PyQt6: Double free in sipWrapper_dealloc with QApplication.postEvent

Phil Thompson phil at riverbankcomputing.com
Sat Mar 20 14:37:08 GMT 2021 

On 16/03/2021 17:20, Florian Bruhin wrote:
> Consider this example:
> 
>   from PyQt6 import QtWidgets, QtCore
>   qapp = QtWidgets.QApplication([])
>   w = QtWidgets.QWidget()
>   qapp.postEvent(w, QtCore.QEvent(QtCore.QEvent.Type.User))
>   qapp.exec()
> 
> With PyQt5, this works fine. With PyQt6, it aborts with "free(): double
> free detected in tcache 2" in:
> 
>   [...]
>   #3  0x00007ffff7a7fbea in malloc_printerr () from /usr/lib/libc.so.6
>   #4  0x00007ffff7a816c8 in _int_free () from /usr/lib/libc.so.6
>   #5  0x00007ffff7a84ca8 in free () from /usr/lib/libc.so.6
>   #6  0x00007ffff5187be0 in forgetObject (sw=sw at entry=0x7ffff18e7790)
> at siplib.c:10321
>   #7  0x00007ffff5187c46 in sipWrapper_dealloc (self=0x7ffff18e7790)
> at siplib.c:9966
>   [...]
> 
> Valgrind says:
> 
>   Invalid free() / delete / delete[] / realloc()
>      at 0x484008B: operator delete(void*, unsigned long)
> (vg_replace_malloc.c:593)
>      by 0x7E95BDF: forgetObject (siplib.c:10321)
>      by 0x7E95C45: sipWrapper_dealloc (siplib.c:9966)
>      [...]
>    Address 0xd760810 is 0 bytes inside a block of size 32 free'd
>      at 0x484008B: operator delete(void*, unsigned long)
> (vg_replace_malloc.c:593)
>      by 0x77C1388: QCoreApplicationPrivate::removePostedEvent(QEvent*)
> (in .../site-packages/PyQt6/Qt6/lib/libQt6Core.so.6)
>      by 0x77CB019: QEvent::~QEvent() (in
> .../site-packages/PyQt6/Qt6/lib/libQt6Core.so.6)
>      by 0xB2360EC: sipQEvent::~sipQEvent() (in
> .../site-packages/PyQt6/QtCore.abi3.so)
>      by 0x7E95BDF: forgetObject (siplib.c:10321)
>      by 0x7E95C45: sipWrapper_dealloc (siplib.c:9966)
>      [...]
>    Block was alloc'd at
>      at 0x483EDEF: operator new(unsigned long) 
> (vg_replace_malloc.c:342)
>      by 0xB287E15: init_type_QEvent (in 
> .../site-packages/PyQt6/QtCore.abi3.so)
>      by 0x7E96621: sipSimpleWrapper_init (siplib.c:9011)
>      [...]
> 
> (No debug symbols ready for Qt 6 / PyQt6 at the moment - please let me
> know if this isn't enough information)

This should be fixed in the next release of PyQt6.sip. This will be 
released no later that PyQt6 v6.1.

Thanks,
Phil

More information about the PyQt mailing list