GNOME: segfault when quitting the client
Issue generated from Tuleap's migration script. Originally submitted by: Stepan Salenikovich (ssalenik)
A segfault often happens when quitting the client. ASAN detects a use after free likely related to this:
\*\* (gnome-ring:23978): DEBUG: quitting ================================================================= ==23978==ERROR: AddressSanitizer: heap-use-after-free on address 0x6040002ce610 at pc 0x710f87 bp 0x7fffffffda10 sp 0x7fffffffda00 READ of size 8 at 0x6040002ce610 thread T0 \#0 0x710f86 in RecentModel::\~RecentModel() /home/ssalenikovich/projects/ring-lrc/src/recentmodel.cpp:201 \#1 0x711020 in RecentModel::\~RecentModel() /home/ssalenikovich/projects/ring-lrc/src/recentmodel.cpp:204 \#2 0x7ffff50da18b in QObjectPrivate::deleteChildren() (/usr/lib/x86\_64-linux-gnu/libQt5Core.so.5+0x31118b) \#3 0x7ffff50e47f2 in QObject::\~QObject() (/usr/lib/x86\_64-linux-gnu/libQt5Core.so.5+0x31b7f2) \#4 0x7ffff50aa708 in QCoreApplication::\~QCoreApplication() (/usr/lib/x86\_64-linux-gnu/libQt5Core.so.5+0x2e1708) \#5 0x4b4a9a in ring\_client\_shutdown /home/ssalenikovich/projects/ring-client-gnome/src/ring\_client.cpp:463 \#6 0x7ffff562b503 (/usr/lib/x86\_64-linux-gnu/libgobject-2.0.so.0+0x10503) \#7 0x7ffff5644fa6 in g\_signal\_emit\_valist (/usr/lib/x86\_64-linux-gnu/libgobject-2.0.so.0+0x29fa6) \#8 0x7ffff56458fe in g\_signal\_emit (/usr/lib/x86\_64-linux-gnu/libgobject-2.0.so.0+0x2a8fe) \#9 0x7ffff591675c in g\_application\_run (/usr/lib/x86\_64-linux-gnu/libgio-2.0.so.0+0xa975c) \#10 0x4b44df in main /home/ssalenikovich/projects/ring-client-gnome/src/main.cpp:45 \#11 0x7ffff2c14a3f in \_\_libc\_start\_main (/lib/x86\_64-linux-gnu/libc.so.6+0x20a3f) \#12 0x4b4338 in \_start (/home/ssalenikovich/projects/ring-client-gnome/build/gnome-ring+0x4b4338) 0x6040002ce610 is located 0 bytes inside of 48-byte region [0x6040002ce610,0x6040002ce640) freed by thread T0 here: \#0 0x7ffff6f556af in operator delete(void\*) (/usr/lib/x86\_64-linux-gnu/libasan.so.1+0x586af) \#1 0x710b4c in \~RecentViewNode /home/ssalenikovich/projects/ring-lrc/src/recentmodel.cpp:216 \#2 0x710b4c in RecentModel::\~RecentModel() /home/ssalenikovich/projects/ring-lrc/src/recentmodel.cpp:201 \#3 0x711020 in RecentModel::\~RecentModel() /home/ssalenikovich/projects/ring-lrc/src/recentmodel.cpp:204 \#4 0x7ffff50da18b in QObjectPrivate::deleteChildren() (/usr/lib/x86\_64-linux-gnu/libQt5Core.so.5+0x31118b) previously allocated by thread T0 here: \#0 0x7ffff6f551af in operator new(unsigned long) (/usr/lib/x86\_64-linux-gnu/libasan.so.1+0x581af) \#1 0x718391 in RecentModelPrivate::slotLastUsedChanged(ContactMethod\*, long) /home/ssalenikovich/projects/ring-lrc/src/recentmodel.cpp:593 \#2 0x7199a2 in RecentModel::RecentModel(QObject\*) /home/ssalenikovich/projects/ring-lrc/src/recentmodel.cpp:188 \#3 0x719dc1 in RecentModel::instance() /home/ssalenikovich/projects/ring-lrc/src/recentmodel.cpp:262 \#4 0x521e6a in recent\_contacts\_view\_init /home/ssalenikovich/projects/ring-client-gnome/src/recentcontactsview.cpp:512 \#5 0x7ffff564cf98 in g\_type\_create\_instance (/usr/lib/x86\_64-linux-gnu/libgobject-2.0.so.0+0x31f98) SUMMARY: AddressSanitizer: heap-use-after-free /home/ssalenikovich/projects/ring-lrc/src/recentmodel.cpp:201 RecentModel::\~RecentModel() Shadow bytes around the buggy address: 0x0c0880051c70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0880051c80: fa fa 00 00 00 00 00 00 fa fa fa fa fa fa fa fa 0x0c0880051c90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0880051ca0: fa fa fd fd fd fd fd fd fa fa fa fa fa fa fa fa 0x0c0880051cb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x0c0880051cc0: fa fa[fd]fd fd fd fd fd fa fa fa fa fa fa fa fa 0x0c0880051cd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0880051ce0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0880051cf0: fa fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd 0x0c0880051d00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0880051d10: fa fa fd fd fd fd fd fd fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Contiguous container OOB:fc ASan internal: fe ==23978==ABORTING [Thread 0x7fffdba7c700 (LWP 23985) exited] [Thread 0x7ffff7f15a40 (LWP 23978) exited] [Inferior 1 (process 23978) exited with code 01]