Details
-
Bug
-
Resolution: Done
-
P1: Critical
-
None
-
6.0
-
None
-
13
-
Qt6_Foundation_Sprint 19
Description
Building qtbase dev with qmake and clang's asan results in heap-buffer-overflow.
Configure step:
MAKEFLAGS=-j8 ~/work/qt5_qmake/configure -opensource -confirm-license -developer-build -no-optimize-debug -skip qtwebengine -skip qtpim -skip qtsystems -ccache -no-pch -nomake examples -no-headersclean -sanitize address -platform linux-clang
Build step:
make module-qtbase-all
Issue:
make[3]: Entering directory '/home/ag/work/build/qt5_qmake/qtbase/src/gui' /home/ag/work/build/qt5_qmake/qtbase/src/gui/qvkgen_wrapper.sh /home/ag/work/qt5_qmake/qtbase/src/gui/vulkan/vk.xml /home/ag/work/qt5_qmake/qtbase/header.LGPL vulkan/qvulkanfunctions ================================================================= ==29210==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6030000000ef at pc 0x7fdccb269bbc bp 0x7ffd17639f90 sp 0x7ffd17639f88 READ of size 16 at 0x6030000000ef thread T0 #0 0x7fdccb269bbb in aeshash(unsigned char const*, unsigned long, unsigned long) /home/ag/work/qt5_qmake/qtbase/src/corelib/tools/qhash.cpp:491:20 #1 0x7fdccb268ef5 in qHashBits(void const*, unsigned long, unsigned long) /home/ag/work/qt5_qmake/qtbase/src/corelib/tools/qhash.cpp:527:16 #2 0x7fdccb26b0c9 in qHash(QStringView, unsigned long) /home/ag/work/qt5_qmake/qtbase/src/corelib/tools/qhash.cpp:547:12 #3 0x7fdccc0ecfe2 in QHashPrivate::Data<QHashPrivate::Node<QStringView, QXmlStreamReaderPrivate::Entity> >::find(QStringView const&) const /home/ag/work/build/qt5_qmake/qtbase/src/corelib/../../include/QtCore/../../../../../qt5_qmake/qtbase/src/corelib/tools/qhash.h:554:23 #4 0x7fdccc0ee6ec in QHashPrivate::Data<QHashPrivate::Node<QStringView, QXmlStreamReaderPrivate::Entity> >::findOrInsert(QStringView const&) /home/ag/work/build/qt5_qmake/qtbase/src/corelib/../../include/QtCore/../../../../../qt5_qmake/qtbase/src/corelib/tools/qhash.h:595:23 #5 0x7fdccc0ee23b in QHash<QStringView, QXmlStreamReaderPrivate::Entity>::iterator QHash<QStringView, QXmlStreamReaderPrivate::Entity>::emplace<QXmlStreamReaderPrivate::Entity const&>(QStringView&&, QXmlStreamReaderPrivate::Entity const&) /home/ag/work/build/qt5_qmake/qtbase/src/corelib/../../include/QtCore/../../../../../qt5_qmake/qtbase/src/corelib/tools/qhash.h:1134:26 #6 0x7fdccc0edf62 in QHash<QStringView, QXmlStreamReaderPrivate::Entity>::iterator QHash<QStringView, QXmlStreamReaderPrivate::Entity>::emplace<QXmlStreamReaderPrivate::Entity const&>(QStringView const&, QXmlStreamReaderPrivate::Entity const&) /home/ag/work/build/qt5_qmake/qtbase/src/corelib/../../include/QtCore/../../../../../qt5_qmake/qtbase/src/corelib/tools/qhash.h:1126:16 #7 0x7fdccc0d2bde in QHash<QStringView, QXmlStreamReaderPrivate::Entity>::insert(QStringView const&, QXmlStreamReaderPrivate::Entity const&) /home/ag/work/build/qt5_qmake/qtbase/src/corelib/../../include/QtCore/../../../../../qt5_qmake/qtbase/src/corelib/tools/qhash.h:1104:16 #8 0x7fdccc0b8d4e in QXmlStreamReaderPrivate::QXmlStreamReaderPrivate(QXmlStreamReader*) /home/ag/work/qt5_qmake/qtbase/src/corelib/serialization/qxmlstream.cpp:809:5 #9 0x7fdccc0b3b57 in QXmlStreamReader::QXmlStreamReader() /home/ag/work/qt5_qmake/qtbase/src/corelib/serialization/qxmlstream.cpp:397:17 #10 0x4d74dd in VkSpecParser::VkSpecParser() /home/ag/work/qt5_qmake/qtbase/src/tools/qvkgen/qvkgen.cpp:35:7 #11 0x4d2b72 in main /home/ag/work/qt5_qmake/qtbase/src/tools/qvkgen/qvkgen.cpp:492:18 #12 0x7fdcc9a56b96 in __libc_start_main /build/glibc-2ORdQG/glibc-2.27/csu/../csu/libc-start.c:310 #13 0x41d2b9 in _start (/home/ag/work/build/qt5_qmake/qtbase/bin/qvkgen+0x41d2b9) 0x6030000000ef is located 9 bytes to the right of 22-byte region [0x6030000000d0,0x6030000000e6) allocated by thread T0 here: #0 0x4959fd in malloc (/home/ag/work/build/qt5_qmake/qtbase/bin/qvkgen+0x4959fd) #1 0x7fdccb157357 in allocateData(long long, unsigned int) /home/ag/work/qt5_qmake/qtbase/src/corelib/tools/qarraydata.cpp:178:52 #2 0x7fdccb156b4e in QArrayData::allocate(QArrayData**, long long, long long, long long, QFlags<QArrayData::ArrayOption>) /home/ag/work/qt5_qmake/qtbase/src/corelib/tools/qarraydata.cpp:218:26 #3 0x7fdccb4aca23 in QTypedArrayData<char16_t>::allocate(long long, QFlags<QArrayData::ArrayOption>) /home/ag/work/build/qt5_qmake/qtbase/src/corelib/../../include/QtCore/../../../../../qt5_qmake/qtbase/src/corelib/tools/qarraydata.h:216:24 #4 0x7fdccb46a0e2 in QString::fromLatin1_helper(char const*, long long) /home/ag/work/qt5_qmake/qtbase/src/corelib/text/qstring.cpp:5146:25 #5 0x7fdccb0332a0 in QString::QString(QLatin1String) /home/ag/work/build/qt5_qmake/qtbase/src/corelib/../../include/QtCore/../../../../../qt5_qmake/qtbase/src/corelib/text/qstring.h:1061:52 #6 0x7fdccc0d892f in QXmlStreamReaderPrivate::Entity::createLiteral(QLatin1String, QLatin1String) /home/ag/work/qt5_qmake/qtbase/src/corelib/serialization/qxmlstream_p.h:263:29 #7 0x7fdccc0b8c6f in QXmlStreamReaderPrivate::QXmlStreamReaderPrivate(QXmlStreamReader*) /home/ag/work/qt5_qmake/qtbase/src/corelib/serialization/qxmlstream.cpp:809:5 #8 0x7fdccc0b3b57 in QXmlStreamReader::QXmlStreamReader() /home/ag/work/qt5_qmake/qtbase/src/corelib/serialization/qxmlstream.cpp:397:17 #9 0x4d74dd in VkSpecParser::VkSpecParser() /home/ag/work/qt5_qmake/qtbase/src/tools/qvkgen/qvkgen.cpp:35:7 #10 0x4d2b72 in main /home/ag/work/qt5_qmake/qtbase/src/tools/qvkgen/qvkgen.cpp:492:18 #11 0x7fdcc9a56b96 in __libc_start_main /build/glibc-2ORdQG/glibc-2.27/csu/../csu/libc-start.c:310 SUMMARY: AddressSanitizer: heap-buffer-overflow /home/ag/work/qt5_qmake/qtbase/src/corelib/tools/qhash.cpp:491:20 in aeshash(unsigned char const*, unsigned long, unsigned long) Shadow bytes around the buggy address: 0x0c067fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c067fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c067fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c067fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c067fff8000: fa fa 00 00 00 00 fa fa 00 00 00 00 fa fa fd fd =>0x0c067fff8010: fd fd fa fa 00 00 00 00 fa fa 00 00 06[fa]fa fa 0x0c067fff8020: 00 00 04 fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c067fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c067fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c067fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c067fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==29210==ABORTING Makefile:1708: recipe for target 'vulkan/qvulkanfunctions.h' failed make[3]: *** [vulkan/qvulkanfunctions.h] Error 1
Attachments
Issue Links
- relates to
-
-
- Closed
-
| For Gerrit Dashboard: QTBUG-87112 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 316032,4 | Do not use QHash's aeshash() under Clang's sanitizer | dev | qt/qtbase | Status: MERGED | +2 | 0 |