0000000103f970f9 libQt6Core_debug.6.dylib`qlibraryCleanup() at qlibrary.cpp:447:5 frame #11: 0x0000000103f970d1 libQt6Core_debug.6.dylib`(anonymous namespace)::qlibraryCleanup_dtor_class_::~qlibraryCleanup_dtor_class_(this=0x00000001041edd38) at qlibrary.cpp:449:1 frame #12: 0x0000000103f930f5 libQt6Core_debug.6.dylib`(anonymous namespace)::qlibraryCleanup_dtor_class_::~qlibraryCleanup_dtor_class_(this=0x00000001041edd38) at qlibrary.cpp:449:1 frame #13: 0x00007fff202e5d25 libsystem_c.dylib`__cxa_finalize_ranges + 316 frame #14: 0x00007fff202e6010 libsystem_c.dylib`exit + 53 frame qt#15: 0x00007fff203d1f44 libdyld.dylib`start + 8 frame qt#16: 0x00007fff203d1f3d libdyld.dylib`start + 1 thread #5, queue = 'com.apple.root.user-interactive-qos', stop reason = signal SIGABRT frame #0: 0x00007fff203a356e libsystem_kernel.dylib`__abort_with_payload + 10 frame #1: 0x00007fff203a4fbd libsystem_kernel.dylib`abort_with_payload_wrapper_internal + 80 frame #2: 0x00007fff203a4f6d libsystem_kernel.dylib`abort_with_reason + 19 frame #3: 0x00007fff202749e3 libobjc.A.dylib`_objc_fatalv(unsigned long long, unsigned long long, char const*, __va_list_tag*) + 114 frame #4: 0x00007fff20274971 libobjc.A.dylib`_objc_fatal(char const*, ...) + 135 frame #5: 0x00007fff20255ccb libobjc.A.dylib`lookUpImpOrForward + 881 frame #6: 0x00007fff2025539b libobjc.A.dylib`_objc_msgSend_uncached + 75 frame #7: 0x00007fff22f368d6 AppKit`-[_NSWindowTransformAnimation setCurrentProgress:] + 42 frame #8: 0x00007fff22f37a8a AppKit`__55-[NSAnimation(NSInternal) _advanceTimeWithDisplayLink:]_block_invoke + 31 frame #9: 0x00007fff22d0774f AppKit`NSPerformVisuallyAtomicChange + 132 frame #10: 0x00007fff22f379dc AppKit`-[NSAnimation(NSInternal) _advanceTimeWithDisplayLink:] + 172 frame #11: 0x00007fff22e9a184 AppKit`-[NSScreenDisplayLink _fire] + 180 frame #12: 0x00007fff2362f0b4 AppKit`___NSRunLoopTimerCreateWithHandler_block_invoke + 34 frame #13: 0x00007fff204c6be9 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20 frame #14: 0x00007fff204c66dd CoreFoundation`__CFRunLoopDoTimer + 927 frame qt#15: 0x00007fff204c623a CoreFoundation`__CFRunLoopDoTimers + 307 frame qt#16: 0x00007fff204ace13 CoreFoundation`__CFRunLoopRun + 1988 frame qt#17: 0x00007fff204abf8c CoreFoundation`CFRunLoopRunSpecific + 563 frame qt#18: 0x00007fff2123d607 Foundation`-[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212 frame qt#19: 0x00007fff22f378f0 AppKit`-[NSAnimation(NSInternal) _runBlocking] + 453 frame qt#20: 0x00007fff22f376ae AppKit`__42-[NSAnimation(NSInternal) _runInNewThread]_block_invoke + 97 frame qt#21: 0x0000000104edb032 libdispatch.dylib`_dispatch_call_block_and_release + 12 frame qt#22: 0x0000000104edc264 libdispatch.dylib`_dispatch_client_callout + 8 frame qt#23: 0x0000000104ef04ac libdispatch.dylib`_dispatch_root_queue_drain + 828 frame qt#24: 0x0000000104ef0d3f libdispatch.dylib`_dispatch_worker_thread2 + 127 frame qt#25: 0x0000000104f7eac7 libsystem_pthread.dylib`_pthread_wqthread + 244 frame qt#26: 0x0000000104f7dae3 libsystem_pthread.dylib`start_wqthread + 15 This has been e.g. observed when a QNSWindow isn't closed and released at application quit as expected. Although that is a corner case that shouldn't happen, the general case is still valid. Fixes: QTBUG-96208 Change-Id: I6c9d220e6f5389707baf7ae983f3156e8e51c316 Reviewed-by: Timur Pocheptsov <[email protected]> Reviewed-by: Morten Johan Sørvig <[email protected]> (cherry picked from commit b6200de) Reviewed-by: Qt Cherry-pick Bot <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.