[kde] [Bug 461738] New: Umbrello's C++ parser crashes on certain inputs

Gabriel Ravier bugzilla_noreply at kde.org
Sat Nov 12 18:42:28 GMT 2022 

https://bugs.kde.org/show_bug.cgi?id=461738

            Bug ID: 461738
           Summary: Umbrello's C++ parser crashes on certain inputs
    Classification: I don't know
           Product: kde
           Version: unspecified
          Platform: Fedora RPMs
                OS: Linux
            Status: REPORTED
          Keywords: drkonqi
          Severity: crash
          Priority: NOR
         Component: general
          Assignee: unassigned-bugs at kde.org
          Reporter: gabravier at gmail.com
  Target Milestone: ---

Application: umbrello5 (2.35.1 (Applications 22.08.1))

Qt Version: 5.15.6
Frameworks Version: 5.99.0
Operating System: Linux 6.0.5-200.fc36.x86_64 x86_64
Windowing System: Wayland
Distribution: "Fedora release 36 (Thirty Six)"
DrKonqi: 5.25.5 [KCrashBackend]

-- Information about the crash:
It appears that the C++ parser that Umbrello can crash in certain situations
(from looking at the code, it looks like it's trying to access a null
unique_ptr (which results in an assert failure within libstdc++)). If you want,
I can try to track down the precise code that can do so, but the code itself
seems like it's badly written in the first place... (as in, it seems like it
should be checking for a null pointer in a different way)

The reporter is unsure if this crash is reproducible.

-- Backtrace:
Application: Umbrello UML Modeller (umbrello5), signal: Aborted

[KCrash Handler]
#4  __pthread_kill_implementation (threadid=<optimized out>,
signo=signo at entry=6, no_tid=no_tid at entry=0) at pthread_kill.c:44
#5  0x00007f8d06c8ec73 in __pthread_kill_internal (signo=6, threadid=<optimized
out>) at pthread_kill.c:78
#6  0x00007f8d06c3e986 in __GI_raise (sig=sig at entry=6) at
../sysdeps/posix/raise.c:26
#7  0x00007f8d06c287f4 in __GI_abort () at abort.c:79
#8  0x00007f8d070d7dd0 in std::__glibcxx_assert_fail(char const*, int, char
const*, char const*) (file=file at entry=0x5567f3068840
"/usr/include/c++/12/bits/unique_ptr.h", line=line at entry=445,
function=function at entry=0x5567f3068d28 "typename
std::add_lvalue_reference<_Tp>::type std::unique_ptr<_Tp, _Dp>::operator*()
const [with _Tp = InitDeclaratorAST; _Dp =
std::default_delete<InitDeclaratorAST>; typename std::add_lvalue_referen"...,
condition=condition at entry=0x5567f306873b "get() != pointer()") at
../../../../../libstdc++-v3/src/c++11/debug.cc:60
#9  0x00005567f2f74817 in std::unique_ptr<InitDeclaratorAST,
std::default_delete<InitDeclaratorAST> >::operator*() const (this=<optimized
out>) at /usr/include/c++/12/bits/unique_ptr.h:443
#10 std::unique_ptr<InitDeclaratorAST, std::default_delete<InitDeclaratorAST>
>::operator*() const (this=<optimized out>) at
/usr/include/c++/12/bits/unique_ptr.h:443
#11 Parser::parseDeclarationInternal(std::unique_ptr<DeclarationAST,
std::default_delete<DeclarationAST> >&) (this=<optimized out>,
node=std::unique_ptr<DeclarationAST> = {...}) at
/usr/src/debug/umbrello-22.08.1-2.fc36.x86_64/lib/cppparser/parser.cpp:3161
#12 0x00005567f2f68f07 in
Parser::parseMemberSpecification(std::unique_ptr<DeclarationAST,
std::default_delete<DeclarationAST> >&) (node=std::unique_ptr<DeclarationAST> =
{...}, this=0x7ffe1dc0dea0) at
/usr/src/debug/umbrello-22.08.1-2.fc36.x86_64/lib/cppparser/parser.cpp:2145
#13 Parser::parseClassSpecifier(std::unique_ptr<TypeSpecifierAST,
std::default_delete<TypeSpecifierAST> >&) (this=0x7ffe1dc0dea0,
node=std::unique_ptr<TypeSpecifierAST> = {...}) at
/usr/src/debug/umbrello-22.08.1-2.fc36.x86_64/lib/cppparser/parser.cpp:2026
#14 0x00005567f2f5e478 in
Parser::parseDeclaration(std::unique_ptr<DeclarationAST,
std::default_delete<DeclarationAST> >&) (this=0x7ffe1dc0dea0,
node=std::unique_ptr<DeclarationAST> = {...}) at
/usr/src/debug/umbrello-22.08.1-2.fc36.x86_64/lib/cppparser/parser.cpp:532
#15 0x00005567f2f40ded in
Parser::parseTranslationUnit(QExplicitlySharedDataPointer<TranslationUnitAST>&)
(node=<synthetic pointer>..., this=0x7ffe1dc0dea0) at
/usr/src/debug/umbrello-22.08.1-2.fc36.x86_64/lib/cppparser/parser.cpp:468
#16 Driver::ParseHelper::parse() (this=this at entry=0x7ffe1dc0dfa0) at
/usr/src/debug/umbrello-22.08.1-2.fc36.x86_64/lib/cppparser/driver.cpp:345
#17 0x00005567f2f46a60 in Driver::parseFile(QString const&, bool, bool, bool)
(this=0x5567f4dd9a40, fileName=..., onlyPreProcess=<optimized out>,
force=<optimized out>, macrosGlobal=<optimized out>) at
/usr/src/debug/umbrello-22.08.1-2.fc36.x86_64/lib/cppparser/driver.cpp:560
#18 0x00005567f2f0571f in CppImport::parseFile(QString const&)
(this=0x5567f4d5bfe0, fileName=...) at
/usr/src/debug/umbrello-22.08.1-2.fc36.x86_64/umbrello/codeimport/cppimport.cpp:143
#19 0x00005567f2d316ee in ClassImport::importFile(QString const&)
(fileName=..., this=0x5567f4d5bfe0) at
/usr/src/debug/umbrello-22.08.1-2.fc36.x86_64/umbrello/codeimport/classimport.cpp:120
#20 CodeImpThread::run() (this=0x5567f4dd4770) at
/usr/src/debug/umbrello-22.08.1-2.fc36.x86_64/umbrello/codeimpwizard/codeimpthread.cpp:50
#21 0x00005567f2d346b1 in CodeImpStatusPage::importCodeFile(bool)
(this=0x5567f4b81f10, noError=<optimized out>) at
/usr/src/debug/umbrello-22.08.1-2.fc36.x86_64/umbrello/codeimpwizard/codeimpstatuspage.cpp:180
#22 0x00007f8d076dbb2f in doActivate<false>(QObject*, int, void**)
(sender=0x5567f4dc1a30, signal_index=3, argv=0x7ffe1dc0e320) at
kernel/qobject.cpp:3931
#23 0x00007f8d076d6927 in QMetaObject::activate(QObject*, QMetaObject const*,
int, void**) (sender=sender at entry=0x5567f4dc1a30, m=m at entry=0x7f8d0796d5e0
<QSingleShotTimer::staticMetaObject>,
local_signal_index=local_signal_index at entry=0, argv=argv at entry=0x0) at
kernel/qobject.cpp:3979
#24 0x00007f8d076dee03 in QSingleShotTimer::timeout() (this=0x5567f4dc1a30) at
.moc/qtimer.moc:130
#25 QSingleShotTimer::timerEvent(QTimerEvent*) (this=0x5567f4dc1a30) at
kernel/qtimer.cpp:323
#26 0x00007f8d076d2ad5 in QObject::event(QEvent*) (this=0x5567f4dc1a30,
e=0x7ffe1dc0e4c0) at kernel/qobject.cpp:1369
#27 0x00007f8d083aed02 in QApplicationPrivate::notify_helper(QObject*, QEvent*)
(this=<optimized out>, receiver=0x5567f4dc1a30, e=0x7ffe1dc0e4c0) at
kernel/qapplication.cpp:3637
#28 0x00007f8d076a81c8 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
(receiver=0x5567f4dc1a30, event=0x7ffe1dc0e4c0) at
kernel/qcoreapplication.cpp:1064
#29 0x00007f8d076f83b1 in QTimerInfoList::activateTimers()
(this=0x5567f3ca4fa0) at kernel/qtimerinfo_unix.cpp:643
#30 0x00007f8d076f8cd4 in timerSourceDispatch (source=<optimized out>) at
kernel/qeventdispatcher_glib.cpp:183
#31 idleTimerSourceDispatch(GSource*, GSourceFunc, gpointer) (source=<optimized
out>) at kernel/qeventdispatcher_glib.cpp:230
#32 0x00007f8d02726faf in g_main_dispatch (context=0x7f8cec005010) at
../glib/gmain.c:3417
#33 g_main_context_dispatch (context=0x7f8cec005010) at ../glib/gmain.c:4135
#34 0x00007f8d0277c2c8 in g_main_context_iterate.constprop.0
(context=context at entry=0x7f8cec005010, block=block at entry=1,
dispatch=dispatch at entry=1, self=<optimized out>) at ../glib/gmain.c:4211
#35 0x00007f8d02724940 in g_main_context_iteration (context=0x7f8cec005010,
may_block=1) at ../glib/gmain.c:4276
#36 0x00007f8d076f902a in
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(this=0x5567f3ca4a60, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#37 0x00007f8d076a6c1a in
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>)
(this=this at entry=0x7ffe1dc0e760, flags=..., flags at entry=...) at
../../include/QtCore/../../src/corelib/global/qflags.h:69
#38 0x00007f8d085bf5e7 in QDialog::exec() (this=0x5567f4b17d90) at
../../include/QtCore/../../src/corelib/global/qflags.h:121
#39 0x00005567f2ced249 in UMLApp::slotImportingWizard() (this=0x5567f3cfce70)
at /usr/src/debug/umbrello-22.08.1-2.fc36.x86_64/umbrello/uml.cpp:2963
#40 UMLApp::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)
(_o=0x5567f3cfce70, _id=<optimized out>, _a=<optimized out>, _c=<optimized
out>) at
/usr/src/debug/umbrello-22.08.1-2.fc36.x86_64/redhat-linux-build/umbrello/libumbrello_autogen/EWIEGA46WW/moc_uml.cpp:483
#41 0x00007f8d076dbb2f in doActivate<false>(QObject*, int, void**)
(sender=0x5567f402d370, signal_index=4, argv=0x7ffe1dc0e9e0) at
kernel/qobject.cpp:3931
#42 0x00007f8d076d6927 in QMetaObject::activate(QObject*, QMetaObject const*,
int, void**) (sender=sender at entry=0x5567f402d370, m=m at entry=0x7f8d088d4240
<QAction::staticMetaObject>, local_signal_index=local_signal_index at entry=1,
argv=argv at entry=0x7ffe1dc0e9e0) at kernel/qobject.cpp:3979
#43 0x00007f8d083a82e6 in QAction::triggered(bool)
(this=this at entry=0x5567f402d370, _t1=<optimized out>) at
.moc/moc_qaction.cpp:376
#44 0x00007f8d083aafa3 in QAction::activate(QAction::ActionEvent)
(this=0x5567f402d370, event=<optimized out>) at kernel/qaction.cpp:1161
#45 0x00007f8d08534f32 in
QMenuPrivate::activateCausedStack(QVector<QPointer<QWidget> > const&, QAction*,
QAction::ActionEvent, bool) (this=this at entry=0x5567f3f26b70, causedStack=...,
action=action at entry=0x5567f402d370, action_e=action_e at entry=QAction::Trigger,
self=self at entry=true) at widgets/qmenu.cpp:1384
#46 0x00007f8d0853ce0c in QMenuPrivate::activateAction(QAction*,
QAction::ActionEvent, bool) (this=0x5567f3f26b70, action=0x5567f402d370,
action_e=QAction::Trigger, self=<optimized out>) at widgets/qmenu.cpp:1461
#47 0x00007f8d083f1808 in QWidget::event(QEvent*) (this=0x5567f3f24110,
event=0x7ffe1dc0efc0) at kernel/qwidget.cpp:9034
#48 0x00007f8d083aed02 in QApplicationPrivate::notify_helper(QObject*, QEvent*)
(this=this at entry=0x5567f3c7e910, receiver=receiver at entry=0x5567f3f24110,
e=e at entry=0x7ffe1dc0efc0) at kernel/qapplication.cpp:3637
#49 0x00007f8d083b7372 in QApplication::notify(QObject*, QEvent*)
(this=<optimized out>, receiver=0x5567f3f24110, e=<optimized out>) at
kernel/qapplication.cpp:3081
#50 0x00007f8d076a81c8 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
(receiver=0x5567f3f24110, event=0x7ffe1dc0efc0) at
kernel/qcoreapplication.cpp:1064
#51 0x00007f8d083b5472 in QApplicationPrivate::sendMouseEvent(QWidget*,
QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool, bool)
(receiver=0x5567f3f24110, event=event at entry=0x7ffe1dc0efc0,
alienWidget=<optimized out>, nativeWidget=0x5567f3f24110,
buttonDown=buttonDown at entry=0x7f8d0890c330 <qt_button_down>,
lastMouseReceiver=..., spontaneous=true, onlyDispatchEnterLeave=false) at
kernel/qapplication.cpp:2619
#52 0x00007f8d0840afc5 in QWidgetWindow::handleMouseEvent(QMouseEvent*)
(this=0x5567f48a30f0, event=0x7ffe1dc0f270) at kernel/qwidgetwindow.cpp:580
#53 0x00007f8d0840df30 in QWidgetWindow::event(QEvent*) (this=0x5567f48a30f0,
event=0x7ffe1dc0f270) at kernel/qwidgetwindow.cpp:300
#54 0x00007f8d083aed02 in QApplicationPrivate::notify_helper(QObject*, QEvent*)
(this=<optimized out>, receiver=0x5567f48a30f0, e=0x7ffe1dc0f270) at
kernel/qapplication.cpp:3637
#55 0x00007f8d076a81c8 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
(receiver=0x5567f48a30f0, event=0x7ffe1dc0f270) at
kernel/qcoreapplication.cpp:1064
#56 0x00007f8d07b6ae7d in
QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*)
(e=0x7f8ce4005fa0) at kernel/qguiapplication.cpp:2278
#57 0x00007f8d07b4a02c in
QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(flags=...) at kernel/qwindowsysteminterface.cpp:1169
#58 0x00007f8d02582414 in userEventSourceDispatch(_GSource*, int (*)(void*),
void*) () at /lib64/libQt5WaylandClient.so.5
#59 0x00007f8d02726faf in g_main_dispatch (context=0x7f8cec005010) at
../glib/gmain.c:3417
#60 g_main_context_dispatch (context=0x7f8cec005010) at ../glib/gmain.c:4135
#61 0x00007f8d0277c2c8 in g_main_context_iterate.constprop.0
(context=context at entry=0x7f8cec005010, block=block at entry=1,
dispatch=dispatch at entry=1, self=<optimized out>) at ../glib/gmain.c:4211
#62 0x00007f8d02724940 in g_main_context_iteration (context=0x7f8cec005010,
may_block=1) at ../glib/gmain.c:4276
#63 0x00007f8d076f902a in
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(this=0x5567f3ca4a60, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#64 0x00007f8d076a6c1a in
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>)
(this=this at entry=0x7ffe1dc0f600, flags=..., flags at entry=...) at
../../include/QtCore/../../src/corelib/global/qflags.h:69
#65 0x00007f8d076aece2 in QCoreApplication::exec() () at
../../include/QtCore/../../src/corelib/global/qflags.h:121
#66 0x00007f8d07b5fbe0 in QGuiApplication::exec() () at
kernel/qguiapplication.cpp:1863
#67 0x00007f8d083aec79 in QApplication::exec() () at
kernel/qapplication.cpp:2829
#68 0x00005567f2cb91ca in main(int, char**) (argc=<optimized out>,
argv=<optimized out>) at
/usr/src/debug/umbrello-22.08.1-2.fc36.x86_64/umbrello/main.cpp:239
[Inferior 1 (process 2980175) detached]

Reported using DrKonqi
This report was filed against 'kde' because the product 'umbrello5' could not
be located in Bugzilla. Add it to drkonqi's mappings file!

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the Unassigned-bugs mailing list