Crash when switching between wipe methods
If you apply a wipe composition and switch between the various wipe methods by scrolling the mouse wheel you get a crash. (It doesn't always happen on the first try but if you keep scrolling eventually it happens.)
GDB doesn't give any error but the sanitizer shows this:
++++++++++ RESIZING ITEM: 31 +++++++ = = SET EFFECT PARAM: "luma" = "/home/farid/.local/share/kdenlive/lumas/HD/rectangle15.png" = = SET EFFECT PARAM: "luma" = "/home/farid/.local/share/kdenlive/lumas/HD/rectangle16.png" = = SET EFFECT PARAM: "luma" = "/home/farid/.local/share/kdenlive/lumas/HD/rectangle17.png" = = SET EFFECT PARAM: "luma" = "/home/farid/.local/share/kdenlive/lumas/HD/rectangle18.png" = = SET EFFECT PARAM: "luma" = "/home/farid/.local/share/kdenlive/lumas/HD/rectangle19.png" ================================================================= ==9669==ERROR: AddressSanitizer: heap-use-after-free on address 0x606000c0d5e0 at pc 0x55b6a4703b99 bp 0x7f1d4dcc11c0 sp 0x7f1d4dcc0970 READ of size 2 at 0x606000c0d5e0 thread T130 (RenderThread) #0 0x55b6a4703b98 (/usr/bin/kdenlive+0x636b98) #1 0x7f1db692f5a8 (/usr/lib/libmlt.so.6+0xf5a8) #2 0x7f1db6933a4d (/usr/lib/libmlt.so.6+0x13a4d) #3 0x7f1d87941d10 (/usr/lib/mlt/libmltcore.so+0x17d10) #4 0x7f1db692cae1 (/usr/lib/libmlt.so.6+0xcae1) #5 0x7f1db692cae1 (/usr/lib/libmlt.so.6+0xcae1) #6 0x7f1d86ca0fc4 (/usr/lib/mlt/libmltqt.so+0x1ffc4) #7 0x7f1db692cae1 (/usr/lib/libmlt.so.6+0xcae1) #8 0x7f1db6942eaa (/usr/lib/libmlt.so.6+0x22eaa) #9 0x7f1db692cae1 (/usr/lib/libmlt.so.6+0xcae1) #10 0x7f1db694022b (/usr/lib/libmlt.so.6+0x2022b) #11 0x55b6a5683cdb (/usr/bin/kdenlive+0x15b6cdb) #12 0x7f1db1bfb96b (/usr/lib/libQt5Core.so.5+0xbe96b) #13 0x7f1db17fda9c (/usr/lib/libpthread.so.0+0x7a9c) #14 0x7f1db1709af2 (/usr/lib/libc.so.6+0xfbaf2) 0x606000c0d5e0 is located 0 bytes inside of 59-byte region [0x606000c0d5e0,0x606000c0d61b) freed by thread T0 here: #0 0x55b6a47bd821 (/usr/bin/kdenlive+0x6f0821) #1 0x7f1db692e896 (/usr/lib/libmlt.so.6+0xe896) previously allocated by thread T0 here: #0 0x55b6a4703aa1 (/usr/bin/kdenlive+0x636aa1) #1 0x7f1db692f5a8 (/usr/lib/libmlt.so.6+0xf5a8) Thread T130 (RenderThread) created by T129 here: #0 0x55b6a470e7a2 (/usr/bin/kdenlive+0x6417a2) #1 0x7f1db1bfb2c1 (/usr/lib/libQt5Core.so.5+0xbe2c1) Thread T129 created by T0 here: #0 0x55b6a470e7a2 (/usr/bin/kdenlive+0x6417a2) #1 0x7f1d870d9557 (/usr/lib/mlt/libmltsdl.so+0x3557) SUMMARY: AddressSanitizer: heap-use-after-free (/usr/bin/kdenlive+0x636b98) Shadow bytes around the buggy address: 0x0c0c80179a60: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fd 0x0c0c80179a70: fa fa fa fa fd fd fd fd fd fd fd fa fa fa fa fa 0x0c0c80179a80: 00 00 00 00 00 00 00 fa fa fa fa fa fd fd fd fd 0x0c0c80179a90: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fd 0x0c0c80179aa0: fa fa fa fa fd fd fd fd fd fd fd fa fa fa fa fa =>0x0c0c80179ab0: fa fa fa fa fa fa fa fa fa fa fa fa[fd]fd fd fd 0x0c0c80179ac0: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fa 0x0c0c80179ad0: fa fa fa fa fd fd fd fd fd fd fd fa fa fa fa fa 0x0c0c80179ae0: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa 0x0c0c80179af0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0c80179b00: fa fa fa fa 00 00 00 00 00 00 00 fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==9669==ABORTING