Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix heap use after free in MoveTool #1791

Merged
merged 1 commit into from
Oct 17, 2023
Merged

Fix heap use after free in MoveTool #1791

merged 1 commit into from
Oct 17, 2023

Conversation

J5lx
Copy link
Member

@J5lx J5lx commented Oct 1, 2023

Steps to reproduce:

  • Use something like AddressSanitizer which detects heap use after free
  • Open Pencil2D
  • Switch to move tool
  • Move cursor across ScribbleArea
  • Ctrl-N to create new project
  • heap use after free occurs in MoveTool::leavingThisTool because the move tool keeps an attribute with a pointer to the last used layer which it tries to access after the old project is already unloaded.

Solution: get rid of the pointer.

I also noticed the same kind of layer pointer attribute in SelectTool. Although I don’t think it’s causing any issues right now I removed it anyway because the layer can just as easily passed as a parameter there and storing it as an attribute basically just serves as a booby trap for the next person making changes to that tool.

@J5lx
Fix heap use after free in MoveTool
d400c13 
Also gets rid of a layer pointer in SelectTool
@J5lx J5lx added this to the v0.6.7 milestone Oct 1, 2023
MrStevns
MrStevns approved these changes Oct 12, 2023
View reviewed changes
Copy link
Member

@MrStevns MrStevns left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can confirm that the bug is reproducible and has been fixed with the changes in the PR.

Feel free to merge when you're ready 👍

Discussion

While it's fine to remove pointers in this case, I think in general that we need to figure out a way to cleanup old state when loading a new file and such.

One way could be to make all tools listen to Editor::objectLoaded and cleanup all state, like it was a de-initialization, however that's still very manual and error prone.

We also have ToolManager::cleanupAllToolsData although that's seemingly unused right now.

Another would be to initialize all tools again, that's a small overhead for the convenience of having a clean slate, and it only needs to be done in the code once to take effect.

What do you think?

@J5lx
Copy link
Member Author

J5lx commented Oct 17, 2023

What do you think?

I agree something needs to be done about that. That said, right now I don’t really have a preference for any of the suggestions you made. I also think there is a larger problem here – the fact that the program relies so much on global state and much of it is so strongly coupled. (I’m reminded of how we can’t even do a command-line export without creating a main window first because otherwise the program just crashes.) If we work on that, I reckon it will also at the very least alleviate issues like this. But of course, it’s a bigger undertaking and there’s something to be said about making smaller improvements first without waiting for larger projects that may take a long time to materialise. For now, I don’t really have any conclusive thoughts on your suggestions.

@J5lx J5lx merged commit 127cd62 into pencil2d:master Oct 17, 2023
7 checks passed
@J5lx J5lx deleted the fixes/heap-use-after-free branch October 17, 2023 19:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MrStevns MrStevns MrStevns approved these changes

Assignees
No one assigned
Labels
Bug Move Tool
Projects
Bug Fix Priority
Status: No status
Pull Request Priority
Status: Merged
Milestone
0.7.0
Development

Successfully merging this pull request may close these issues.
2 participants
@J5lx @MrStevns