ASan crash in CInputMethodRelay::removeTextInput when exiting Qt6 applications

[jbeich]

Regressed by 0807b8b. Tested with qt6-wayland-6.4.2. All Qt6 apps crash Hyprland but only when ASan is enabled. Qt5 is not affected.

$ meson setup --buildtype=debug -Db_sanitize=address /tmp/hyprland_build
$ meson compile -C /tmp/hyprland_build -c /dev/null
$ /tmp/hyprland_build/src/Hyprland
$ hyprland-share-picker
<select screen>
==91926==ERROR: AddressSanitizer: heap-use-after-free on address 0x617000035a10 at pc 0x0000009506d1 bp 0x7fffffffd300 sp 0x7fffffffd2f8
READ of size 8 at 0x617000035a10 thread T0
    #0 0x9506d0 in auto CInputMethodRelay::removeTextInput(STextInput*)::$_9::operator()<STextInput>(STextInput const&) const InputMethodRelay.cpp
    #1 0x92b10e in unsigned long std::__1::list<STextInput, std::__1::allocator<STextInput>>::remove_if<CInputMethodRelay::removeTextInput(STextInput*)::$_9>(CInputMethodRelay::removeTextInput(STextInput*)::$_9) InputMethodRelay.cpp
    #2 0x92ad2c in CInputMethodRelay::removeTextInput(STextInput*) (/tmp/hyprland_build/src/Hyprland+0x92ad2c)
    #3 0xc03993 in CTextInputV1ProtocolManager::removeTI(STextInputV1*) (/tmp/hyprland_build/src/Hyprland+0xc03993)
    #4 0xc04fee in destroyTI(wl_resource*) TextInputV1.cpp
    #5 0x800f1a7e8 in destroy_resource wayland-server.c
    #6 0x800f2219e in wl_map_for_each wayland-util.c
    #7 0x800f1aba7 in wl_client_destroy (/usr/lib/libwayland-server.so.0+0xcba7)
    #8 0x800f1b3f5 in wl_display_run (/usr/lib/libwayland-server.so.0+0xd3f5)
    #9 0xb0b8b8 in CCompositor::startCompositor() (/tmp/hyprland_build/src/Hyprland+0xb0b8b8)
    #10 0xc96d2e in main (/tmp/hyprland_build/src/Hyprland+0xc96d2e)
    #11 0x80170818a in __libc_start1 /usr/src/lib/libc/csu/libc_start1.c:155:7

0x617000035a10 is located 16 bytes inside of 688-byte region [0x617000035a00,0x617000035cb0)
freed by thread T0 here:
    #0 0x60ee6d in operator delete(void*) (/tmp/hyprland_build/src/Hyprland+0x60ee6d)
    #1 0x61fcf4 in void std::__1::__libcpp_operator_delete[abi:v15007]<void*>(void*) HyprError.cpp
    #2 0x61fca8 in void std::__1::__do_deallocate_handle_size[abi:v15007]<>(void*, unsigned long) HyprError.cpp
    #3 0x61fc34 in std::__1::__libcpp_deallocate[abi:v15007](void*, unsigned long, unsigned long) HyprError.cpp
    #4 0x62e0ec in std::__1::allocator<std::__1::__list_node<STextInput, void*>>::deallocate[abi:v15007](std::__1::__list_node<STextInput, void*>*, unsigned long) HyprError.cpp
    #5 0x62df24 in std::__1::allocator_traits<std::__1::allocator<std::__1::__list_node<STextInput, void*>>>::deallocate[abi:v15007](std::__1::allocator<std::__1::__list_node<STextInput, void*>>&, std::__1::__list_node<STextInput, void*>*, unsigned long) HyprError.cpp
    #6 0x62dc2f in std::__1::__list_imp<STextInput, std::__1::allocator<STextInput>>::clear() (/tmp/hyprland_build/src/Hyprland+0x62dc2f)
    #7 0x62da88 in std::__1::__list_imp<STextInput, std::__1::allocator<STextInput>>::~__list_imp() (/tmp/hyprland_build/src/Hyprland+0x62da88)
    #8 0x62d3a4 in std::__1::list<STextInput, std::__1::allocator<STextInput>>::~list() (/tmp/hyprland_build/src/Hyprland+0x62d3a4)
    #9 0x92b4bc in unsigned long std::__1::list<STextInput, std::__1::allocator<STextInput>>::remove_if<CInputMethodRelay::removeTextInput(STextInput*)::$_9>(CInputMethodRelay::removeTextInput(STextInput*)::$_9) InputMethodRelay.cpp
    #10 0x92ad2c in CInputMethodRelay::removeTextInput(STextInput*) (/tmp/hyprland_build/src/Hyprland+0x92ad2c)
    #11 0xc04fc7 in destroyTI(wl_resource*) TextInputV1.cpp
    #12 0x800f1a7e8 in destroy_resource wayland-server.c
    #13 0x800f2219e in wl_map_for_each wayland-util.c
    #14 0x800f1aba7 in wl_client_destroy (/usr/lib/libwayland-server.so.0+0xcba7)
    #15 0x800f1b3f5 in wl_display_run (/usr/lib/libwayland-server.so.0+0xd3f5)
    #16 0xb0b8b8 in CCompositor::startCompositor() (/tmp/hyprland_build/src/Hyprland+0xb0b8b8)
    #17 0xc96d2e in main (/tmp/hyprland_build/src/Hyprland+0xc96d2e)
    #18 0x80170818a in __libc_start1 /usr/src/lib/libc/csu/libc_start1.c:155:7
    #19 0x56cb41 in _start /usr/src/lib/csu/amd64/crt1_c.c:52:2
    #20 0x800eef007  (<unknown module>)

previously allocated by thread T0 here:
    #0 0x60e60d in operator new(unsigned long) (/tmp/hyprland_build/src/Hyprland+0x60e60d)
    #1 0x652c34 in void* std::__1::__libcpp_operator_new[abi:v15007]<unsigned long>(unsigned long) HyprError.cpp
    #2 0x652bbc in std::__1::__libcpp_allocate[abi:v15007](unsigned long, unsigned long) HyprError.cpp
    #3 0x958e0c in std::__1::allocator<std::__1::__list_node<STextInput, void*>>::allocate[abi:v15007](unsigned long) InputMethodRelay.cpp
    #4 0x958b8c in std::__1::allocator_traits<std::__1::allocator<std::__1::__list_node<STextInput, void*>>>::allocate[abi:v15007](std::__1::allocator<std::__1::__list_node<STextInput, void*>>&, unsigned long) InputMethodRelay.cpp
    #5 0x9587e2 in std::__1::list<STextInput, std::__1::allocator<STextInput>>::__allocate_node[abi:v15007](std::__1::allocator<std::__1::__list_node<STextInput, void*>>&) InputMethodRelay.cpp
    #6 0x954b4b in STextInput& std::__1::list<STextInput, std::__1::allocator<STextInput>>::emplace_back<>() (/tmp/hyprland_build/src/Hyprland+0x954b4b)
    #7 0x92a123 in CInputMethodRelay::createNewTextInput(wlr_text_input_v3*, STextInputV1*) (/tmp/hyprland_build/src/Hyprland+0x92a123)
    #8 0xc04df1 in CTextInputV1ProtocolManager::createTI(wl_client*, wl_resource*, unsigned int) (/tmp/hyprland_build/src/Hyprland+0xc04df1)
    #9 0xc05bd0 in createTI(wl_client*, wl_resource*, unsigned int) TextInputV1.cpp
    #10 0x801abe1d1  (/usr/lib/libffi.so.8+0x81d1)

SUMMARY: AddressSanitizer: heap-use-after-free InputMethodRelay.cpp in auto CInputMethodRelay::removeTextInput(STextInput*)::$_9::operator()<STextInput>(STextInput const&) const
Shadow bytes around the buggy address:
  0x4c2e00006af0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x4c2e00006b00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x4c2e00006b10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x4c2e00006b20: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
  0x4c2e00006b30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x4c2e00006b40: fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x4c2e00006b50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x4c2e00006b60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x4c2e00006b70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x4c2e00006b80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x4c2e00006b90: fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==91926==ABORTING

[vaxerski]

should be fixed with 86852cd