• Gleb Popov's avatar
    Workaround the bug found by ASan, which can be seen on FreeBSD CI. · af569639
    Gleb Popov authored
    Summary:
    Currently many tests fail (at least on FreeBSD) with ASan turned on. This is what happening:
    
    - `test_toolviewtoolbar` creates an action, a `ToolDocument` and a `View` in the `init()` function.
    - `ToolViewAction` registers itself as event filter for the created `View`.
    - When `cleanup` is called, the controller gets deleted. This causes removal of its children (`QObject::deleteChildren()`), included the mentioned `View`.
    - Somewhere later during destruction, some `QEvent` arrives and gets passed to `ToolViewAction::eventFilter()`. This function accesses `->widget()` method of `m_dock->view()`, but that `View` is already deleted, which causes ASan error.
    
    Note that adding `removeEventFilter()` to `ToolViewAction::~ToolViewAction()` doesn't solve the problem - the event arrival happens before `ToolViewAction` destruction.
    
    Full ASan report:
    
    ```
    ********* Start testing of TestToolViewToolBar *********
    Config: Using QtTest library 5.12.0, Qt 5.12.0 (x86_64-little_endian-lp64 shared (dynamic) release build; by Clang 6.0.1 (tags/RELEASE_601/final 335540))
    PASS   : TestToolViewToolBar::initTestCase()
    =================================================================
    ==21936==ERROR: AddressSanitizer: heap-use-after-free on address 0x6030000958a0 at pc 0x000800465e5a bp 0x7fffffffd230 sp 0x7fffffffd228
    READ of size 8 at 0x6030000958a0 thread T0
        #0 0x800465e59 in QScopedPointer<Sublime::ViewPrivate, QScopedPointerDeleter<Sublime::ViewPrivate> >::operator->() const /usr/local/include/qt5/QtCore/qscopedpointer.h:118:16
        #1 0x80046352f in Sublime::View::widget(QWidget*) /home/arr/projects/kdevelop/kdevplatform/sublime/view.cpp:76:10
        #2 0x800498c53 in ToolViewAction::eventFilter(QObject*, QEvent*) /home/arr/projects/kdevelop/kdevplatform/sublime/idealbuttonbarwidget.cpp:85:40
        #3 0x802027193 in QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) (/usr/local/lib/qt5/libQt5Core.so.5+0x427193)
        #4 0x80127decb in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/usr/local/lib/qt5/libQt5Widgets.so.5+0x27decb)
        #5 0x80127f27c in QApplication::notify(QObject*, QEvent*) (/usr/local/lib/qt5/libQt5Widgets.so.5+0x27f27c)
        #6 0x802026ef0 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (/usr/local/lib/qt5/libQt5Core.so.5+0x426ef0)
        #7 0x802051020 in QObjectPrivate::setParent_helper(QObject*) (/usr/local/lib/qt5/libQt5Core.so.5+0x451020)
        #8 0x802050c11 in QObject::~QObject() (/usr/local/lib/qt5/libQt5Core.so.5+0x450c11)
        #9 0x801e4762e in QAbstractAnimation::~QAbstractAnimation() (/usr/local/lib/qt5/libQt5Core.so.5+0x24762e)
        #10 0x801e4cfa4 in QPropertyAnimation::~QPropertyAnimation() (/usr/local/lib/qt5/libQt5Core.so.5+0x24cfa4)
        #11 0x802051461 in QObject::event(QEvent*) (/usr/local/lib/qt5/libQt5Core.so.5+0x451461)
        #12 0x80127dee0 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/usr/local/lib/qt5/libQt5Widgets.so.5+0x27dee0)
        #13 0x80127f27c in QApplication::notify(QObject*, QEvent*) (/usr/local/lib/qt5/libQt5Widgets.so.5+0x27f27c)
        #14 0x802026ef0 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (/usr/local/lib/qt5/libQt5Core.so.5+0x426ef0)
        #15 0x802027db8 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (/usr/local/lib/qt5/libQt5Core.so.5+0x427db8)
        #16 0x800323331  (/usr/local/lib/qt5/libQt5Test.so.5+0x1e331)
        #17 0x800323bee  (/usr/local/lib/qt5/libQt5Test.so.5+0x1ebee)
        #18 0x800324988  (/usr/local/lib/qt5/libQt5Test.so.5+0x1f988)
        #19 0x80032517b in QTest::qRun() (/usr/local/lib/qt5/libQt5Test.so.5+0x2017b)
        #20 0x800324ef3 in QTest::qExec(QObject*, int, char**) (/usr/local/lib/qt5/libQt5Test.so.5+0x1fef3)
        #21 0x2b97fb in main /home/arr/projects/kdevelop/kdevplatform/sublime/tests/test_toolviewtoolbar.cpp:144:1
    
    0x6030000958a0 is located 16 bytes inside of 24-byte region [0x603000095890,0x6030000958a8)
    freed by thread T0 here:
        #0 0x2b51f2 in operator delete(void*) /usr/src/contrib/compiler-rt/lib/asan/asan_new_delete.cc:149:3
        #1 0x800463371 in Sublime::View::~View() /home/arr/projects/kdevelop/kdevplatform/sublime/view.cpp:61:1
        #2 0x802050de9 in QObjectPrivate::deleteChildren() (/usr/local/lib/qt5/libQt5Core.so.5+0x450de9)
        #3 0x802050bf0 in QObject::~QObject() (/usr/local/lib/qt5/libQt5Core.so.5+0x450bf0)
        #4 0x80041a3be in Sublime::Document::~Document() /home/arr/projects/kdevelop/kdevplatform/sublime/document.cpp:73:21
        #5 0x8004626de in Sublime::ToolDocument::~ToolDocument() /home/arr/projects/kdevelop/kdevplatform/sublime/tooldocument.cpp:48:29
        #6 0x800462708 in Sublime::ToolDocument::~ToolDocument() /home/arr/projects/kdevelop/kdevplatform/sublime/tooldocument.cpp:48:29
        #7 0x802050de9 in QObjectPrivate::deleteChildren() (/usr/local/lib/qt5/libQt5Core.so.5+0x450de9)
        #8 0x802050bf0 in QObject::~QObject() (/usr/local/lib/qt5/libQt5Core.so.5+0x450bf0)
        #9 0x800405d9a in Sublime::Controller::~Controller() /home/arr/projects/kdevelop/kdevplatform/sublime/controller.cpp:113:1
        #10 0x800405dc8 in Sublime::Controller::~Controller() /home/arr/projects/kdevelop/kdevplatform/sublime/controller.cpp:111:1
        #11 0x2b82af in TestToolViewToolBar::cleanup() /home/arr/projects/kdevelop/kdevplatform/sublime/tests/test_toolviewtoolbar.cpp:88:5
        #12 0x2bef0c in TestToolViewToolBar::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/arr/projects/kdevelop/build/kdevplatform/sublime/tests/test_toolviewtoolbar_autogen/EWIEGA46WW/moc_test_toolviewtoolbar.cpp:85:21
        #13 0x8020320ce in QMetaMethod::invoke(QObject*, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) const (/usr/local/lib/qt5/libQt5Core.so.5+0x4320ce)
        #14 0x800323318  (/usr/local/lib/qt5/libQt5Test.so.5+0x1e318)
        #15 0x800323bee  (/usr/local/lib/qt5/libQt5Test.so.5+0x1ebee)
        #16 0x800324988  (/usr/local/lib/qt5/libQt5Test.so.5+0x1f988)
        #17 0x80032517b in QTest::qRun() (/usr/local/lib/qt5/libQt5Test.so.5+0x2017b)
        #18 0x800324ef3 in QTest::qExec(QObject*, int, char**) (/usr/local/lib/qt5/libQt5Test.so.5+0x1fef3)
        #19 0x2b97fb in main /home/arr/projects/kdevelop/kdevplatform/sublime/tests/test_toolviewtoolbar.cpp:144:1
    
    previously allocated by thread T0 here:
        #0 0x2b4612 in operator new(unsigned long) /usr/src/contrib/compiler-rt/lib/asan/asan_new_delete.cc:92:3
        #1 0x80041b02e in Sublime::Document::newView(Sublime::Document*) /home/arr/projects/kdevelop/kdevplatform/sublime/document.cpp:117:21
        #2 0x80041a604 in Sublime::Document::createView() /home/arr/projects/kdevelop/kdevplatform/sublime/document.cpp:82:18
        #3 0x2b6eac in TestToolViewToolBar::init() /home/arr/projects/kdevelop/kdevplatform/sublime/tests/test_toolviewtoolbar.cpp:72:22
        #4 0x2beefe in TestToolViewToolBar::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/arr/projects/kdevelop/build/kdevplatform/sublime/tests/test_toolviewtoolbar_autogen/EWIEGA46WW/moc_test_toolviewtoolbar.cpp:84:21
        #5 0x8020320ce in QMetaMethod::invoke(QObject*, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) const (/usr/local/lib/qt5/libQt5Core.so.5+0x4320ce)
        #6 0x80032302d  (/usr/local/lib/qt5/libQt5Test.so.5+0x1e02d)
        #7 0x800323bee  (/usr/local/lib/qt5/libQt5Test.so.5+0x1ebee)
        #8 0x800324988  (/usr/local/lib/qt5/libQt5Test.so.5+0x1f988)
        #9 0x80032517b in QTest::qRun() (/usr/local/lib/qt5/libQt5Test.so.5+0x2017b)
        #10 0x800324ef3 in QTest::qExec(QObject*, int, char**) (/usr/local/lib/qt5/libQt5Test.so.5+0x1fef3)
        #11 0x2b97fb in main /home/arr/projects/kdevelop/kdevplatform/sublime/tests/test_toolviewtoolbar.cpp:144:1
    
    SUMMARY: AddressSanitizer: heap-use-after-free /usr/local/include/qt5/QtCore/qscopedpointer.h:118:16 in QScopedPointer<Sublime::ViewPrivate, QScopedPointerDeleter<Sublime::ViewPrivate> >::operator->() const
    ==21936==ABORTING
    ```
    
    Subscribers: kdevelop-devel, #kdevelop
    
    Tags: #kdevelop
    
    Differential Revision: https://phabricator.kde.org/D18463
    
    (cherry picked from commit fbb955c7)
    af569639
Name
Last commit
Last update
..
cmake/modules Loading commit data...
debugger Loading commit data...
doc/api Loading commit data...
documentation Loading commit data...
interfaces Loading commit data...
language Loading commit data...
outputview Loading commit data...
pics Loading commit data...
project Loading commit data...
serialization Loading commit data...
shell Loading commit data...
sublime Loading commit data...
template Loading commit data...
tests Loading commit data...
util Loading commit data...
vcs Loading commit data...
.kateconfig Loading commit data...
Architecture.dox Loading commit data...
CMakeLists.txt Loading commit data...
COPYING.PLUGINS Loading commit data...
COPYING.SRC Loading commit data...
KDevPlatformConfig.cmake.in Loading commit data...
Mainpage.dox Loading commit data...
Messages.sh Loading commit data...
README.md Loading commit data...
config-kdevplatform.h.cmake Loading commit data...
kdevplatform.categories Loading commit data...
qtcompat_p.h Loading commit data...