Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: P3: Somewhat important
Fix Version/s: None
Affects Version/s: 5.5.1, 5.6.2, 5.7.0, 5.8.0 Beta
Component/s: QML: Declarative and Javascript Engine
Labels:
- Reported_by_support_silver

Description

Klocwork 2016.2 reports some errors in Qt's header files.

A. MemoryPool::allocate_helper()
http://code.qt.io/cgit/qt/qtdeclarative.git/tree/src/qml/parser/qqmljsmemorypool_p.h?h=5.5#n140

----------------------------------------
11;/home/user/Qt5.5.1/5.5/qnx6_x86/include/QtQml/5.5.1/QtQml/private/qqmljsmemorypool_p.h;140;13;Warning;3;C and C++;FREE.INCONSISTENT;Warning;allocate_helper;-1984532746;Memory pointed by 'this->_blocks' is freed at this point, but this memory is not freed upon function exits at line(s) 156.;System;Analyze;C and C++;unowned;4;;
12;/home/user/Qt5.5.1/5.5/qnx6_x86/include/QtQml/5.5.1/QtQml/private/qqmljsmemorypool_p.h;143;17;Critical;1;C and C++;NPD.FUNC.MUST;Error;allocate_helper;-893448703;Pointer '_blocks' returned from call to function 'realloc' at line 140 may be NULL and will be dereferenced at line 143.;System;Analyze;C and C++;unowned;5;;
13;/home/user/Qt5.5.1/5.5/qnx6_x86/include/QtQml/5.5.1/QtQml/private/qqmljsmemorypool_p.h;148;15;Critical;1;C and C++;NPD.FUNC.MUST;Error;allocate_helper;546728937;Pointer 'block' returned from call to function 'realloc' at line 140 may be NULL and will be dereferenced at line 148.;System;Analyze;C and C++;unowned;6;;
----------------------------------------

The result of realloc() is not checked.
When realloc() fails to reserve memory,
Old '_blocks' is leaked and invalid memory access is occurred.

B. QML_GETTYPENAMES in qmlRegisterSingletonType()
http://code.qt.io/cgit/qt/qtdeclarative.git/tree/src/qml/qml/qqml.h?h=5.5#n544

----------------------------------------
42;/home/user/Qt5.5.1/5.5/qnx6_x86/include/QtQml/qqml.h;544;5;Critical;1;C and C++;NPD.FUNC.CALL.MUST;Error;qmlRegisterSingletonType;-836239127;Pointer 'pointerName.ptr' returned from call to function 'QVarLengthArray<char,48>' at line 544 may be NULL, will be passed to function and may be dereferenced there by passing argument 1 to function 'memcpy' at line 544.;System;Analyze;C and C++;unowned;25;;
43;/home/user/Qt5.5.1/5.5/qnx6_x86/include/QtQml/qqml.h;544;5;Critical;1;C and C++;NPD.FUNC.MUST;Error;qmlRegisterSingletonType;1529069522;Pointer 'listName.ptr' returned from call to function 'QVarLengthArray<char,64>' at line 544 may be NULL and will be dereferenced at line 544.;System;Analyze;C and C++;unowned;26;;
----------------------------------------

It seems QVarLengthArray is assumed to success allocating memory.

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Erik Verbruggen

Reporter:: Karim Pinter (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 09 Nov '16 14:26

Updated:: 08 Mar '17 10:41

Resolved:: 08 Mar '17 10:41

Gerrit Reviews

There are no open Gerrit changes

Show There is 1 closed Gerrit change

Hide There is 1 closed Gerrit change

QML: Check for failing realloc/malloc in the QmlJS memory pool: Gerrit Review: