Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-54550

Use after free in qmake

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P1: Critical
    • 5.6.2
    • 5.6.1, 5.7.0
    • Build tools: qmake
    • None
    • Linux, gcc with address sanitizer
    • 3c8134958c66f40bb86588aa91b83bf58b5de0c9

    Description

      qmake has a use after free error that can be exposed with address sanitizer. While the qt build system has an option to use address sanitizer this does not automatically build qmake with it, which is probably the reason this bug wasn't detected before.

      To reproduce:

      • unpack qt source, cd to it
      • Add address sanitizer flags:
        echo "QMAKE_CFLAGS += -fsanitize=address -g" >> mkspecs/common/gcc-base.conf
        echo "QMAKE_CXXFLAGS += -fsanitize=address -g" >> mkspecs/common/gcc-base.conf
        echo "QMAKE_LFLAGS += -fsanitize=address -g" >> mkspecs/common/gcc-base.conf
      • Run configure and thus build qmake:
        ./configure -opensource -confirm-license

      The error will show up as soon as qmake was built and started within the QT source dir. I've attached a full stack trace from address sanitizer (for a more detailed trace use ASAN_OPTIONS="fast_unwind_on_malloc=0").

      I have tried to analyze the bug, but the code is pretty complicated and I'm not familiar with it.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            buddenha Oswald Buddenhagen
            hannob Hanno Boeck
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes