ninjabuilder: Fix crash inside ~NinjaJob
4cca98271719
Actions

Authored by kfunk on Mar 19 2017, 8:27 PM.
Description

ninjabuilder: Fix crash inside ~NinjaJob
ASAN trace:
==18954==ERROR: AddressSanitizer: heap-use-after-free on address 0x60400158d2d0 at pc 0x7f64eeb43def bp 0x7ffea8fcda00 sp 0x7ffea8fcd9f8
READ of size 4 at 0x60400158d2d0 thread T0
    #0 0x7f64eeb43dee in QModelIndex::row() const /usr/include/x86_64-linux-gnu/qt5/QtCore/qabstractitemmodel.h:54:69
    #1 0x7f64eeb3bb50 in KDevelop::ProjectModel::itemFromIndex(QModelIndex const&) const /home/kfunk/devel/src/kf5/kdevplatform-stable/project/projectmodel.cpp:969:15
    #2 0x7f64c1782881 in NinjaJob::item() const /home/kfunk/devel/src/kf5/kdevelop-stable/projectbuilders/ninjabuilder/ninjajob.cpp:228:74
    #3 0x7f64c1781966 in NinjaJob::emitProjectBuilderSignal(KJob*) /home/kfunk/devel/src/kf5/kdevelop-stable/projectbuilders/ninjabuilder/ninjajob.cpp:183:37
    #4 0x7f64c178b696 in QtPrivate::FunctorCall<QtPrivate::IndexesList<0>, QtPrivate::List<KJob*>, void, void (NinjaJob::*)(KJob*)>::call(void (NinjaJob::*)(KJob*), NinjaJob*, void**) /usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:501:13
    #5 0x7f64c178b361 in void QtPrivate::FunctionPointer<void (NinjaJob::*)(KJob*)>::call<QtPrivate::List<KJob*>, void>(void (NinjaJob::*)(KJob*), NinjaJob*, void**) /usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:520:13
    #6 0x7f64c178af06 in QtPrivate::QSlotObject<void (NinjaJob::*)(KJob*), QtPrivate::List<KJob*>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) /usr/include/x86_64-linux-gnu/qt5/QtCore/qobject_impl.h:143:17
    #7 0x7f64f2fc4beb in QMetaObject::activate(QObject*, int, int, void**) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b2beb)
    #8 0x7f64f3e3a24e in KJob::finished(KJob*, KJob::QPrivateSignal) (/usr/lib/x86_64-linux-gnu/libKF5CoreAddons.so.5+0x3c24e)
    #9 0x7f64f3e3b78d in KJob::~KJob() (/usr/lib/x86_64-linux-gnu/libKF5CoreAddons.so.5+0x3d78d)
    #10 0x7f64f77e95e5 in KDevelop::OutputJob::~OutputJob() /home/kfunk/devel/src/kf5/kdevplatform-stable/outputview/outputjob.h:37:37
    #11 0x7f64f77dff28 in KDevelop::OutputExecuteJob::~OutputExecuteJob() /home/kfunk/devel/src/kf5/kdevplatform-stable/outputview/outputexecutejob.cpp:107:1
    #12 0x7f64c17a4e39 in NinjaJob::~NinjaJob() /home/kfunk/devel/build/kf5/kdevelop-stable/projectbuilders/ninjabuilder/kdevninja_automoc.dir/../../../../../../src/kf5/kdevelop-stable/projectbuilders/ninjabuilder/ninjajob.h:36:7
    #13 0x7f64c17a4e58 in NinjaJob::~NinjaJob() /home/kfunk/devel/build/kf5/kdevelop-stable/projectbuilders/ninjabuilder/kdevninja_automoc.dir/../../../../../../src/kf5/kdevelop-stable/projectbuilders/ninjabuilder/ninjajob.h:36:7
    #14 0x7f64f2fc3050 in QObjectPrivate::deleteChildren() (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b1050)
    #15 0x7f64f2fcc27e in QObject::~QObject() (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2ba27e)
    #16 0x7f64f771393f in KDevelop::ExecuteCompositeJob::~ExecuteCompositeJob() /home/kfunk/devel/src/kf5/kdevplatform-stable/util/executecompositejob.cpp:56:1
    #17 0x7f64eeb78d85 in KDevelop::BuilderJob::~BuilderJob() /home/kfunk/devel/src/kf5/kdevplatform-stable/project/builderjob.cpp:158:1
    #18 0x7f64eeb78da8 in KDevelop::BuilderJob::~BuilderJob() /home/kfunk/devel/src/kf5/kdevplatform-stable/project/builderjob.cpp:156:1
    #19 0x7f64f2fc56cf in QObject::event(QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b36cf)
    #20 0x7f64f38d28ab in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x15c8ab)
    #21 0x7f64f38d7d4e in QApplication::notify(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x161d4e)
    #22 0x7f64f2f973af in QCoreApplication::notifyInternal2(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2853af)
    #23 0x7f64f2f9933b in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x28733b)
    #24 0x7f64f2fed082  (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2db082)
    #25 0x7f64e91db7d6 in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4a7d6)
    #26 0x7f64e91dba3f  (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4aa3f)
    #27 0x7f64e91dbaeb in g_main_context_iteration (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4aaeb)
    #28 0x7f64f2fed48e in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2db48e)
    #29 0x7f64f2f950f9 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2830f9)
    #30 0x7f64f2f9d90b in QCoreApplication::exec() (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x28b90b)
    #31 0x51b63b in main /home/kfunk/devel/src/kf5/kdevelop-stable/app/main.cpp:763:12
    #32 0x7f64f1a993f0 in __libc_start_main /build/glibc-jxM2Ev/glibc-2.24/csu/../csu/libc-start.c:291
    #33 0x4232d9 in _start (/home/kfunk/devel/install/kf5-stable/bin/kdevelop+0x4232d9)

0x60400158d2d0 is located 0 bytes inside of 40-byte region [0x60400158d2d0,0x60400158d2f8)
freed by thread T0 here:
    #0 0x50b480 in operator delete(void*, unsigned long) (/home/kfunk/devel/install/kf5-stable/bin/kdevelop+0x50b480)
    #1 0x7f64c17a4e2d in NinjaJob::~NinjaJob() /home/kfunk/devel/build/kf5/kdevelop-stable/projectbuilders/ninjabuilder/kdevninja_automoc.dir/../../../../../../src/kf5/kdevelop-stable/projectbuilders/ninjabuilder/ninjajob.h:36:7
    #2 0x7f64c17a4e58 in NinjaJob::~NinjaJob() /home/kfunk/devel/build/kf5/kdevelop-stable/projectbuilders/ninjabuilder/kdevninja_automoc.dir/../../../../../../src/kf5/kdevelop-stable/projectbuilders/ninjabuilder/ninjajob.h:36:7
    #3 0x7f64f2fc3050 in QObjectPrivate::deleteChildren() (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b1050)

previously allocated by thread T0 here:
    #0 0x50a780 in operator new(unsigned long) (/home/kfunk/devel/install/kf5-stable/bin/kdevelop+0x50a780)
    #1 0x7f64f2f39de1  (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x227de1)
    #2 0x7f64c178e17e in NinjaBuilder::runNinja(KDevelop::ProjectBaseItem*, NinjaJob::CommandType, QStringList const&, QByteArray const&) /home/kfunk/devel/src/kf5/kdevelop-stable/projectbuilders/ninjabuilder/ninjabuilder.cpp:139:25
    #3 0x7f64c178e426 in NinjaBuilder::build(KDevelop::ProjectBaseItem*) /home/kfunk/devel/src/kf5/kdevelop-stable/projectbuilders/ninjabuilder/ninjabuilder.cpp:146:12
    #4 0x7f64c178ed0b in non-virtual thunk to NinjaBuilder::build(KDevelop::ProjectBaseItem*) /home/kfunk/devel/src/kf5/kdevelop-stable/projectbuilders/ninjabuilder/ninjabuilder.cpp:144:21
    #5 0x7f64c17cc50d in CMakeBuilder::build(KDevelop::ProjectBaseItem*) /home/kfunk/devel/src/kf5/kdevelop-stable/projectbuilders/cmakebuilder/cmakebuilder.cpp:135:30
    #6 0x7f64c17cd1bb in non-virtual thunk to CMakeBuilder::build(KDevelop::ProjectBaseItem*) /home/kfunk/devel/src/kf5/kdevelop-stable/projectbuilders/cmakebuilder/cmakebuilder.cpp:110:21
    #7 0x7f64eeb77adc in KDevelop::BuilderJobPrivate::addJob(KDevelop::BuilderJob::BuildType, KDevelop::ProjectBaseItem*) /home/kfunk/devel/src/kf5/kdevplatform-stable/project/builderjob.cpp:123:67
