Add context object to screenScaleChanged connection

Currently internal window test fails because several internal clients
outlive tests where each one of them was created. Given that the scene
doesn't specify the context object when it creates screenScaleChanged
connection, we may call windowGeometryShapeChanged on a deleted scene
object.

ASAN output:

    =================================================================
    ==23416==ERROR: AddressSanitizer: heap-use-after-free on address 0x60800005ffe0 at pc 0x7fdfb0451c26 bp 0x7fffc32fefb0 sp 0x7fffc32fefa8
    READ of size 8 at 0x60800005ffe0 thread T0
        #0 0x7fdfb0451c25 in QHash<KWin::Toplevel*, KWin::Scene::Window*>::findNode(KWin::Toplevel* const&, unsigned int*) const /usr/include/qt5/QtCore/qhash.h:933
        #1 0x7fdfb044c1eb in QHash<KWin::Toplevel*, KWin::Scene::Window*>::contains(KWin::Toplevel* const&) const /usr/include/qt5/QtCore/qhash.h:908
        #2 0x7fdfb04369c1 in KWin::Scene::windowGeometryShapeChanged(KWin::Toplevel*) /home/jenkins/workspace/Plasma/kwin/kf5-qt5 SUSEQt5.12/scene.cpp:440
        #3 0x7fdfb045c017 in void std::__invoke_impl<void, void (KWin::Scene::*&)(KWin::Toplevel*), KWin::Scene*&, KWin::Toplevel*&>(std::__invoke_memfun_deref, void (KWin::Scene::*&)(KWin::Toplevel*), KWin::Scene*&, KWin::Toplevel*&) /usr/include/c++/9/bits/invoke.h:73
        #4 0x7fdfb045ba9c in std::__invoke_result<void (KWin::Scene::*&)(KWin::Toplevel*), KWin::Scene*&, KWin::Toplevel*&>::type std::__invoke<void (KWin::Scene::*&)(KWin::Toplevel*), KWin::Scene*&, KWin::Toplevel*&>(void (KWin::Scene::*&)(KWin::Toplevel*), KWin::Scene*&, KWin::Toplevel*&) /usr/include/c++/9/bits/invoke.h:95
        #5 0x7fdfb045bc84 in void std::_Bind<void (KWin::Scene::*(KWin::Scene*, KWin::Toplevel*))(KWin::Toplevel*)>::__call<void, , 0ul, 1ul>(std::tuple<>&&, std::_Index_tuple<0ul, 1ul>) /usr/include/c++/9/functional:400
        #6 0x7fdfb045b7c0 in void std::_Bind<void (KWin::Scene::*(KWin::Scene*, KWin::Toplevel*))(KWin::Toplevel*)>::operator()<, void>() /usr/include/c++/9/functional:484
        #7 0x7fdfb045b3c2 in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, std::_Bind<void (KWin::Scene::*(KWin::Scene*, KWin::Toplevel*))(KWin::Toplevel*)> >::call(std::_Bind<void (KWin::Scene::*(KWin::Scene*, KWin::Toplevel*))(KWin::Toplevel*)>&, void**) /usr/include/qt5/QtCore/qobjectdefs_impl.h:146
        #8 0x7fdfb045abd4 in void QtPrivate::Functor<std::_Bind<void (KWin::Scene::*(KWin::Scene*, KWin::Toplevel*))(KWin::Toplevel*)>, 0>::call<QtPrivate::List<>, void>(std::_Bind<void (KWin::Scene::*(KWin::Scene*, KWin::Toplevel*))(KWin::Toplevel*)>&, void*, void**) /usr/include/qt5/QtCore/qobjectdefs_impl.h:256
        #9 0x7fdfb045a5b6 in QtPrivate::QFunctorSlotObject<std::_Bind<void (KWin::Scene::*(KWin::Scene*, KWin::Toplevel*))(KWin::Toplevel*)>, 0, QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) /usr/include/qt5/QtCore/qobjectdefs_impl.h:439
        #10 0x7fdfa5794137 in QMetaObject::activate(QObject*, int, int, void**) (/usr/lib64/libQt5Core.so.5+0x2b3137)
        #11 0x7fdfafeea2ca in KWin::Toplevel::screenScaleChanged() /home/jenkins/workspace/Plasma/kwin/kf5-qt5 SUSEQt5.12/build/kwin_autogen/EWIEGA46WW/moc_toplevel.cpp:834
        #12 0x7fdfb0425712 in KWin::Toplevel::checkScreen() /home/jenkins/workspace/Plasma/kwin/kf5-qt5 SUSEQt5.12/toplevel.cpp:538
        #13 0x7fdfafee3221 in KWin::Toplevel::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/jenkins/workspace/Plasma/kwin/kf5-qt5 SUSEQt5.12/build/kwin_autogen/EWIEGA46WW/moc_toplevel.cpp:371
        #14 0x7fdfa5793fd7 in QMetaObject::activate(QObject*, int, int, void**) (/usr/lib64/libQt5Core.so.5+0x2b2fd7)
        #15 0x7fdfafedefca in KWin::Screens::changed() /home/jenkins/workspace/Plasma/kwin/kf5-qt5 SUSEQt5.12/build/kwin_autogen/EWIEGA46WW/moc_screens.cpp:276
        #16 0x7fdf9a199281 in operator() /home/jenkins/workspace/Plasma/kwin/kf5-qt5 SUSEQt5.12/plugins/platforms/virtual/screens_virtual.cpp:45
        #17 0x7fdf9a199c7b in call /usr/include/qt5/QtCore/qobjectdefs_impl.h:146
        #18 0x7fdf9a199b50 in call<QtPrivate::List<bool>, void> /usr/include/qt5/QtCore/qobjectdefs_impl.h:256
        #19 0x7fdf9a199afc in impl /usr/include/qt5/QtCore/qobjectdefs_impl.h:439
        #20 0x7fdfa5794137 in QMetaObject::activate(QObject*, int, int, void**) (/usr/lib64/libQt5Core.so.5+0x2b3137)
        #21 0x7fdf9a17a37b in KWin::VirtualBackend::virtualOutputsSet(bool) /home/jenkins/workspace/Plasma/kwin/kf5-qt5 SUSEQt5.12/build/plugins/platforms/virtual/KWinWaylandVirtualBackend_autogen/EWIEGA46WW/moc_virtual_backend.cpp:177
        #22 0x7fdf9a18c476 in KWin::VirtualBackend::setVirtualOutputs(int, QVector<QRect>, QVector<int>) /home/jenkins/workspace/Plasma/kwin/kf5-qt5 SUSEQt5.12/plugins/platforms/virtual/virtual_backend.cpp:141
        #23 0x7fdf9a1794e2 in KWin::VirtualBackend::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/jenkins/workspace/Plasma/kwin/kf5-qt5 SUSEQt5.12/build/plugins/platforms/virtual/KWinWaylandVirtualBackend_autogen/EWIEGA46WW/moc_virtual_backend.cpp:94
        #24 0x7fdfa577794a in QMetaMethod::invoke(QObject*, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) const (/usr/lib64/libQt5Core.so.5+0x29694a)
        #25 0x7fdfa57790d1 in QMetaObject::invokeMethod(QObject*, char const*, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) (/usr/lib64/libQt5Core.so.5+0x2980d1)
        #26 0x45a3e0 in QMetaObject::invokeMethod(QObject*, char const*, Qt::ConnectionType, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) /usr/include/qt5/QtCore/qobjectdefs.h:444
        #27 0x44bf37 in KWin::InternalWindowTest::testScale() /home/jenkins/workspace/Plasma/kwin/kf5-qt5 SUSEQt5.12/autotests/integration/internal_window.cpp:693
        #28 0x4562ec in KWin::InternalWindowTest::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/jenkins/workspace/Plasma/kwin/kf5-qt5 SUSEQt5.12/build/autotests/integration/testInternalWindow_autogen/include/internal_window.moc:169
        #29 0x7fdfa577794a in QMetaMethod::invoke(QObject*, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) const (/usr/lib64/libQt5Core.so.5+0x29694a)
        #30 0x7fdfaf047962  (/usr/lib64/libQt5Test.so.5+0x19962)
        #31 0x7fdfaf048352  (/usr/lib64/libQt5Test.so.5+0x1a352)
        #32 0x7fdfaf048910  (/usr/lib64/libQt5Test.so.5+0x1a910)
        #33 0x7fdfaf048cda in QTest::qRun() (/usr/lib64/libQt5Test.so.5+0x1acda)
        #34 0x7fdfaf048edb in QTest::qExec(QObject*, int, char**) (/usr/lib64/libQt5Test.so.5+0x1aedb)
        #35 0x455d7b in main /home/jenkins/workspace/Plasma/kwin/kf5-qt5 SUSEQt5.12/autotests/integration/internal_window.cpp:807
        #36 0x7fdfa5002bca in __libc_start_main (/lib64/libc.so.6+0x26bca)
        #37 0x415029 in _start (/home/jenkins/workspace/Plasma/kwin/kf5-qt5 SUSEQt5.12/build/bin/testInternalWindow+0x415029)

    0x60800005ffe0 is located 64 bytes inside of 96-byte region [0x60800005ffa0,0x608000060000)
    freed by thread T0 here:
        #0 0x7fdfb2042595 in operator delete(void*, unsigned long) (/usr/lib64/libasan.so.5+0x10d595)
        #1 0x7fdf98774c4e in KWin::SceneQPainter::~SceneQPainter() /home/jenkins/workspace/Plasma/kwin/kf5-qt5 SUSEQt5.12/plugins/scenes/qpainter/scene_qpainter.cpp:70
        #2 0x7fdfb03fef41 in KWin::Compositor::stop() /home/jenkins/workspace/Plasma/kwin/kf5-qt5 SUSEQt5.12/composite.cpp:451
        #3 0x7fdfb03fffe6 in KWin::Compositor::reinitialize() /home/jenkins/workspace/Plasma/kwin/kf5-qt5 SUSEQt5.12/composite.cpp:527
        #4 0x7fdfb03ffe2f in KWin::Compositor::configChanged() /home/jenkins/workspace/Plasma/kwin/kf5-qt5 SUSEQt5.12/composite.cpp:517
        #5 0x7fdfaffaf481 in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (KWin::Compositor::*)()>::call(void (KWin::Compositor::*)(), KWin::Compositor*, void**) /usr/include/qt5/QtCore/qobjectdefs_impl.h:152
        #6 0x7fdfaffa4deb in void QtPrivate::FunctionPointer<void (KWin::Compositor::*)()>::call<QtPrivate::List<>, void>(void (KWin::Compositor::*)(), KWin::Compositor*, void**) /usr/include/qt5/QtCore/qobjectdefs_impl.h:185
        #7 0x7fdfaff9c765 in QtPrivate::QSlotObject<void (KWin::Compositor::*)(), QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) /usr/include/qt5/QtCore/qobjectdefs_impl.h:414
        #8 0x7fdfa5794137 in QMetaObject::activate(QObject*, int, int, void**) (/usr/lib64/libQt5Core.so.5+0x2b3137)
        #9 0x7fdfafed441e in KWin::Options::configChanged() /home/jenkins/workspace/Plasma/kwin/kf5-qt5 SUSEQt5.12/build/kwin_autogen/EWIEGA46WW/moc_options.cpp:1790
        #10 0x7fdfb02584c6 in KWin::Options::updateSettings() /home/jenkins/workspace/Plasma/kwin/kf5-qt5 SUSEQt5.12/options.cpp:772
        #11 0x7fdfaff461db in KWin::Workspace::slotReconfigure() /home/jenkins/workspace/Plasma/kwin/kf5-qt5 SUSEQt5.12/workspace.cpp:897
        #12 0x446f67 in KWin::InternalWindowTest::testModifierClickUnrestrictedMove() /home/jenkins/workspace/Plasma/kwin/kf5-qt5 SUSEQt5.12/autotests/integration/internal_window.cpp:620
        #13 0x45624d in KWin::InternalWindowTest::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/jenkins/workspace/Plasma/kwin/kf5-qt5 SUSEQt5.12/build/autotests/integration/testInternalWindow_autogen/include/internal_window.moc:166
        #14 0x7fdfa577794a in QMetaMethod::invoke(QObject*, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) const (/usr/lib64/libQt5Core.so.5+0x29694a)
        #15 0x7fdfaf047962  (/usr/lib64/libQt5Test.so.5+0x19962)
        #16 0x7fdfaf048352  (/usr/lib64/libQt5Test.so.5+0x1a352)

    previously allocated by thread T0 here:
        #0 0x7fdfb204110f in operator new(unsigned long) (/usr/lib64/libasan.so.5+0x10c10f)
        #1 0x7fdf98774992 in KWin::SceneQPainter::createScene(QObject*) /home/jenkins/workspace/Plasma/kwin/kf5-qt5 SUSEQt5.12/plugins/scenes/qpainter/scene_qpainter.cpp:58
        #2 0x7fdf9878db95 in KWin::QPainterFactory::create(QObject*) const /home/jenkins/workspace/Plasma/kwin/kf5-qt5 SUSEQt5.12/plugins/scenes/qpainter/scene_qpainter.cpp:870
        #3 0x7fdfb03f9488 in KWin::Compositor::setupStart() /home/jenkins/workspace/Plasma/kwin/kf5-qt5 SUSEQt5.12/composite.cpp:238
        #4 0x7fdfb0404ca4 in KWin::WaylandCompositor::start() /home/jenkins/workspace/Plasma/kwin/kf5-qt5 SUSEQt5.12/composite.cpp:862
        #5 0x7fdfaffaf481 in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (KWin::Compositor::*)()>::call(void (KWin::Compositor::*)(), KWin::Compositor*, void**) /usr/include/qt5/QtCore/qobjectdefs_impl.h:152
        #6 0x7fdfaffa4deb in void QtPrivate::FunctionPointer<void (KWin::Compositor::*)()>::call<QtPrivate::List<>, void>(void (KWin::Compositor::*)(), KWin::Compositor*, void**) /usr/include/qt5/QtCore/qobjectdefs_impl.h:185
        #7 0x7fdfaff9c765 in QtPrivate::QSlotObject<void (KWin::Compositor::*)(), QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) /usr/include/qt5/QtCore/qobjectdefs_impl.h:414
        #8 0x7fdfa57a0df1  (/usr/lib64/libQt5Core.so.5+0x2bfdf1)

    SUMMARY: AddressSanitizer: heap-use-after-free /usr/include/qt5/QtCore/qhash.h:933 in QHash<KWin::Toplevel*, KWin::Scene::Window*>::findNode(KWin::Toplevel* const&, unsigned int*) const
    Shadow bytes around the buggy address:
      0x0c1080003fa0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa
      0x0c1080003fb0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa
      0x0c1080003fc0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa
      0x0c1080003fd0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa
      0x0c1080003fe0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa
    =>0x0c1080003ff0: fa fa fa fa fd fd fd fd fd fd fd fd[fd]fd fd fd
      0x0c1080004000: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
      0x0c1080004010: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 05 fa
      0x0c1080004020: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
      0x0c1080004030: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 04
      0x0c1080004040: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 01
    Shadow byte legend (one shadow byte represents 8 application bytes):
      Addressable:           00
      Partially addressable: 01 02 03 04 05 06 07
      Heap left redzone:       fa
      Freed heap region:       fd
      Stack left redzone:      f1
      Stack mid redzone:       f2
      Stack right redzone:     f3
      Stack after return:      f5
      Stack use after scope:   f8
      Global redzone:          f9
      Global init order:       f6
      Poisoned by user:        f7
      Container overflow:      fc
      Array cookie:            ac
      Intra object redzone:    bb
      ASan internal:           fe
      Left alloca redzone:     ca
      Right alloca redzone:    cb
      Shadow gap:              cc
    ==23416==ABORTING
    (EE) failed to read Wayland events: Connection reset by peer

This commit is contained in:

Vlad Zagorodniy

2019-09-10 14:37:22 +03:00

parent 45c93c6cae

commit bc7f41bdbf

1 changed files with 5 additions and 1 deletions

									
										6

scene.cpp
									
										View file
										
				@ -401,7 +401,11 @@ void Scene::addToplevel(Toplevel *c)

				    if (c->surface()) {

				        connect(c->surface(), &KWayland::Server::SurfaceInterface::scaleChanged, this, std::bind(&Scene::windowGeometryShapeChanged, this, c));

				    }

				    connect(c, &Toplevel::screenScaleChanged, std::bind(&Scene::windowGeometryShapeChanged, this, c));

				    connect(c, &Toplevel::screenScaleChanged, this,

				        [this, c] {

				            windowGeometryShapeChanged(c);

				        }

				    );

				    c->effectWindow()->setSceneWindow(w);

				    c->getShadow();

				    w->updateShadow(c->shadow());

Add context object to screenScaleChanged connection

6 scene.cpp Unescape Escape View file

6

scene.cpp

View file