Qt5 windows may be randomly unmapped due to assumption sizeof(long)==4
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
qtbase-opensource-src (Ubuntu) |
Fix Released
|
Undecided
|
Alberto Mardegan |
Bug Description
The patch debian/
+ /* Add XEMBED info; this operation doesn't initiate the embedding. */
+ long data[] = { XEMBED_VERSION, XEMBED_MAPPED };
+ Q_XCB_CALL(
+ atom(QXcbAtom:
+ atom(QXcbAtom:
+ 32, 2, (void *)data));
...
+ const xcb_get_
+ xcb_get_
+ XCB_ATOM_ANY, 0, 3);
+
+ xcb_get_
+ xcb_get_
+ if (reply && reply->length >= 2) {
+ const long *data = (const long *)xcb_get_
+ if (data[1] & XEMBED_MAPPED)
+ Q_XCB_CALL(
+ else
+ Q_XCB_CALL(
+ }
I discovered this when some code I compiled with -fsanitize=address would pop up a window for an instant before it was unmapped again - since the reply only contains two 32-bit words (I confirmed with a debugger than reply->length == 2 and reply->format == 32), data[1] has undefined contents. On the sending side, it is actually sending {0, 0} rather than the intended {0, 1}. Changing "long" to "quint32" made the problem go away.
I don't know if this is a complete fix - there are other places where 'long' is used and I don't know enough about XCB to know whether they're broken or not (and I'd never heard of XEmbed until a few hours ago... I'm definitely not an expert on this stuff).
Incidentally, I also have no idea why the call to xcb_get_property passes 3 as the length, when only 2 words are expected or examined.
I used ubuntu-bug so hopefully it will pick up all the relevant information about my system, but just in case: I'm running 13.10 on x86-64, and I'm building from qtbase-
ProblemType: Bug
DistroRelease: Ubuntu 13.10
Package: libqt5gui5 5.0.2+dfsg1-
ProcVersionSign
Uname: Linux 3.11.0-13-generic x86_64
NonfreeKernelMo
ApportVersion: 2.12.5-0ubuntu2.1
Architecture: amd64
Date: Thu Nov 14 16:13:16 2013
InstallationDate: Installed on 2011-05-25 (904 days ago)
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Release amd64 (20110426)
MarkForUpload: True
SourcePackage: qtbase-
UpgradeStatus: Upgraded to saucy on 2013-10-25 (19 days ago)
Hey Alberto, can you please confirm that "const long *data" should be changed to "const quint32 *data"? Are there other places where a similar change should be done?