    #8 0x7f64eeb7905b in KDevelop::BuilderJob::addItems(KDevelop::BuilderJob::BuildType, QList<KDevelop::ProjectBaseItem*> const&) /home/kfunk/devel/src/kf5/kdevplatform-stable/project/builderjob.cpp:164:12
    #9 0x7f64caa9d5ea in ProjectManagerViewPlugin::runBuilderJob(KDevelop::BuilderJob::BuildType, QList<KDevelop::ProjectBaseItem*>) /home/kfunk/devel/src/kf5/kdevplatform-stable/plugins/projectmanagerview/projectmanagerviewplugin.cpp:397:14
    #10 0x7f64caa91e41 in ProjectManagerViewPlugin::buildProjectItems() /home/kfunk/devel/src/kf5/kdevplatform-stable/plugins/projectmanagerview/projectmanagerviewplugin.cpp:425:5
    #11 0x7f64caab03cb in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (ProjectManagerViewPlugin::*)()>::call(void (ProjectManagerViewPlugin::*)(), ProjectManagerViewPlugin*, void**) /usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:501:13
    #12 0x7f64caab0111 in void QtPrivate::FunctionPointer<void (ProjectManagerViewPlugin::*)()>::call<QtPrivate::List<>, void>(void (ProjectManagerViewPlugin::*)(), ProjectManagerViewPlugin*, void**) /usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:520:13
    #13 0x7f64caaafcb6 in QtPrivate::QSlotObject<void (ProjectManagerViewPlugin::*)(), QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) /usr/include/x86_64-linux-gnu/qt5/QtCore/qobject_impl.h:143:17
    #14 0x7f64f2fc4beb in QMetaObject::activate(QObject*, int, int, void**) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b2beb)
    #15 0x7f64f38c9301 in QAction::triggered(bool) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x153301)

SUMMARY: AddressSanitizer: heap-use-after-free /usr/include/x86_64-linux-gnu/qt5/QtCore/qabstractitemmodel.h:54:69 in QModelIndex::row() const
Details

Committed
kfunk
Mar 19 2017, 8:27 PM
Parents
R32:056932ba0285: test_files: Skip test.cl when mimetype unknown
Branches
Unknown
Tags
Unknown
kfunk committed R32:4cca98271719: ninjabuilder: Fix crash inside ~NinjaJob (authored by kfunk).Mar 19 2017, 8:27 PM
Changes (2)

				Path	Packages
	M			projectbuilders/ninjabuilder/ninjajob.cpp
	M			projectbuilders/ninjabuilder/ninjajob.h
ninjabuilder: Fix crash inside ~NinjaJob4cca98271719Actions

Description

Details

Changes (2)

R32:4cca98271719

projectbuilders/ninjabuilder/ninjajob.cpp

projectbuilders/ninjabuilder/ninjajob.h

ninjabuilder: Fix crash inside ~NinjaJob
4cca98271719
Actions
