Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-100026

[REG 6.2 -> 6.3] Crash in QSslCertificate

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P1: Critical
    • 6.3.0
    • 6.3, 6.4
    • Network: SSL
    • Ubuntu 20.04 LTS
      clang 10.0.0
      libssl-dev 1.1.1f-1ubuntu2.10
    • cf08be30f3 (qt/qtbase/6.3) cf08be30f3 (qt/tqtc-qtbase/6.3) 6c6b342061 (qt/qtbase/dev)

    Description

      1. Have a build of qtbase configured with "-sanitize address" and using OpenSSL.
      2. Build the attached project.
        qt-cmake -S /tmp/report/ && cmake --build .
        
      3. Run the resulting program.
        The address sanitizer reports:
        AddressSanitizer:DEADLYSIGNAL
        =================================================================
        ==83765==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x000000a6524b bp 0x7ffd99a8a3d0 sp 0x7ffd99a8a370 T0)
        ==83765==The signal is caused by a READ memory access.
        ==83765==Hint: address points to the zero page.
            #0 0xa6524b in auto QtPrivate::sequential_erase<QList<QFactoryLoader*>, QFactoryLoader*>(QList<QFactoryLoader*>&, QFactoryLoader* const&) (/tmp/build-report/report+0xa6524b)
            #1 0xa5ef16 in QFactoryLoader::~QFactoryLoader() (/tmp/build-report/report+0xa5ef16)
            #2 0x123bfdd in QtGlobalStatic::ApplicationHolder<(anonymous namespace)::Q_QAS_loader>::~ApplicationHolder() (/tmp/build-report/report+0x123bfdd)
            #3 0x7fef5bc58a26 in __run_exit_handlers /build/glibc-eX1tMB/glibc-2.31/stdlib/exit.c:108:8
            #4 0x7fef5bc58bdf in exit /build/glibc-eX1tMB/glibc-2.31/stdlib/exit.c:139:3
            #5 0x7fef5bc360b9 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:342:3
            #6 0x4279fd in _start (/tmp/build-report/report+0x4279fd)
        
        AddressSanitizer can not provide additional info.
        SUMMARY: AddressSanitizer: SEGV (/tmp/build-report/report+0xa6524b) in auto QtPrivate::sequential_erase<QList<QFactoryLoader*>, QFactoryLoader*>(QList<QFactoryLoader*>&, QFactoryLoader* const&)
        ==83765==ABORTING
        

      Google's oss-fuzz found this as issue 43778. The attached detailed report provides further information.

      Attachments

        1. CMakeLists.txt
          0.3 kB
        2. details.html
          1.79 MB
        3. main.cpp
          0.1 kB
        For Gerrit Dashboard: QTBUG-100026
        # Subject Branch Project Status CR V

        Activity

          People

            manordheim Mårten Nordheim
            rlohning Robert Löhning
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes