Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-91916

[REG 6.1 -> 6.2] Memory leak in QPainterPath

    XMLWordPrintable

Details

    • 2409e9b2c7ca433ac1183efb763fdb99edf59235 (qt/qtbase/dev)

    Description

      1. Build qtbase and qtsvg configured with "-sanitize address".
      2. Use this to build the attached project.
      3. Run the resulting program passing the attached input file:
        ./report input.svg
        

        You will see output like:

        =================================================================
        ==62328==ERROR: LeakSanitizer: detected memory leaks
        
        Direct leak of 120 byte(s) in 1 object(s) allocated from:
            #0 0x7f99fb065947 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x10f947)
            #1 0x7f99f9c990a5 in QPainterPath::ensureData_helper() (/tmp/qt-bisect/build/qtbase/lib/libQt6Gui.so.6+0x8f50a5)
            #2 0x7f99f9c9a4f4 in QPainterPath::setFillRule(Qt::FillRule) (/tmp/qt-bisect/build/qtbase/lib/libQt6Gui.so.6+0x8f64f4)
            #3 0x7f99efcaa649 in createPathNode(QSvgNode*, QXmlStreamAttributes const&, QSvgHandler*) (/tmp/qt-bisect/build/qtbase/plugins/imageformats/../../lib/libQt6Svg.so.6+0x7f649)
            #4 0x7f99efcded5a in QSvgHandler::startElement(QString const&, QXmlStreamAttributes const&) (/tmp/qt-bisect/build/qtbase/plugins/imageformats/../../lib/libQt6Svg.so.6+0xb3d5a)
            #5 0x7f99efcef071 in QSvgHandler::parse() (/tmp/qt-bisect/build/qtbase/plugins/imageformats/../../lib/libQt6Svg.so.6+0xc4071)
            #6 0x7f99efcef74b in QSvgHandler::init() (/tmp/qt-bisect/build/qtbase/plugins/imageformats/../../lib/libQt6Svg.so.6+0xc474b)
            #7 0x7f99efcefb98 in QSvgHandler::QSvgHandler(QIODevice*) (/tmp/qt-bisect/build/qtbase/plugins/imageformats/../../lib/libQt6Svg.so.6+0xc4b98)
            #8 0x7f99efd3d1a2 in QSvgTinyDocument::load(QByteArray const&) (/tmp/qt-bisect/build/qtbase/plugins/imageformats/../../lib/libQt6Svg.so.6+0x1121a2)
            #9 0x7f99efd12e37 in QSvgRenderer::load(QByteArray const&) (/tmp/qt-bisect/build/qtbase/plugins/imageformats/../../lib/libQt6Svg.so.6+0xe7e37)
            #10 0x7f99f1d7fefc in QSvgIOHandlerPrivate::load(QIODevice*) [clone .part.0] (/tmp/qt-bisect/build/qtbase/plugins/imageformats/libqsvg.so+0x8efc)
            #11 0x7f99f1d807ff in QSvgIOHandler::read(QImage*) (/tmp/qt-bisect/build/qtbase/plugins/imageformats/libqsvg.so+0x97ff)
            #12 0x7f99f971f464 in QImageReader::read(QImage*) (/tmp/qt-bisect/build/qtbase/lib/libQt6Gui.so.6+0x37b464)
            #13 0x7f99f97228f8 in QImageReader::read() (/tmp/qt-bisect/build/qtbase/lib/libQt6Gui.so.6+0x37e8f8)
            #14 0x7f99f96e15a8 in QImage::fromData(unsigned char const*, int, char const*) (/tmp/qt-bisect/build/qtbase/lib/libQt6Gui.so.6+0x33d5a8)
            #15 0x7f99f96e1932 in QImage::loadFromData(unsigned char const*, int, char const*) (/tmp/qt-bisect/build/qtbase/lib/libQt6Gui.so.6+0x33d932)
            #16 0x56394fd4c758 in main (/tmp/qt-bisect/test/report+0x1758)
            #17 0x7f99f7eb30b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
        
        Indirect leak of 402 byte(s) in 1 object(s) allocated from:
            #0 0x7f99fb063bc8 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8)
            #1 0x7f99f8b232fd in QArrayData::allocate(QArrayData**, long long, long long, long long, QArrayData::AllocationOption) (/tmp/qt-bisect/build/qtbase/lib/libQt6Core.so.6+0x8a92fd)
            #2 0x7f99f9b452c0 in QList<QPainterPath::Element>::reserve(long long) (/tmp/qt-bisect/build/qtbase/lib/libQt6Gui.so.6+0x7a12c0)
            #3 0x7f99f9c99300 in QPainterPath::ensureData_helper() (/tmp/qt-bisect/build/qtbase/lib/libQt6Gui.so.6+0x8f5300)
            #4 0x7f99f9c9a4f4 in QPainterPath::setFillRule(Qt::FillRule) (/tmp/qt-bisect/build/qtbase/lib/libQt6Gui.so.6+0x8f64f4)
            #5 0x7f99efcaa649 in createPathNode(QSvgNode*, QXmlStreamAttributes const&, QSvgHandler*) (/tmp/qt-bisect/build/qtbase/plugins/imageformats/../../lib/libQt6Svg.so.6+0x7f649)
            #6 0x7f99efcded5a in QSvgHandler::startElement(QString const&, QXmlStreamAttributes const&) (/tmp/qt-bisect/build/qtbase/plugins/imageformats/../../lib/libQt6Svg.so.6+0xb3d5a)
            #7 0x7f99efcef071 in QSvgHandler::parse() (/tmp/qt-bisect/build/qtbase/plugins/imageformats/../../lib/libQt6Svg.so.6+0xc4071)
            #8 0x7f99efcef74b in QSvgHandler::init() (/tmp/qt-bisect/build/qtbase/plugins/imageformats/../../lib/libQt6Svg.so.6+0xc474b)
            #9 0x7f99efcefb98 in QSvgHandler::QSvgHandler(QIODevice*) (/tmp/qt-bisect/build/qtbase/plugins/imageformats/../../lib/libQt6Svg.so.6+0xc4b98)
            #10 0x7f99efd3d1a2 in QSvgTinyDocument::load(QByteArray const&) (/tmp/qt-bisect/build/qtbase/plugins/imageformats/../../lib/libQt6Svg.so.6+0x1121a2)
            #11 0x7f99efd12e37 in QSvgRenderer::load(QByteArray const&) (/tmp/qt-bisect/build/qtbase/plugins/imageformats/../../lib/libQt6Svg.so.6+0xe7e37)
            #12 0x7f99f1d7fefc in QSvgIOHandlerPrivate::load(QIODevice*) [clone .part.0] (/tmp/qt-bisect/build/qtbase/plugins/imageformats/libqsvg.so+0x8efc)
            #13 0x7f99f1d807ff in QSvgIOHandler::read(QImage*) (/tmp/qt-bisect/build/qtbase/plugins/imageformats/libqsvg.so+0x97ff)
            #14 0x7f99f971f464 in QImageReader::read(QImage*) (/tmp/qt-bisect/build/qtbase/lib/libQt6Gui.so.6+0x37b464)
            #15 0x7f99f97228f8 in QImageReader::read() (/tmp/qt-bisect/build/qtbase/lib/libQt6Gui.so.6+0x37e8f8)
            #16 0x7f99f96e15a8 in QImage::fromData(unsigned char const*, int, char const*) (/tmp/qt-bisect/build/qtbase/lib/libQt6Gui.so.6+0x33d5a8)
            #17 0x7f99f96e1932 in QImage::loadFromData(unsigned char const*, int, char const*) (/tmp/qt-bisect/build/qtbase/lib/libQt6Gui.so.6+0x33d932)
            #18 0x56394fd4c758 in main (/tmp/qt-bisect/test/report+0x1758)
            #19 0x7f99f7eb30b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
        
        SUMMARY: AddressSanitizer: 522 byte(s) leaked in 2 allocation(s).
        

      Google tracks this as oss-fuzz issue 31735. They will publish the details on June 3rd.

      Attachments

        1. input.svg
          0.0 kB
        2. main.cpp
          0.2 kB
        3. report.pro
          0.1 kB

        Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              peppe Giuseppe D'Angelo
              rlohning Robert Löhning
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes