Wireshark-bugs: [Wireshark-bugs] [Bug 11774] New: Crash in Manage Interfaces -> Pipes
Date: Wed, 25 Nov 2015 14:13:56 +0000
Bug ID | 11774 |
---|---|
Summary | Crash in Manage Interfaces -> Pipes |
Product | Wireshark |
Version | 2.0.0 |
Hardware | All |
OS | All |
Status | UNCONFIRMED |
Severity | Major |
Priority | Low |
Component | Qt UI |
Assignee | bugzilla-admin@wireshark.org |
Reporter | peter@lekensteyn.nl |
CC | gerald@wireshark.org |
Build Information: Wireshark 2.1.0 (v2.1.0rc0-749-g12b2e3d from master) Copyright 1998-2015 Gerald Combs <gerald@wireshark.org> and contributors. License GPLv2+: GNU GPL version 2 or later <http://www.gnu.org/licenses/old-licenses/gpl-2.0.html> This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled (64-bit) with Qt 5.5.1, with libpcap, with POSIX capabilities (Linux), with libnl 3, with libz 1.2.8, with GLib 2.46.2, without SMI, without c-ares, without ADNS, with Lua 5.2, with GnuTLS 3.4.6, with Gcrypt 1.6.4, with MIT Kerberos, with GeoIP, with QtMultimedia, without AirPcap. Running on Linux 4.3.0-1-ARCH, with locale C, with libpcap version 1.7.4, with libz 1.2.8, with GnuTLS 3.4.6, with Gcrypt 1.6.4. Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz (with SSE4.2) Built using clang 4.2.1 Compatible Clang 3.7.0 (tags/RELEASE_370/final). -- (originally reported by a IRC user in #wireshark at Freenode who provided a gdb backtrace and the reproduction steps) Steps to reproduce: 1. Open Capture -> Options 2. Open Manage Interfaces, tab Pipes. 3. Click the plus button (add pipe) 4. Click the minus button (remove pipe). 5. Crash. The crash occurs because ManageInterfacesDialog::on_delPipe_clicked destructs a QTreeWidgetItem which had an open editor. When this item is destructed, a destroyed signal is raised which triggers stopEditor. However, this item was being destructed and is no longer valid. Also currently this sequence of events can happen when you keep pressing Add: createEditor() - sets path_item = X createEditor() - sets path_item = Y stopEditor() - uses Y stopEditor() - uses Y (again!) The PathChooserDelegate is buggy, it should should be decomposed from ManageInterfaceDialog and use signals instead to avoid this dependency. See https://doc.qt.io/qt-4.8/qt-itemviews-stardelegate-example.html for a better implementation ==5030==ERROR: AddressSanitizer: heap-use-after-free on address 0x60600132b720 at pc 0x561914b46daf bp 0x7ffc6933a370 sp 0x7ffc6933a368 READ of size 8 at 0x60600132b720 thread T0 #0 0x561914b46dae in PathChooserDelegate::stopEditor() ui/qt/manage_interfaces_dialog.cpp:841:5 #1 0x5619151fa984 in PathChooserDelegate::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /tmp/wsbuild/ui/qt/moc_manage_interfaces_dialog.cpp:73:17 #2 0x7f2f8f424129 in QMetaObject::activate(QObject*, int, int, void**) (/usr/lib/libQt5Core.so.5+0x2cb129) #3 0x7f2f8f4249ce in QObject::destroyed(QObject*) (/usr/lib/libQt5Core.so.5+0x2cb9ce) #4 0x7f2f9016a71c in QWidget::~QWidget() (/usr/lib/libQt5Widgets.so.5+0x1ba71c) #5 0x7f2f9027b938 in QLineEdit::~QLineEdit() (/usr/lib/libQt5Widgets.so.5+0x2cb938) #6 0x7f2f8f42265a in QObjectPrivate::deleteChildren() (/usr/lib/libQt5Core.so.5+0x2c965a) #7 0x7f2f9016a76f in QWidget::~QWidget() (/usr/lib/libQt5Widgets.so.5+0x1ba76f) #8 0x7f2f9016a948 in QWidget::~QWidget() (/usr/lib/libQt5Widgets.so.5+0x1ba948)
You are receiving this mail because:
- You are watching all bug changes.
- Follow-Ups:
- [Wireshark-bugs] [Bug 11774] Crash in Manage Interfaces -> Pipes
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11774] Crash in Manage Interfaces -> Pipes
- Prev by Date: [Wireshark-bugs] [Bug 11773] New: Buildbot crash output: fuzz-2015-11-25-25407.pcap
- Next by Date: [Wireshark-bugs] [Bug 11775] New: Buildbot crash output: fuzz-2015-11-25-24225.pcap
- Previous by thread: [Wireshark-bugs] [Bug 11773] Buildbot crash output: fuzz-2015-11-25-25407.pcap
- Next by thread: [Wireshark-bugs] [Bug 11774] Crash in Manage Interfaces -> Pipes
- Index(es):