Details
-
Bug
-
Resolution: Done
-
P1: Critical
-
None
-
5.7.0 Alpha
-
None
-
Linux, Win10+MSVC 2013, ...
-
2091843 (qtbase)
Description
How to reproduce:
- Run nmake docs on Windows in qtbase.
- Watch it crash.
The crashing command line is
qdoc.exe -outputdir D:/dev/qt/dev-x86_64/qtbase/doc/qtcore -installdir D:/dev/qt/dev-x86_64/qtbase/doc D:/dev/qt/dev/qtbase/src/corelib/doc/qtcore.qdocconf -prepare -indexdir D:/dev/qt/dev-x86_64/qtbase/doc -no-link-errors
We have an invalid write:
Unhandled exception at 0x00007FF72EEFDAE9 in qdoc.exe: 0xC0000005: Access violation writing location 0x000000297BAFD779.
The backtrace:
0 RtlpNtMakeTemporaryKey ntdll 0x7ff8b4d8d695 1 RtlFreeHeap ntdll 0x7ff8b4ccd38b 2 RtlFreeHeap ntdll 0x7ff8b4cca996 3 RtlpNtMakeTemporaryKey ntdll 0x7ff8b4d8c69e 4 memset ntdll 0x7ff8b4d450e9 5 RtlFreeHeap ntdll 0x7ff8b4cca996 6 free_base MSVCR120D 0x7ff88fcbb13f 7 free_dbg MSVCR120D 0x7ff88fcd086d 8 free_dbg MSVCR120D 0x7ff88fcd0196 9 free MSVCR120D 0x7ff88fcd1e68 10 XY::QArrayData::deallocate qarraydata.cpp 136 0x6b1bbcb1 11 XY::QTypedArrayData<unsigned short>::deallocate qarraydata.h 223 0x6b135f1e 12 XY::QString::~QString qstring.h 1069 0x6b12f84a 13 XY::QString::`scalar deleting destructor' qdoc 0x7ff70ead7638 14 XY::QList<XY::QString>::node_destruct qlist.h 485 0x7ff70ead9902 15 XY::QList<XY::QString>::dealloc qlist.h 856 0x7ff70ead85a4 16 XY::QList<XY::QString>::~QList<XY::QString> qlist.h 817 0x7ff70ead70a2 17 XY::QStringList::~QStringList qdoc 0x7ff70ead7193 18 XY::FunctionNode::~FunctionNode node.h 864 0x7ff70ebd6434 19 XY::FunctionNode::`scalar deleting destructor' qdoc 0x7ff70ebd6da7 20 XY::qDeleteAll<XY::QList<XY::Node * __ptr64>::const_iterator> qalgorithms.h 317 0x7ff70ebd59bc 21 XY::qDeleteAll<XY::QList<XY::Node * __ptr64>> qalgorithms.h 326 0x7ff70ebd5940 22 XY::Aggregate::deleteChildren node.cpp 1007 0x7ff70ebcd1bb 23 XY::Aggregate::~Aggregate node.cpp 714 0x7ff70ebcc0d2 24 XY::ClassNode::~ClassNode node.h 506 0x7ff70ebd6342 25 XY::ClassNode::`scalar deleting destructor' qdoc 0x7ff70ebd6d07 26 XY::qDeleteAll<XY::QList<XY::Node * __ptr64>::const_iterator> qalgorithms.h 317 0x7ff70ebd59bc 27 XY::qDeleteAll<XY::QList<XY::Node * __ptr64>> qalgorithms.h 326 0x7ff70ebd5940 28 XY::Aggregate::deleteChildren node.cpp 1007 0x7ff70ebcd1bb 29 XY::Aggregate::~Aggregate node.cpp 714 0x7ff70ebcc0d2 30 XY::NamespaceNode::~NamespaceNode node.h 455 0x7ff70ebd6525 31 XY::Tree::~Tree tree.cpp 124 0x7ff70ec159d7 32 XY::Tree::`scalar deleting destructor' qdoc 0x7ff70ebeca67 33 XY::QDocForest::~QDocForest qdocdatabase.cpp 72 0x7ff70ebe05e2 34 XY::QDocDatabase::~QDocDatabase qdocdatabase.cpp 422 0x7ff70ebe1a59 35 XY::QDocDatabase::`scalar deleting destructor' qdoc 0x7ff70ebeca17 36 XY::QDocDatabase::destroyQdocDB qdocdatabase.cpp 443 0x7ff70ebe18fb 37 main main.cpp 793 0x7ff70ebbf898 38 __tmainCRTStartup crtexe.c 626 0x7ff70ec721bd 39 mainCRTStartup crtexe.c 466 0x7ff70ec722ee 40 BaseThreadInitThunk KERNEL32 0x7ff8b2532d92 41 RtlUserThreadStart ntdll 0x7ff8b4ca9f64
This is not a Windows-only issue. The invalid write is also observable when running qdoc on Linux through valgrind:
==9578== Memcheck, a memory error detector ==9578== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. ==9578== Using Valgrind-3.10.0 and LibVEX; rerun with -h for copyright info ==9578== Command: /home/jobor/dev/qt/dev-build/qtbase/bin/qdoc -outputdir /home/jobor/dev/qt/dev-build/qtbase/doc/qtcore -installdir /home/jobor/dev/qt/dev-build/qtbase/doc /home/jobor/dev/qt/dev/qtbase/src/corelib/doc/qtcore.qdocconf -prepare -no-link-errors ==9578== ==9578== Invalid write of size 1 ==9578== at 0x4C81C1: FunctionNode::setOverloadNumber(unsigned char) (node.h:874) ==9578== by 0x4C1A8D: Aggregate::removeChild(Node*) (node.cpp:1184) ==9578== by 0x4BD2EF: Node::~Node() (node.cpp:107) ==9578== by 0x444349: LeafNode::~LeafNode() (in /home/jobor/dev/qt/dev-build/qtbase/bin/qdoc) ==9578== by 0x4C816D: FunctionNode::~FunctionNode() (in /home/jobor/dev/qt/dev-build/qtbase/bin/qdoc) ==9578== by 0x4C819D: FunctionNode::~FunctionNode() (node.h:864) ==9578== by 0x4CA607: void qDeleteAll<QList<Node*>::const_iterator>(QList<Node*>::const_iterator, QList<Node*>::const_iterator) (qalgorithms.h:317) ==9578== by 0x4C92A3: void qDeleteAll<QList<Node*> >(QList<Node*> const&) (qalgorithms.h:325) ==9578== by 0x4C0FDF: Aggregate::deleteChildren() (node.cpp:1006) ==9578== by 0x4BFB83: Aggregate::~Aggregate() (node.cpp:713) ==9578== by 0x4C76B9: ClassNode::~ClassNode() (in /home/jobor/dev/qt/dev-build/qtbase/bin/qdoc) ==9578== by 0x4C76E9: ClassNode::~ClassNode() (node.h:506) ==9578== Address 0xa0c1329 is 409 bytes inside an unallocated block of size 448 in arena "client" ==9578== ==9578== ==9578== HEAP SUMMARY: ==9578== in use at exit: 2,748 bytes in 17 blocks ==9578== total heap usage: 10,090,174 allocs, 10,090,157 frees, 68,860,964,817 bytes allocated ==9578== ==9578== LEAK SUMMARY: ==9578== definitely lost: 0 bytes in 0 blocks ==9578== indirectly lost: 0 bytes in 0 blocks ==9578== possibly lost: 0 bytes in 0 blocks ==9578== still reachable: 2,748 bytes in 17 blocks ==9578== suppressed: 0 bytes in 0 blocks ==9578== Rerun with --leak-check=full to see details of leaked memory ==9578== ==9578== For counts of detected and suppressed errors, rerun with: -v ==9578== ERROR SUMMARY: 5 errors from 1 contexts (suppressed: 0 from 0)
setOverloadNumber is called on an already deleted Node.
Attachments
Issue Links
- is duplicated by
-
-
- Closed
-