4.0 regression: Qt GUI crashes
Exiting the Qt interface on X11 leads to a (stack) use-after-free and crash:
SUMMARY: AddressSanitizer: 178527 byte(s) leaked in 959 allocation(s).
=================================================================
==5683==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7f6b61335e00 at pc 0x7f6b6094b271 bp 0x7f6b579dde00 sp 0x7f6b579dddf8
READ of size 4 at 0x7f6b61335e00 thread T9 (vlc-qt)
#0 0x7f6b6094b270 in remapInputMethodQueryEvent ../../../../modules/gui/qt/maininterface/compositor_x11_uisurface.cpp:200
#1 0x7f6b6094fa0a in vlc::CompositorX11UISurface::eventFilter(QObject*, QEvent*) ../../../../modules/gui/qt/maininterface/compositor_x11_uisurface.cpp:278
#2 0x7f6b5aacc4b2 in QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) (/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2cc4b2) (BuildId: eaf989d675ab5f0e8e9033fa527c9ed018f70370)
#3 0x7f6b5b762f21 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x162f21) (BuildId: 983eca66d9695a1892aa796da4160d8d6f9b9ac4)
#4 0x7f6b5aacc747 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2cc747) (BuildId: eaf989d675ab5f0e8e9033fa527c9ed018f70370)
#5 0x7f6b5af5c4f6 (/lib/x86_64-linux-gnu/libQt5Gui.so.5+0x15c4f6) (BuildId: 00321943ce41fc61215b095b8098dc386f747773)
#6 0x7f6b5af34091 in QGuiApplicationPrivate::_q_updateFocusObject(QObject*) (/lib/x86_64-linux-gnu/libQt5Gui.so.5+0x134091) (BuildId: 00321943ce41fc61215b095b8098dc386f747773)
#7 0x7f6b5af3ba53 in QGuiApplicationPrivate::processActivatedEvent(QWindowSystemInterfacePrivate::ActivatedWindowEvent*) (/lib/x86_64-linux-gnu/libQt5Gui.so.5+0x13ba53) (BuildId: 00321943ce41fc61215b095b8098dc386f747773)
#8 0x7f6b5af131eb in QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) (/lib/x86_64-linux-gnu/libQt5Gui.so.5+0x1131eb) (BuildId: 00321943ce41fc61215b095b8098dc386f747773)
#9 0x7f6b56cb315d (/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5+0x6f15d) (BuildId: 0c57e49b1faf897eb315c858edae3813a6a025ac)
#10 0x7f6b5a5e11f3 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x571f3) (BuildId: 494f1601eab85c409c692018c500f17028ec31c2)
#11 0x7f6b5a5e4316 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x5a316) (BuildId: 494f1601eab85c409c692018c500f17028ec31c2)
#12 0x7f6b5a5e492f in g_main_context_iteration (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x5a92f) (BuildId: 494f1601eab85c409c692018c500f17028ec31c2)
#13 0x7f6b5ab27d49 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (/lib/x86_64-linux-gnu/libQt5Core.so.5+0x327d49) (BuildId: eaf989d675ab5f0e8e9033fa527c9ed018f70370)
#14 0x7f6b5aacb0fa in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2cb0fa) (BuildId: eaf989d675ab5f0e8e9033fa527c9ed018f70370)
#15 0x7f6b5aad38a3 in QCoreApplication::exec() (/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2d38a3) (BuildId: eaf989d675ab5f0e8e9033fa527c9ed018f70370)
#16 0x7f6b5f6b6f20 in Thread ../../../../modules/gui/qt/qt.cpp:910
#17 0x7f6b74c5ae65 in asan_thread_start ../../../../src/libsanitizer/asan/asan_interceptors.cpp:234
#18 0x7f6b72ea645b in start_thread nptl/pthread_create.c:444
#19 0x7f6b72f26bbb in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
0x7f6b61335e00 is located 0 bytes inside of global variable 'C.47' defined in '../../../../modules/gui/qt/maininterface/compositor_x11_uisurface.cpp:200:98' (0x7f6b61335e00) of size 12
SUMMARY: AddressSanitizer: stack-use-after-scope ../../../../modules/gui/qt/maininterface/compositor_x11_uisurface.cpp:200 in remapInputMethodQueryEvent
Shadow bytes around the buggy address:
0x7f6b61335b80: 00 00 04 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
0x7f6b61335c00: 00 00 00 01 f9 f9 f9 f9 00 00 00 00 00 00 00 00
0x7f6b61335c80: 01 f9 f9 f9 f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9
0x7f6b61335d00: 01 f9 f9 f9 f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9
0x7f6b61335d80: 01 f9 f9 f9 f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9
=>0x7f6b61335e00:[f8]f8 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
0x7f6b61335e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7f6b61335f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7f6b61335f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7f6b61336000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7f6b61336080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Thread T9 (vlc-qt) created by T0 here:
#0 0x7f6b74cebaf1 in pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:245
#1 0x7f6b741c5eaa in vlc_clone_attr ../../src/posix/thread.c:180
#2 0x7f6b741c6054 in vlc_clone ../../src/posix/thread.c:191
#3 0x7f6b5f6b2a38 in OpenInternal ../../../../modules/gui/qt/qt.cpp:549
#4 0x7f6b5f6b350d in OpenIntfCommon ../../../../modules/gui/qt/qt.cpp:621
#5 0x7f6b5f6b37f0 in OpenIntf ../../../../modules/gui/qt/qt.cpp:641
#6 0x7f6b73e2aa5a in generic_start ../../src/modules/modules.c:260
#7 0x7f6b73e2a6ab in vlc_module_load ../../src/modules/modules.c:228
#8 0x7f6b73e2ab90 in module_need ../../src/modules/modules.c:271
#9 0x7f6b73e4afb5 in intf_Create ../../src/interface/interface.c:173
#10 0x7f6b73e4bc27 in libvlc_InternalAddIntf ../../src/interface/interface.c:278
#11 0x562ffa837377 in main ../../bin/vlc.c:241
#12 0x7f6b72e456c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
==5683==ABORTING