[marble] [Bug 408408] New: Marble app crash moving mouse on the map while adding a placemark (DEBUG version only)

Dario Zandri bugzilla_noreply at kde.org
Fri Jun 7 09:30:33 BST 2019 

https://bugs.kde.org/show_bug.cgi?id=408408

            Bug ID: 408408
           Summary: Marble app crash moving mouse on the map while adding
                    a placemark (DEBUG version only)
           Product: marble
           Version: unspecified
          Platform: Compiled Sources
                OS: MS Windows
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: general
          Assignee: marble-bugs at kde.org
          Reporter: d.zandri at idscorporation.com
  Target Milestone: ---

Created attachment 120650
  --> https://bugs.kde.org/attachment.cgi?id=120650&action=edit
Possible patch to keep m_paintOrder in synch with m_visiblePlacemarks

SUMMARY
Marble applications 19.04 compiled from sources on Windows 10 64 bit
Qt 5.11.2 64 bit
Visual Studio 2015
The crash happens only in the debug version, but it might be due to the speed
difference, please see additional information

STEPS TO REPRODUCE
1. Start Marble with the default OSM map
(earth/openstreetmap/openstreetmap.dgml)
2. Show the annotate plugin toolbar and select "add placemark"
3. In the Add Placemark dialog change a coordinate
4. Move the dialog and move the mouse pointer on the map below

OBSERVED RESULT
The application crashes with the following call stack:

        Qt5Guid.dll!QPlatformPixmap::height() Line 124  
        Qt5Guid.dll!QPixmap::size() Line 532    
>	marblewidget-qt5d.dll!Marble::VisiblePlacemark::symbolRect() Line 171	
        marblewidget-qt5d.dll!Marble::PlacemarkLayout::hasPlacemarkAt(const
QPoint & pos) Line 556      
        marblewidget-qt5d.dll!Marble::PlacemarkLayer::hasPlacemarkAt(const
QPoint & pos) Line 219       
        marblewidget-qt5d.dll!Marble::MarbleMap::hasFeatureAt(const QPoint &
position) Line 483 
       
marblewidget-qt5d.dll!Marble::MarbleDefaultInputHandler::adjustCursorShape(const
QPoint & mousePosition, const QPoint & mouseDirection) Line 663        
       
marblewidget-qt5d.dll!Marble::MarbleDefaultInputHandler::handleMouseEvent(QMouseEvent
* event) Line 884 
       
marblewidget-qt5d.dll!Marble::MarbleDefaultInputHandler::eventFilter(QObject *
o, QEvent * e) Line 923  
       
Qt5Cored.dll!QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject *
receiver, QEvent * event) Line 1174       
        Qt5Widgetsd.dll!QApplicationPrivate::notify_helper(QObject * receiver,
QEvent * e) Line 3723    
        Qt5Widgetsd.dll!QApplication::notify(QObject * receiver, QEvent * e)
Line 3203  
        Qt5Cored.dll!QCoreApplication::notifyInternal2(QObject * receiver,
QEvent * event) Line 1048    
        Qt5Cored.dll!QCoreApplication::sendSpontaneousEvent(QObject * receiver,
QEvent * event) Line 237        
        Qt5Widgetsd.dll!QApplicationPrivate::sendMouseEvent(QWidget * receiver,
QMouseEvent * event, QWidget * alienWidget, QWidget * nativeWidget, QWidget * *
buttonDown, QPointer<QWidget> & lastMouseReceiver, bool spontaneous) Line 2693  
        Qt5Widgetsd.dll!QWidgetWindow::handleMouseEvent(QMouseEvent * event)
Line 661   
        Qt5Widgetsd.dll!QWidgetWindow::event(QEvent * event) Line 282   
        Qt5Widgetsd.dll!QApplicationPrivate::notify_helper(QObject * receiver,
QEvent * e) Line 3727    
        Qt5Widgetsd.dll!QApplication::notify(QObject * receiver, QEvent * e)
Line 3099  
        Qt5Cored.dll!QCoreApplication::notifyInternal2(QObject * receiver,
QEvent * event) Line 1048    
        Qt5Cored.dll!QCoreApplication::sendSpontaneousEvent(QObject * receiver,
QEvent * event) Line 237        
       
Qt5Guid.dll!QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent
* e) Line 2082  
       
Qt5Guid.dll!QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent
* e) Line 1817    
        Qt5Guid.dll!QWindowSystemInterface::sendWindowSystemEvents(QFlags<enum
QEventLoop::ProcessEventsFlag> flags) Line 1038  
        qwindowsd.dll!QWindowsGuiEventDispatcher::sendPostedEvents() Line 83    
        Qt5Cored.dll!qt_internal_proc(HWND__ * hwnd, unsigned int message,
unsigned __int64 wp, __int64 lp) Line 239    
        [External Code] 
        Qt5Cored.dll!QEventDispatcherWin32::processEvents(QFlags<enum
QEventLoop::ProcessEventsFlag> flags) Line 630    
        qwindowsd.dll!QWindowsGuiEventDispatcher::processEvents(QFlags<enum
QEventLoop::ProcessEventsFlag> flags) Line 74       
        Qt5Cored.dll!QEventLoop::processEvents(QFlags<enum
QEventLoop::ProcessEventsFlag> flags) Line 137       
        Qt5Cored.dll!QEventLoop::exec(QFlags<enum
QEventLoop::ProcessEventsFlag> flags) Line 214        
        Qt5Cored.dll!QCoreApplication::exec() Line 1336 
        Qt5Guid.dll!QGuiApplication::exec() Line 1762   
        Qt5Widgetsd.dll!QApplication::exec() Line 2902  
        marble-qt.exe!main(int argc, char * * argv) Line 308    
        [External Code] 

EXPECTED RESULT


SOFTWARE/OS VERSIONS
Windows: 10 64 bit
macOS: 
Linux/KDE Plasma: 
(available in About System)
KDE Plasma Version: 
KDE Frameworks Version: 
Qt Version: 5.11.2 64bit

ADDITIONAL INFORMATION
The crash seems to happen because the mouse movement triggers an updateFeature:

 AnnotatePlugin::eventFilter
  -> AnnotatePlugin::handleUncaughtEvents
        -> m_marbleWidget->model()->treeModel()->updateFeature(
m_focusItem->placemark() );

Which in turn calls RemoveFeature and AddFeature of GeoDataTreeModel and they
emits rowsAboutToBeRemoved and rowsInserted signals, connected to
removePlacemarks and addPlacemarks of PlacemarkLayout

PlacemarkLayout::removePlacemarks
        -> remove the placemark from its cache and the associated VisibleItem.
It doesn't deal with m_paintOrder.

PlacemarkLayout::addPlacemarks
        -> add only the placemark to the internal cache. Creation of
VisibleItem seems to be demanded to the first layoutPlacemark call

At the end of addPlacemark an emit repaintNeeded() should cause a
PlacemarkLayout::layoutPlacemark call, if that happens before any other mouse
events, all is well.

But if the mouse event is passed to MarbleDefaultInputHandler::eventFilter
before the next render, then the following calls cause an invalid memory
access.
MarbleDefaultInputHandler::eventFilter
        -> MarbleDefaultInputHandler::adjustCursorShape
                ->
MarbleInputHandler::d->m_marblePresenter->map()->hasFeatureAt(mousePosition)
                -> ...
                -> PlacemarkLayout::hasPlacemarkAt which uses m_paintOrder
still containing an invalid VisibleItem from the preceding removePlacemarks
I don't understand in detail the reasone of the debug/relase difference, but it
would seem a sound and roboust approach to make PlacemarkLayout::m_paintOrder
more in synch with m_visiblePlacemarks.

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the Marble-bugs mailing list