Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-100026

[REG 6.2 -> 6.3] Crash in QSslCertificate

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P1: Critical
    • 6.3.0
    • 6.3, 6.4
    • Network: SSL
    • Ubuntu 20.04 LTS
      clang 10.0.0
      libssl-dev 1.1.1f-1ubuntu2.10
    • cf08be30f3 (qt/qtbase/6.3) cf08be30f3 (qt/tqtc-qtbase/6.3) 6c6b342061 (qt/qtbase/dev)

    Description

      1. Have a build of qtbase configured with "-sanitize address" and using OpenSSL.
      2. Build the attached project.
        qt-cmake -S /tmp/report/ && cmake --build .
        
      3. Run the resulting program.
        The address sanitizer reports:
        AddressSanitizer:DEADLYSIGNAL
        =================================================================
        ==83765==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x000000a6524b bp 0x7ffd99a8a3d0 sp 0x7ffd99a8a370 T0)
        ==83765==The signal is caused by a READ memory access.
        ==83765==Hint: address points to the zero page.
            #0 0xa6524b in auto QtPrivate::sequential_erase<QList<QFactoryLoader*>, QFactoryLoader*>(QList<QFactoryLoader*>&, QFactoryLoader* const&) (/tmp/build-report/report+0xa6524b)
            #1 0xa5ef16 in QFactoryLoader::~QFactoryLoader() (/tmp/build-report/report+0xa5ef16)
            #2 0x123bfdd in QtGlobalStatic::ApplicationHolder<(anonymous namespace)::Q_QAS_loader>::~ApplicationHolder() (/tmp/build-report/report+0x123bfdd)
            #3 0x7fef5bc58a26 in __run_exit_handlers /build/glibc-eX1tMB/glibc-2.31/stdlib/exit.c:108:8
            #4 0x7fef5bc58bdf in exit /build/glibc-eX1tMB/glibc-2.31/stdlib/exit.c:139:3
            #5 0x7fef5bc360b9 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:342:3
            #6 0x4279fd in _start (/tmp/build-report/report+0x4279fd)
        
        AddressSanitizer can not provide additional info.
        SUMMARY: AddressSanitizer: SEGV (/tmp/build-report/report+0xa6524b) in auto QtPrivate::sequential_erase<QList<QFactoryLoader*>, QFactoryLoader*>(QList<QFactoryLoader*>&, QFactoryLoader* const&)
        ==83765==ABORTING
        

      Google's oss-fuzz found this as issue 43778. The attached detailed report provides further information.

      Attachments

        1. main.cpp
          0.1 kB
        2. details.html
          1.79 MB
        3. CMakeLists.txt
          0.3 kB
        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            manordheim Mårten Nordheim
            rlohning Robert Löhning
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes