Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-104421

tst_qthread terminateAndPrematureDestruction() ERROR: AddressSanitizer: stack-buffer-underflow

    XMLWordPrintable

Details

    • ea4d6b987a (qt/qtbase/dev) c7ded1398b (qt/qtbase/6.3) c7ded1398b (qt/tqtc-qtbase/6.3) 46d0d8e300 (qt/qtbase/6.4) 46d0d8e300 (qt/tqtc-qtbase/6.4)

    Description

      tests/auto/corelib/thread/qthread/tst_qthread terminateAndPrematureDestruction
********* Start testing of tst_QThread *********
Config: Using QtTest library 6.5.0, Qt 6.5.0 (x86_64-little_endian-lp64 shared (dynamic) debug build; by GCC 9.3.1 20200406 [revision 6db837a5288ee3ca5ec504fbd5a765817e556ac2]), opensuse-leap 15.3
PASS   : tst_QThread::initTestCase()
=================================================================

      ==24039==ERROR: AddressSanitizer: stack-buffer-underflow on address 0x7f3c1d7858b0 at pc 0x7f3c243d8918 bp 0x7f3c1d7857f0 sp 0x7f3c1d7857e8

      WRITE of size 4 at 0x7f3c1d7858b0 thread T2 (WaitToRun_Threa)

          #0 0x7f3c243d8917  (/home/qt/work/install/lib/libQt6Core.so.6+0x227917)
    #1 0x7f3c243d8a32  (/home/qt/work/install/lib/libQt6Core.so.6+0x227a32)
    #2 0x7f3c24595fa3  (/home/qt/work/install/lib/libQt6Core.so.6+0x3e4fa3)
    #3 0x7f3c24596602 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (/home/qt/work/install/lib/libQt6Core.so.6+0x3e5602)
    #4 0x7f3c24937e22 in QThread::exec() (/home/qt/work/install/lib/libQt6Core.so.6+0x786e22)
    #5 0x493a4b in WaitToRun_Thread::run() /home/qt/work/qt/qtbase/tests/auto/corelib/thread/qthread/tst_qthread.cpp:1732
    #6 0x7f3c24ae4a27  (/home/qt/work/install/lib/libQt6Core.so.6+0x933a27)
    #7 0x7f3c24ae7716  (/home/qt/work/install/lib/libQt6Core.so.6+0x936716)
    #8 0x7f3c24ae4c37  (/home/qt/work/install/lib/libQt6Core.so.6+0x933c37)
    #9 0x7f3c2362c949 in start_thread (/lib64/libpthread.so.0+0x8949)
    #10 0x7f3c2334fd0e in __GI___clone (/lib64/libc.so.6+0x100d0e)

      Address 0x7f3c1d7858b0 is located in stack of thread T2 (WaitToRun_Threa) at offset 32 in frame

          #0 0x7f3c24595ed1  (/home/qt/work/install/lib/libQt6Core.so.6+0x3e4ed1)

      This frame has 1 object(s):

          [32, 64) '<unknown>' <== Memory access at offset 32 is inside this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
      (longjmp and C++ exceptions *are* supported)
Thread T2 (WaitToRun_Threa) created by T0 here:
    #0 0x7f3c25a721d2 in pthread_create (/usr/lib64/libasan.so.5+0x3c1d2)
    #1 0x7f3c24ae66d7 in QThread::start(QThread::Priority) (/home/qt/work/install/lib/libQt6Core.so.6+0x9356d7)
    #2 0x425665 in tst_QThread::terminateAndPrematureDestruction() /home/qt/work/qt/qtbase/tests/auto/corelib/thread/qthread/tst_qthread.cpp:1744
    #3 0x42652c in tst_QThread::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) tests/auto/corelib/thread/qthread/tst_qthread_autogen/include/tst_qthread.moc:262
    #4 0x7f3c245ab7e8 in QMetaMethod::invoke(QObject*, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) const (/home/qt/work/install/lib/libQt6Core.so.6+0x3fa7e8)
    #5 0x7f3c257320be  (/home/qt/work/install/lib/libQt6Test.so.6+0xaa0be)
    #6 0x7f3c257167ba  (/home/qt/work/install/lib/libQt6Test.so.6+0x8e7ba)
    #7 0x7f3c25718e29  (/home/qt/work/install/lib/libQt6Test.so.6+0x90e29)
    #8 0x7f3c2571c324  (/home/qt/work/install/lib/libQt6Test.so.6+0x94324)
    #9 0x7f3c2571f2f3 in QTest::qRun() (/home/qt/work/install/lib/libQt6Test.so.6+0x972f3)
    #10 0x7f3c2571e0bd in QTest::qExec(QObject*, int, char**) (/home/qt/work/install/lib/libQt6Test.so.6+0x960bd)
    #11 0x426128 in main /home/qt/work/qt/qtbase/tests/auto/corelib/thread/qthread/tst_qthread.cpp:1800
    #12 0x7f3c2327434c in __libc_start_main (/lib64/libc.so.6+0x2534c)

      SUMMARY: AddressSanitizer: stack-buffer-underflow (/home/qt/work/install/lib/libQt6Core.so.6+0x227917)

      Shadow bytes around the buggy address:

        0x0fe803ae8ac0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe803ae8ad0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe803ae8ae0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe803ae8af0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe803ae8b00: f1 f1 f1 f1 04 f2 f8 f2 04 f3 f3 f3 00 00 00 00
=>0x0fe803ae8b10: 00 00 f1 f1 f1 f1[f1]f1 f1 f1 f3 f3 f3 f3 00 00
  0x0fe803ae8b20: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f8 f2
  0x0fe803ae8b30: 04 f2 00 00 f2 f2 00 00 00 f2 f2 f2 f2 f2 00 00
  0x0fe803ae8b40: 00 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00
  0x0fe803ae8b50: 00 00 00 00 f1 f1 f1 f1 f1 f1 04 f2 00 00 f2 f2
  0x0fe803ae8b60: 00 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==24039==ABORTING

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            vhilshei Volker Hilsheimer
            jimis Dimitrios Apostolou
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes