[vlc-commits] [Git][videolan/vlc][master] qt: compositor_platform: remove event filter on unload

Steve Lhomme (@robUx4) gitlab at videolan.org
Sat Oct 5 09:12:38 UTC 2024 


Steve Lhomme pushed to branch master at VideoLAN / VLC


Commits:
6efacdce by Alexandre Janniaux at 2024-10-05T08:57:28+00:00
qt: compositor_platform: remove event filter on unload

Fixes an heap-use-after-free when quitting the interface with the
compositor platform.

Both address sanitizer and undefined behaviour sanitizer are triggered
here. First address sanitizer:

    ==58899==ERROR: AddressSanitizer: heap-use-after-free on address 0x6020000807f4 at pc 0x00010f3b6454 bp 0x00016ce4f970 sp 0x00016ce4f968
    READ of size 4 at 0x6020000807f4 thread T0
    #0 0x10f3b6450 in QBasicAtomicInteger<int>::loadRelaxed() const qbasicatomic.h:36
    #1 0x10f41c200 in QWeakPointer<QObject>::internalData() const qsharedpointer_impl.h:752
    #2 0x10f8b0e80 in QPointer<QQuickView>::data() const qpointer.h:74
    #3 0x10f8af718 in vlc::CompositorPlatform::eventFilter(QObject*, QEvent*) compositor_platform.cpp:163
    #4 0x1120965e8 in QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*)+0xd0 (QtCore:arm64+0x765e8)
    #5 0x10da73d8c in QApplicationPrivate::notify_helper(QObject*, QEvent*)+0xec (QtWidgets:arm64+0xbd8c)
    #6 0x10da74c14 in QApplication::notify(QObject*, QEvent*)+0x1fc (QtWidgets:arm64+0xcc14)
    #7 0x112096330 in QCoreApplication::notifyInternal2(QObject*, QEvent*)+0xc8 (QtCore:arm64+0x76330)
    #8 0x10e81185c in QGuiApplicationPrivate::processFocusWindowEvent(QWindowSystemInterfacePrivate::FocusWindowEvent*)+0xcc (QtGui:arm64+0x6985c)
    #9 0x10e8610a4 in bool QWindowSystemHelper<QWindowSystemInterface::SynchronousDelivery>::handleEvent<QWindowSystemInterfacePrivate::FocusWindowEvent, QWindow*, Qt::FocusReason>(QWindow*, Qt::FocusReason)+0xcc (QtGui:arm64+0xb90a4)
    #10 0x111e555b8 in QCocoaWindow::windowDidResignKey()+0x3b4 (libqcocoa.dylib:arm64+0x3d5b8)
    #11 0x11209f7cc in QMetaMethodInvoker::invokeImpl(QMetaMethod, void*, Qt::ConnectionType, long long, void const* const*, char const* const*, QtPrivate::QMetaTypeInterface const* const*)+0x26c (QtCore:arm64+0x7f7cc)
    #12 0x1120a3448 in QMetaMethod::invokeImpl(QMetaMethod, void*, Qt::ConnectionType, long long, void const* const*, char const* const*, QtPrivate::QMetaTypeInterface const* const*)+0x38 (QtCore:arm64+0x83448)
    #13 0x111e58b20 in invocation function for block in qRegisterNotificationCallbacks()+0x1fc (libqcocoa.dylib:arm64+0x40b20)
    #14 0x183d5312c in __CFNOTIFICATIONCENTER_IS_CALLING_OUT_TO_AN_OBSERVER__+0x7c (CoreFoundation:arm64e+0x7312c)
    #15 0x183de73d4 in ___CFXRegistrationPost_block_invoke+0x54 (CoreFoundation:arm64e+0x1073d4)
    #16 0x183de731c in _CFXRegistrationPost+0x1b4 (CoreFoundation:arm64e+0x10731c)
    #17 0x183d21674 in _CFXNotificationPost+0x2fc (CoreFoundation:arm64e+0x41674)
    #18 0x184e3e4e0 in -[NSNotificationCenter postNotificationName:object:userInfo:]+0x54 (Foundation:arm64e+0x94e0)
    #19 0x1877176f8 in -[NSWindow resignKeyWindow]+0x27c (AppKit:arm64e+0x1956f8)
    #20 0x18807ae38 in -[NSWindow _orderOut:calculatingKeyWithOptions:documentWindow:]+0xd8 (AppKit:arm64e+0xaf8e38)
    #21 0x1875fe8a0 in NSPerformVisuallyAtomicChange+0x68 (AppKit:arm64e+0x7c8a0)
    #22 0x18807c950 in -[NSWindow _reallyDoOrderWindowOutRelativeTo:]+0x1bc (AppKit:arm64e+0xafa950)
    #23 0x18807cd20 in -[NSWindow _reallyDoOrderWindow:]+0x4c (AppKit:arm64e+0xafad20)
    #24 0x18807cf70 in -[NSWindow _doOrderWindow:]+0x104 (AppKit:arm64e+0xafaf70)
    #25 0x111e516cc in QCocoaWindow::setVisible(bool)+0x534 (libqcocoa.dylib:arm64+0x396cc)
    #26 0x10e854510 in QWindowPrivate::setVisible(bool)+0x1f4 (QtGui:arm64+0xac510)
    #27 0x10e853930 in QWindowPrivate::destroy()+0xc8 (QtGui:arm64+0xab930)
    #28 0x10e85379c in QWindow::~QWindow()+0x38 (QtGui:arm64+0xab79c)
    #29 0x10e853de0 in QWindow::~QWindow()+0x8 (QtGui:arm64+0xabde0)
    #30 0x11004f66c in vlc::CompositorPlatform::~CompositorPlatform() compositor_platform.hpp:32
    #31 0x11004f484 in non-virtual thunk to vlc::CompositorPlatform::~CompositorPlatform() compositor_platform.hpp
    #32 0x10f3b3b68 in ThreadCleanup(qt_intf_t*, CleanupReason) qt.cpp:1103
    #33 0x10f3b1a58 in Thread(void*) qt.cpp:1070
    #34 0x183d5e06c in __CFRUNLOOP_IS_CALLING_OUT_TO_A_BLOCK__+0x18 (CoreFoundation:arm64e+0x7e06c)
    #35 0x183d5df80 in __CFRunLoopDoBlocks+0x160 (CoreFoundation:arm64e+0x7df80)
    #36 0x183d5d410 in __CFRunLoopRun+0x984 (CoreFoundation:arm64e+0x7d410)
    #37 0x183d5c430 in CFRunLoopRunSpecific+0x25c (CoreFoundation:arm64e+0x7c430)
    #38 0x183dda458 in CFRunLoopRun+0x3c (CoreFoundation:arm64e+0xfa458)
    #39 0x102fb307c in main darwinvlc.m:309
    #40 0x1838f60dc  (<unknown module>)

    0x6020000807f4 is located 4 bytes inside of 16-byte region [0x6020000807f0,0x602000080800)
    freed by thread T0 here:
    #0 0x1045502d4 in _ZdlPv+0x74 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x642d4)
    #1 0x10f40d388 in QWeakPointer<QObject>::~QWeakPointer() qsharedpointer_impl.h:578
    #2 0x11004f640 in vlc::CompositorPlatform::~CompositorPlatform() compositor_platform.hpp:32
    #3 0x11004f484 in non-virtual thunk to vlc::CompositorPlatform::~CompositorPlatform() compositor_platform.hpp
    #4 0x10f3b3b68 in ThreadCleanup(qt_intf_t*, CleanupReason) qt.cpp:1103
    #5 0x10f3b1a58 in Thread(void*) qt.cpp:1070
    #6 0x183d5e06c in __CFRUNLOOP_IS_CALLING_OUT_TO_A_BLOCK__+0x18 (CoreFoundation:arm64e+0x7e06c)
    #7 0x183d5df80 in __CFRunLoopDoBlocks+0x160 (CoreFoundation:arm64e+0x7df80)
    #8 0x183d5d410 in __CFRunLoopRun+0x984 (CoreFoundation:arm64e+0x7d410)
    #9 0x183d5c430 in CFRunLoopRunSpecific+0x25c (CoreFoundation:arm64e+0x7c430)
    #10 0x183dda458 in CFRunLoopRun+0x3c (CoreFoundation:arm64e+0xfa458)
    #11 0x102fb307c in main darwinvlc.m:309
    #12 0x1838f60dc  (<unknown module>)

    previously allocated by thread T0 here:
    #0 0x10454fe94 in _Znwm+0x74 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x63e94)
    #1 0x11217fed4 in QtSharedPointer::ExternalRefCountData::getAndRef(QObject const*)+0x1c (QtCore:arm64+0x15fed4)
    #2 0x10f8ae640 in QPointer<QQuickView>::operator=(QQuickView*) qpointer.h:71
    #3 0x10f8ac9c4 in vlc::CompositorPlatform::makeMainInterface(MainCtx*) compositor_platform.cpp:73
    #4 0x10f3b10a8 in Thread(void*) qt.cpp:1005
    #5 0x183d5e06c in __CFRUNLOOP_IS_CALLING_OUT_TO_A_BLOCK__+0x18 (CoreFoundation:arm64e+0x7e06c)
    #6 0x183d5df80 in __CFRunLoopDoBlocks+0x160 (CoreFoundation:arm64e+0x7df80)
    #7 0x183d5d410 in __CFRunLoopRun+0x984 (CoreFoundation:arm64e+0x7d410)
    #8 0x183d5c430 in CFRunLoopRunSpecific+0x25c (CoreFoundation:arm64e+0x7c430)
    #9 0x183dda458 in CFRunLoopRun+0x3c (CoreFoundation:arm64e+0xfa458)
    #10 0x102fb307c in main darwinvlc.m:309
    #11 0x1838f60dc  (<unknown module>)

And ubsan:

    thread #1, name = 'vlc-qt', queue = 'com.apple.main-thread', stop reason = Dynamic type mismatch
    frame #0: 0x00000001015d0a80 libclang_rt.asan_osx_dynamic.dylib`__ubsan_on_report
    frame #1: 0x00000001015d0a5c libclang_rt.asan_osx_dynamic.dylib`__ubsan::UndefinedBehaviorReport::UndefinedBehaviorReport(char const*, __ubsan::Location&, __sanitizer::InternalScopedString&) + 176
    frame #2: 0x00000001015cc5a4 libclang_rt.asan_osx_dynamic.dylib`__ubsan::Diag::~Diag() + 244
    frame #3: 0x00000001015d1228 libclang_rt.asan_osx_dynamic.dylib`HandleDynamicTypeCacheMiss(__ubsan::DynamicTypeCacheMissData*, unsigned long, unsigned long, __ubsan::ReportOptions) + 344
    frame #4: 0x00000001015d10c4 libclang_rt.asan_osx_dynamic.dylib`__ubsan_handle_dynamic_type_cache_miss + 40
    frame #5: 0x000000010c8b15c0 libqt_plugin.dylib`QPointer<QQuickView>::data(this=<unavailable>) const at qpointer.h:74:14 [opt]
    frame #6: 0x000000010c8afd84 libqt_plugin.dylib`vlc::CompositorPlatform::eventFilter(QObject*, QEvent*) [inlined] QPointer<QQuickView>::operator QQuickView*(this=<unavailable>) const at qpointer.h:82:14 [opt]
    frame #7: 0x000000010c8afd7c libqt_plugin.dylib`vlc::CompositorPlatform::eventFilter(this=0x000060e000068e80, watched=0x0000604000133810, event=0x000000016fdfcde8) at compositor_platform.cpp:168:9 [opt]
    frame #8: 0x000000010f0965ec QtCore`QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) + 212
    frame #9: 0x000000010aa73d90 QtWidgets`QApplicationPrivate::notify_helper(QObject*, QEvent*) + 240
    frame #10: 0x000000010aa74c18 QtWidgets`QApplication::notify(QObject*, QEvent*) + 512
    frame #11: 0x000000010f096334 QtCore`QCoreApplication::notifyInternal2(QObject*, QEvent*) + 204
    frame #12: 0x000000010f0cc2dc QtCore`QObjectPrivate::setParent_helper(QObject*) + 216
    frame #13: 0x000000010b853b18 QtGui`QWindow::setParent(QWindow*) + 180
    frame #14: 0x000000010b8537ac QtGui`QWindow::~QWindow() + 72
    frame #15: 0x000000010a48b4fc QtQuick`QQuickWindow::~QQuickWindow() + 728
    frame #16: 0x000000010a485f88 QtQuick`QQuickView::~QQuickView() + 12
    frame #17: 0x000000010c8af444 libqt_plugin.dylib`vlc::CompositorPlatform::unloadGUI(this=0x000060e000068e80) at compositor_platform.cpp:122:5 [opt]
    frame #18: 0x000000010c3b3b7c libqt_plugin.dylib`ThreadCleanup(p_intf=<unavailable>, cleanupReason=<unavailable>) at qt.cpp:1096:35 [opt]
    frame #19: 0x000000010c3b1c10 libqt_plugin.dylib`Thread(obj=<unavailable>) at qt.cpp:1070:12 [opt]
    frame #20: 0x0000000183d5e070 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_BLOCK__ + 28
    frame #21: 0x0000000183d5df84 CoreFoundation`__CFRunLoopDoBlocks + 356
    frame #22: 0x0000000183d5d414 CoreFoundation`__CFRunLoopRun + 2440
    frame #23: 0x0000000183d5c434 CoreFoundation`CFRunLoopRunSpecific + 608
    frame #24: 0x0000000183dda45c CoreFoundation`CFRunLoopRun + 64
    frame #25: 0x0000000100007080 vlc-osx-static`main(i_argc=7, ppsz_argv=0x000000016fdff0c8) at darwinvlc.m:309:9 [opt]
    frame #26: 0x00000001838f60e0 dyld`start + 2360

- - - - -


1 changed file:

- modules/gui/qt/maininterface/compositor_platform.cpp


Changes:

=====================================
modules/gui/qt/maininterface/compositor_platform.cpp
=====================================
@@ -113,6 +113,7 @@ void CompositorPlatform::destroyMainInterface()
 
 void CompositorPlatform::unloadGUI()
 {
+    m_rootWindow->removeEventFilter(this);
     m_interfaceWindowHandler.reset();
     delete m_quickWindow;
     commonGUIDestroy();



View it on GitLab: https://code.videolan.org/videolan/vlc/-/commit/6efacdce54cba4655e2d76976bd82257b90cd9f0

-- 
View it on GitLab: https://code.videolan.org/videolan/vlc/-/commit/6efacdce54cba4655e2d76976bd82257b90cd9f0
You're receiving this email because of your account on code.videolan.org.


VideoLAN code repository instance

More information about the vlc-commits mailing list