PyQt6: Double free in sipWrapper_dealloc with QApplication.postEvent

Florian Bruhin me at the-compiler.org
Tue Mar 16 17:20:08 GMT 2021 

Consider this example:

  from PyQt6 import QtWidgets, QtCore
  qapp = QtWidgets.QApplication([])
  w = QtWidgets.QWidget()
  qapp.postEvent(w, QtCore.QEvent(QtCore.QEvent.Type.User))
  qapp.exec()

With PyQt5, this works fine. With PyQt6, it aborts with "free(): double
free detected in tcache 2" in:

  [...]
  #3  0x00007ffff7a7fbea in malloc_printerr () from /usr/lib/libc.so.6
  #4  0x00007ffff7a816c8 in _int_free () from /usr/lib/libc.so.6
  #5  0x00007ffff7a84ca8 in free () from /usr/lib/libc.so.6
  #6  0x00007ffff5187be0 in forgetObject (sw=sw at entry=0x7ffff18e7790) at siplib.c:10321
  #7  0x00007ffff5187c46 in sipWrapper_dealloc (self=0x7ffff18e7790) at siplib.c:9966
  [...]

Valgrind says:

  Invalid free() / delete / delete[] / realloc()
     at 0x484008B: operator delete(void*, unsigned long) (vg_replace_malloc.c:593)
     by 0x7E95BDF: forgetObject (siplib.c:10321)
     by 0x7E95C45: sipWrapper_dealloc (siplib.c:9966)
     [...]
   Address 0xd760810 is 0 bytes inside a block of size 32 free'd
     at 0x484008B: operator delete(void*, unsigned long) (vg_replace_malloc.c:593)
     by 0x77C1388: QCoreApplicationPrivate::removePostedEvent(QEvent*) (in .../site-packages/PyQt6/Qt6/lib/libQt6Core.so.6)
     by 0x77CB019: QEvent::~QEvent() (in .../site-packages/PyQt6/Qt6/lib/libQt6Core.so.6)
     by 0xB2360EC: sipQEvent::~sipQEvent() (in .../site-packages/PyQt6/QtCore.abi3.so)
     by 0x7E95BDF: forgetObject (siplib.c:10321)
     by 0x7E95C45: sipWrapper_dealloc (siplib.c:9966)
     [...]
   Block was alloc'd at
     at 0x483EDEF: operator new(unsigned long) (vg_replace_malloc.c:342)
     by 0xB287E15: init_type_QEvent (in .../site-packages/PyQt6/QtCore.abi3.so)
     by 0x7E96621: sipSimpleWrapper_init (siplib.c:9011)
     [...]

(No debug symbols ready for Qt 6 / PyQt6 at the moment - please let me
know if this isn't enough information)

Florian

-- 
            me at the-compiler.org | https://www.qutebrowser.org 
       https://bruhin.software/ | https://github.com/sponsors/The-Compiler/
       GPG: 916E B0C8 FD55 A072 | https://the-compiler.org/pubkey.asc
             I love long mails! | https://email.is-not-s.ms/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://www.riverbankcomputing.com/pipermail/pyqt/attachments/20210316/4248c5ae/attachment.sig>

More information about the PyQt mailing list