Scintilla / Bugs / #2495 Segfault when destroying ScintillaDocument [Qt]

Segfault when destroying ScintillaDocument [Qt]

#2495 Segfault when destroying ScintillaDocument [Qt]

Milestone: Bug

Status: open-fixed

Owner: nobody

Labels: scintilla (608) Qt (12)

Priority: 5

Updated: 2025-12-30

Created: 2025-12-28

Creator: Stefan Löffler

Private: No

The following test program seg-faults (GCC 15.2.0 on Ubuntu 25.10) when the ScintillaDocument is destroyed:

#include <ScintillaDocument.h>
#include <ScintillaEdit.h>
#include <QApplication>
int main(int argc, char * argv[])
{
    QApplication app(argc, argv);
    ScintillaEdit edit;
    ScintillaDocument doc;
    edit.set_doc(&doc);
    return 0;
}

Analysis: ScintillaDocument::ScintillaDocument calls Document::AddWatcher with a second argument of type IDocumentEditable *. However, ScintillaDocument::~ScintillaDocument calls Document::RemoveWatcher with second argument of type Document*. The two are related, of course (Document derives from IDocumentEditable), but the pointers differ due to different vtables. Thus, Document::RemoveWatcher fails to remove the watcher, subsequently resulting in the segfault when ~Document tries to notify the (not properly removed) watcher.

Attached is a patch that fixes the issue by using the Document* also in ScintillaDocument::ScintillaDocument

1 Attachments

ScintillaDocument.patch

Discussion

Neil Hodgson - 2025-12-30

labels: --> scintilla, Qt

status: open --> open-fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Neil Hodgson - 2025-12-30

Committed as [04be64].

Related

Commit: [04be64]

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Segfault when destroying ScintillaDocument [Qt]

Group

Searches

Help

#2495 Segfault when destroying ScintillaDocument [Qt]

Discussion

Related