Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-105246

AddressSanitizer unknown-crash in qsb, when generating alias_texture.frag.qsb

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • P2: Important
    • None
    • 6.x
    • Qt Shader Tools
    • None
    • Visual Studio v17.2.6; cl.exe 19.32.31332; qtbase commit 57be602fde; qtshadertools commit 75d7310
    • Windows

    Description

      Configured with:

      ..\qt_git\configure.bat -debug -shared -developer-build -c++std c++17 -sanitize address -submodules qtbase,qtdeclarative

      The crash:

      [6650/12435] Generating .qsb/x/y/z/alias_texture.frag.qsb
FAILED: qtshadertools/tests/auto/buildtimeqsb/.qsb/x/y/z/alias_texture.frag.qsb C:/qt_build/qtshadertools/tests/auto/buildtimeqsb/.qsb/x/y/z/alias_texture.frag.qsb
cmd.exe /C "cd /D C:\qt_build\qtshadertools\tests\auto\buildtimeqsb && C:\qt_build\qtbase\bin\qsb.exe --glsl 100es,120,150 --hlsl 50 --msl 12 -o C:/qt_build/qtshadertools/tests/auto/buildtimeqsb/.qsb/x/y/z/alias_texture.frag.qsb C:/qt_git/qtshadertools/tests/auto/buildtimeqsb/subdir/texture.frag"
=================================================================
==18660==ERROR: AddressSanitizer: unknown-crash on address 0x1214b1b7d77c at pc 0x7ffb84acad92 bp 0x0002dfd683c0 sp 0x0002dfd683c8
READ of size 1 at 0x1214b1b7d77c thread T0
    #0 0x7ffb84acad91 in QtShaderTools::glslang::TAllocation::checkGuardBlock(unsigned char *, unsigned char, char const *) const C:\qt_git\qtshadertools\src\3rdparty\glslang\glslang\MachineIndependent\PoolAlloc.cpp:162
    #1 0x7ffb84acfba4 in QtShaderTools::glslang::TAllocation::check(void) const C:\qt_git\qtshadertools\src\3rdparty\glslang\glslang\Include\PoolAlloc.h:94
    #2 0x7ffb84acabfd in QtShaderTools::glslang::TAllocation::checkAllocList(void) const C:\qt_git\qtshadertools\src\3rdparty\glslang\glslang\MachineIndependent\PoolAlloc.cpp:313
    #3 0x7ffb84ace7d0 in QtShaderTools::glslang::TPoolAllocator::tHeader::~tHeader(void) C:\qt_git\qtshadertools\src\3rdparty\glslang\glslang\Include\PoolAlloc.h:200
    #4 0x7ffb84ace7f6 in QtShaderTools::glslang::TPoolAllocator::tHeader::`scalar deleting dtor'(unsigned int) C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.32.31326\include\vector:552
    #5 0x7ffb84acb59d in QtShaderTools::glslang::TPoolAllocator::~TPoolAllocator(void) C:\qt_git\qtshadertools\src\3rdparty\glslang\glslang\MachineIndependent\PoolAlloc.cpp:122
    #6 0x7ffb84ab2696 in QtShaderTools::glslang::TPoolAllocator::`scalar deleting dtor'(unsigned int) (C:\qt_build\qtbase\bin\Qt6ShaderToolsd.dll+0x1807f2696)
    #7 0x7ffb84a7cb0b in QtShaderTools::glslang::TShader::~TShader(void) C:\qt_git\qtshadertools\src\3rdparty\glslang\glslang\MachineIndependent\ShaderLang.cpp:1770
    #8 0x7ffb842f9d5e in QSpirvCompilerPrivate::compile(void) C:\qt_git\qtshadertools\src\shadertools\qspirvcompiler.cpp:282
    #9 0x7ffb842f813d in QSpirvCompiler::compileToSpirv(void) C:\qt_git\qtshadertools\src\shadertools\qspirvcompiler.cpp:380
    #10 0x7ffb842cb323 in QShaderBakerPrivate::compile(void) C:\qt_git\qtshadertools\src\shadertools\qshaderbaker.cpp:400
    #11 0x7ffb842cd114 in `QShaderBaker::bake'::`2'::<lambda_1>::operator() C:\qt_git\qtshadertools\src\shadertools\qshaderbaker.cpp:481
    #12 0x7ffb842c8605 in QShaderBaker::bake(void) C:\qt_git\qtshadertools\src\shadertools\qshaderbaker.cpp:492
    #13 0x7ff67892456c in main C:\qt_git\qtshadertools\tools\qsb\qsb.cpp:629
    #14 0x7ff678949c58 in invoke_main D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:78
    #15 0x7ff678949bad in __scrt_common_main_seh D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288
    #16 0x7ff678949a6d in __scrt_common_main D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:330
    #17 0x7ff678949ccd in mainCRTStartup D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_main.cpp:16
    #18 0x7ffc068b7033  (C:\Windows\System32\KERNEL32.DLL+0x180017033)
    #19 0x7ffc06a82650  (C:\Windows\SYSTEM32\ntdll.dll+0x180052650)

0x1214b1b7d77c is located 1660 bytes inside of 8192-byte region [0x1214b1b7d100,0x1214b1b7f100)
allocated by thread T0 here:
    #0 0x7ffb84fe7023 in operator new[](unsigned __int64) D:\a\_work\1\s\src\vctools\crt\asan\llvm\compiler-rt\lib\asan\asan_win_new_array_thunk.cpp:42
    #1 0x7ffb84acc97e in QtShaderTools::glslang::TPoolAllocator::allocate(unsigned __int64) C:\qt_git\qtshadertools\src\3rdparty\glslang\glslang\MachineIndependent\PoolAlloc.cpp:292
    #2 0x7ffb84ac24ef in QtShaderTools::glslang::pool_allocator<struct std::_Container_proxy>::allocate(unsigned __int64) C:\qt_git\qtshadertools\src\3rdparty\glslang\glslang\Include\PoolAlloc.h:289
    #3 0x7ffb84aa1d44 in std::_Container_proxy_ptr12<class QtShaderTools::glslang::pool_allocator<struct std::_Container_proxy>>::_Container_proxy_ptr12<class QtShaderTools::glslang::pool_allocator<struct std::_Container_proxy>>(class QtShaderTools::glslang::pool_allocator<struct std::_Container_proxy> &, struct std::_Container_base12 &) C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.32.31326\include\xmemory:1322
    #4 0x7ffb84aa5864 in std::basic_string<char, struct std::char_traits<char>, class QtShaderTools::glslang::pool_allocator<char>>::basic_string<char, struct std::char_traits<char>, class QtShaderTools::glslang::pool_allocator<char>>(char const *const) C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.32.31326\include\xstring:2534
    #5 0x7ffb84add147 in QtShaderTools::glslang::TParseVersions::getExtensionBehavior(char const *) C:\qt_git\qtshadertools\src\3rdparty\glslang\glslang\MachineIndependent\Versions.cpp:815
    #6 0x7ffb84add43f in QtShaderTools::glslang::TParseVersions::extensionTurnedOn(char const *const) C:\qt_git\qtshadertools\src\3rdparty\glslang\glslang\MachineIndependent\Versions.cpp:825
    #7 0x7ffb84c48233 in QtShaderTools::glslang::TParseContext::findFunction(struct QtShaderTools::glslang::TSourceLoc const &, class QtShaderTools::glslang::TFunction const &, bool &) C:\qt_git\qtshadertools\src\3rdparty\glslang\glslang\MachineIndependent\ParseHelper.cpp:6268
    #8 0x7ffb84c104c2 in QtShaderTools::glslang::TParseContext::handleFunctionCall(struct QtShaderTools::glslang::TSourceLoc const &, class QtShaderTools::glslang::TFunction *, class QtShaderTools::TIntermNode *) C:\qt_git\qtshadertools\src\3rdparty\glslang\glslang\MachineIndependent\ParseHelper.cpp:1159
    #9 0x7ffb84db032c in QtShaderTools::yyparse(class QtShaderTools::glslang::TParseContext *) C:\qt_build\MachineIndependent\glslang.y:473
    #10 0x7ffb84c02178 in QtShaderTools::glslang::TParseContext::parseShaderStrings(class QtShaderTools::glslang::TPpContext &, class QtShaderTools::glslang::TInputScanner &, bool) C:\qt_git\qtshadertools\src\3rdparty\glslang\glslang\MachineIndependent\ParseHelper.cpp:207
    #11 0x7ffb84a89e5c in `anonymous namespace'::DoFullParse::operator() C:\qt_git\qtshadertools\src\3rdparty\glslang\glslang\MachineIndependent\ShaderLang.cpp:1227
    #12 0x7ffb84a9080a in `anonymous namespace'::ProcessDeferred<`anonymous namespace'::DoFullParse> C:\qt_git\qtshadertools\src\3rdparty\glslang\glslang\MachineIndependent\ShaderLang.cpp:1011
    #13 0x7ffb84a8a576 in `anonymous namespace'::CompileDeferred C:\qt_git\qtshadertools\src\3rdparty\glslang\glslang\MachineIndependent\ShaderLang.cpp:1315
    #14 0x7ffb84a7e011 in QtShaderTools::glslang::TShader::parse(struct TBuiltInResource const *, int, enum EProfile, bool, bool, enum EShMessages, class QtShaderTools::glslang::TShader::Includer &) C:\qt_git\qtshadertools\src\3rdparty\glslang\glslang\MachineIndependent\ShaderLang.cpp:1882
    #15 0x7ffb84301fd1 in QtShaderTools::glslang::TShader::parse(struct TBuiltInResource const *, int, bool, enum EShMessages, class QtShaderTools::glslang::TShader::Includer &) C:\qt_git\qtshadertools\src\3rdparty\glslang\glslang\Public\ShaderLang.h:648
    #16 0x7ffb842f926a in QSpirvCompilerPrivate::compile(void) C:\qt_git\qtshadertools\src\shadertools\qspirvcompiler.cpp:253
    #17 0x7ffb842f813d in QSpirvCompiler::compileToSpirv(void) C:\qt_git\qtshadertools\src\shadertools\qspirvcompiler.cpp:380
    #18 0x7ffb842cb323 in QShaderBakerPrivate::compile(void) C:\qt_git\qtshadertools\src\shadertools\qshaderbaker.cpp:400
    #19 0x7ffb842cd114 in `QShaderBaker::bake'::`2'::<lambda_1>::operator() C:\qt_git\qtshadertools\src\shadertools\qshaderbaker.cpp:481
    #20 0x7ffb842c8605 in QShaderBaker::bake(void) C:\qt_git\qtshadertools\src\shadertools\qshaderbaker.cpp:492
    #21 0x7ff67892456c in main C:\qt_git\qtshadertools\tools\qsb\qsb.cpp:629
    #22 0x7ff678949c58 in invoke_main D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:78
    #23 0x7ff678949bad in __scrt_common_main_seh D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288
    #24 0x7ff678949a6d in __scrt_common_main D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:330
    #25 0x7ff678949ccd in mainCRTStartup D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_main.cpp:16
    #26 0x7ffc068b7033  (C:\Windows\System32\KERNEL32.DLL+0x180017033)
    #27 0x7ffc06a82650  (C:\Windows\SYSTEM32\ntdll.dll+0x180052650)

SUMMARY: AddressSanitizer: unknown-crash C:\qt_git\qtshadertools\src\3rdparty\glslang\glslang\MachineIndependent\PoolAlloc.cpp:162 in QtShaderTools::glslang::TAllocation::checkGuardBlock(unsigned char *, unsigned char, char const *) const
Shadow bytes around the buggy address:
  0x040d456efa90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x040d456efaa0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x040d456efab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x040d456efac0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x040d456efad0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x040d456efae0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00[04]
  0x040d456efaf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x040d456efb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x040d456efb10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x040d456efb20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x040d456efb30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==18660==ABORTING
[6659/12435] Generating qqmljsgrammar.cpp, qqmljsgrammar_p.h, qqmljsparser_p.h, qqmljsparser.cpp
ninja: build stopped: subcommand failed.

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-106100 Building QtDeclarative with -sanitize address fails on Windows

          • P2: Important - Urgent, should be fixed, but will not stop the release.
          • Closed
          mentioned in

          Page Loading...

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              lagocs Laszlo Agocs
              jkauffmann Johannes Kauffmann
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes