'Re: PyQt6: Double free in sipWrapper_dealloc with QApplication.postEvent'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pykde
Subject:    Re: PyQt6: Double free in sipWrapper_dealloc with QApplication.postEvent
From:       Phil Thompson <phil () riverbankcomputing ! com>
Date:       2021-03-20 14:37:08
Message-ID: 1e0fc3a0b9a46738bbb7c41da9b64edf () riverbankcomputing ! com
[Download RAW message or body]

On 16/03/2021 17:20, Florian Bruhin wrote:
> Consider this example:
> 
>   from PyQt6 import QtWidgets, QtCore
>   qapp = QtWidgets.QApplication([])
>   w = QtWidgets.QWidget()
>   qapp.postEvent(w, QtCore.QEvent(QtCore.QEvent.Type.User))
>   qapp.exec()
> 
> With PyQt5, this works fine. With PyQt6, it aborts with "free(): double
> free detected in tcache 2" in:
> 
>   [...]
>   #3  0x00007ffff7a7fbea in malloc_printerr () from /usr/lib/libc.so.6
>   #4  0x00007ffff7a816c8 in _int_free () from /usr/lib/libc.so.6
>   #5  0x00007ffff7a84ca8 in free () from /usr/lib/libc.so.6
>   #6  0x00007ffff5187be0 in forgetObject (sw=sw@entry=0x7ffff18e7790)
> at siplib.c:10321
>   #7  0x00007ffff5187c46 in sipWrapper_dealloc (self=0x7ffff18e7790)
> at siplib.c:9966
>   [...]
> 
> Valgrind says:
> 
>   Invalid free() / delete / delete[] / realloc()
>      at 0x484008B: operator delete(void*, unsigned long)
> (vg_replace_malloc.c:593)
>      by 0x7E95BDF: forgetObject (siplib.c:10321)
>      by 0x7E95C45: sipWrapper_dealloc (siplib.c:9966)
>      [...]
>    Address 0xd760810 is 0 bytes inside a block of size 32 free'd
>      at 0x484008B: operator delete(void*, unsigned long)
> (vg_replace_malloc.c:593)
>      by 0x77C1388: QCoreApplicationPrivate::removePostedEvent(QEvent*)
> (in .../site-packages/PyQt6/Qt6/lib/libQt6Core.so.6)
>      by 0x77CB019: QEvent::~QEvent() (in
> .../site-packages/PyQt6/Qt6/lib/libQt6Core.so.6)
>      by 0xB2360EC: sipQEvent::~sipQEvent() (in
> .../site-packages/PyQt6/QtCore.abi3.so)
>      by 0x7E95BDF: forgetObject (siplib.c:10321)
>      by 0x7E95C45: sipWrapper_dealloc (siplib.c:9966)
>      [...]
>    Block was alloc'd at
>      at 0x483EDEF: operator new(unsigned long) 
> (vg_replace_malloc.c:342)
>      by 0xB287E15: init_type_QEvent (in 
> .../site-packages/PyQt6/QtCore.abi3.so)
>      by 0x7E96621: sipSimpleWrapper_init (siplib.c:9011)
>      [...]
> 
> (No debug symbols ready for Qt 6 / PyQt6 at the moment - please let me
> know if this isn't enough information)

This should be fixed in the next release of PyQt6.sip. This will be 
released no later that PyQt6 v6.1.

Thanks,
Phil
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic