Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-94068

Undefined behavior

    XMLWordPrintable

Details

    • aa7a10ce8b062bad4df40afc63d2fea34744a2fb b42953cc207af942f3f2e9948fb83e605fdde000

    Description

      1. Configure Qt with "-sanitize undefined".
      2. Build Qt.
      3. Build the attached project using this build of Qt: 
        #include <QCoreApplication>
#include <QJSEngine>

int main(int argc, char *argv[]) {
    QCoreApplication a(argc, argv);
    QJSEngine().evaluate("function a(){a(a&a+a)}a()");
    return 0;
}
      4. Run the resulting program.
        You will see output like: 
        qtbase/include/QtQml/../../../../../src/qt-dev-base_declarative_svg-05.20/qtdeclarative/src/qml/common/qjsnumbercoercion.h:52:34: runtime error: nan is outside the range of representable values of type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior qtbase/include/QtQml/../../../../../src/qt-dev-base_declarative_svg-05.20/qtdeclarative/src/qml/common/qjsnumbercoercion.h:52:34 in 
/home/qtrob/dev/src/qt-dev-base_declarative_svg-05.20/qtdeclarative/src/qml/jit/qv4baselineassembler.cpp:310:13: runtime error: load of value 4294967295, which is not a valid value for type 'JSC::MacroAssembler<JSC::MacroAssemblerX86_64>::RegisterID' (aka 'JSC::X86Registers::RegisterID')
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/qtrob/dev/src/qt-dev-base_declarative_svg-05.20/qtdeclarative/src/qml/jit/qv4baselineassembler.cpp:310:13 in 
qtbase/include/QtQml/../../../../../src/qt-dev-base_declarative_svg-05.20/qtdeclarative/src/qml/common/qjsnumbercoercion.h:52:34: runtime error: nan is outside the range of representable values of type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior qtbase/include/QtQml/../../../../../src/qt-dev-base_declarative_svg-05.20/qtdeclarative/src/qml/common/qjsnumbercoercion.h:52:34 in

      Attachments

        1. main.cpp
          0.2 kB
        2. report.pro
          0.1 kB

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-74058 Invalid memory read in QJSEngine::evaluate

          • P1: Critical - Urgent and Important, will STOP the release if matched with set FixVersion field. This includes regressions from the last version that are not edge cases; Data loss; Build issues; All but the most unlikely crashes/lockups/hanging; Serious usability issues and embarrassing bugs & Bugs critical to a deliverable. This is the highest possible priority for requirements.
          • Closed
          For Gerrit Dashboard: QTBUG-94068
          # Subject Branch Project Status CR V
          354487,5 Avoid UB in qjsnumbercoercion.h dev qt/qtdeclarative Status: MERGED +2 0
          354837,2 Avoid UB in qjsnumbercoercion.h 6.2 qt/qtdeclarative Status: MERGED +2 0
          354847,3 Avoid undefined behavior in the JIT dev qt/qtdeclarative Status: MERGED +2 0
          354964,2 Avoid undefined behavior in the JIT 6.2 qt/qtdeclarative Status: MERGED +2 0

          Activity

            People

              ulherman Ulf Hermann
              rlohning Robert Löhning
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes