#919607 libqt5gui5: krita crashes with Wacom tablet at QTabletEvent destructor

Package:
libqt5gui5
Source:
qtbase-opensource-src
Description:
Qt 5 GUI module
Submitter:
Mateus Barbosa
Date:
2020-11-23 17:51:12 UTC
Severity:
important
Tags:
#919607#5
Date:
2019-01-17 22:43:03 UTC
From:
To:
Dear Maintainer,

krita now crashes with the message "free(): double free detected in tcache 2"
when a Wacom tablet is used.

Steps to reproduce:
- plug Wacom tablet in
- launch krita
- open new file
- place cursor inside canvas
- approach stylus from Wacom tablet

This is possibly related to upstream bug <https://bugreports.qt.io/browse/QTBUG-72488>.

The backtrace shows the offending code seems to be at ~QTabletEvent():

Thread 1 "krita" received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50      ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) backtrace
#0  0x00007ffff4bb385b in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff4b9e535 in __GI_abort () at abort.c:79
#2  0x00007ffff4bf5728 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff4d0028d "%s\n") at ../sysdeps/posix/libc_fatal.c:181
#3  0x00007ffff4bfbe4a in malloc_printerr (str=str@entry=0x7ffff4d01f58 "free(): double free detected in tcache 2") at malloc.c:5341
#4  0x00007ffff4bfd92d in _int_free (av=0x7fffe4000020, p=0x7fffe4005ce0, have_lock=<optimized out>) at malloc.c:4193
#5  0x00007ffff54fecd0 in QTabletEvent::~QTabletEvent() () at /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5
#6  0x00007ffff7118497 in  () at /usr/lib/x86_64-linux-gnu/libkritaui.so.17
#7  0x00007ffff7112105 in  () at /usr/lib/x86_64-linux-gnu/libkritaui.so.17
#8  0x00007ffff7112464 in  () at /usr/lib/x86_64-linux-gnu/libkritaui.so.17
#9  0x00007ffff7116119 in  () at /usr/lib/x86_64-linux-gnu/libkritaui.so.17
#10 0x00007ffff71197f8 in KisXi2EventFilter::nativeEventFilter(QByteArray const&, void*, long*) () at /usr/lib/x86_64-linux-gnu/libkritaui.so.17
#11 0x00007ffff5142fcf in QAbstractEventDispatcher::filterNativeEvent(QByteArray const&, void*, long*) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#12 0x00007fffed0a7cb0 in QXcbConnection::handleXcbEvent(xcb_generic_event_t*) () at /usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5
#13 0x00007fffed0a8843 in QXcbConnection::processXcbEvents() () at /usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5
#14 0x00007ffff516ef82 in QObject::event(QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#15 0x00007ffff5abd491 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#16 0x00007ffff5ac4ad0 in QApplication::notify(QObject*, QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#17 0x00007ffff703bcd7 in KisApplication::notify(QObject*, QEvent*) () at /usr/lib/x86_64-linux-gnu/libkritaui.so.17
#18 0x00007ffff5145479 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#19 0x00007ffff514846b in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#20 0x00007ffff5197b23 in  () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#21 0x00007ffff21f7e0e in g_main_context_dispatch () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#22 0x00007ffff21f80a8 in  () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#23 0x00007ffff21f813c in g_main_context_iteration () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#24 0x00007ffff5197153 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#25 0x00007fffed139861 in  () at /usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5
#26 0x00007ffff514414b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#27 0x00007ffff514c2c2 in QCoreApplication::exec() () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#28 0x0000555555e8d937 in main ()

#919607#10
Date:
2019-01-18 12:18:00 UTC
From:
To:
Dear Maintainer, hello Mateus Barbosa,
there is another debian bug report that looks similar [1].

As far as I see this is a Qt upstream bug, but not yet resolved.
Krita upstream has two commits [2] to workaround that issue
until a fixed Qt version gets available.

Kind regards,
Bernhard

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918370
[2] https://bugs.kde.org/show_bug.cgi?id=401988

#919607#15
Date:
2019-01-18 12:18:00 UTC
From:
To:
Dear Maintainer, hello Mateus Barbosa,
there is another debian bug report that looks similar [1].

As far as I see this is a Qt upstream bug, but not yet resolved.
Krita upstream has two commits [2] to workaround that issue
until a fixed Qt version gets available.

Kind regards,
Bernhard

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918370
[2] https://bugs.kde.org/show_bug.cgi?id=401988

#919607#20
Date:
2019-01-18 16:03:19 UTC
From:
To:
El vie., 18 ene. 2019 09:21, Bernhard Übelacker <bernhardu@mailbox.org>
escribió:


Do we have an upstream bug number?

#919607#23
Date:
2019-01-18 16:03:19 UTC
From:
To:
El vie., 18 ene. 2019 09:21, Bernhard Übelacker <bernhardu@mailbox.org>
escribió:


Do we have an upstream bug number?

#919607#28
Date:
2019-01-18 16:10:51 UTC
From:
To:
Hello Lisandro,
Mateus Barbosa mentioned this one already when opening the bug:
https://bugreports.qt.io/browse/QTBUG-72488

Kind regards,
Bernhard

#919607#31
Date:
2019-01-18 16:10:51 UTC
From:
To:
Hello Lisandro,
Mateus Barbosa mentioned this one already when opening the bug:
https://bugreports.qt.io/browse/QTBUG-72488

Kind regards,
Bernhard

#919607#36
Date:
2019-01-18 16:51:22 UTC
From:
To:
Thanks!

El vie., 18 ene. 2019 13:10, Bernhard Übelacker <bernhardu@mailbox.org>
escribió: