Details
-
Bug
-
Resolution: Out of scope
-
Not Evaluated
-
None
-
6.5.1, 6.6.0 Beta1
-
None
-
Linux/X11
Description
When building the 'calculatorform' example with fsanitize on Linux Mint [Linux Mint 21.1 Vera base: Ubuntu 22.04 jammy] there is a heap buffer overflow reported when run.
I am using a Linux Virtual Box VM as follows:
VirtualBox VM:System: Kernel: 5.15.0-76-generic x86_64 bits: 64 compiler: gcc v: 11.3.0 Desktop: Cinnamon 5.6.8 tk: GTK 3.24.33 wm: muffin dm: LightDM Distro: Linux Mint 21.1 Vera base: Ubuntu 22.04 jammy
This is the code that I added to calculatorform.pro:
#! [0]
HEADERS = calculatorform.h
#! [0] #! [1]
FORMS = calculatorform.ui
#! [1]
SOURCES = calculatorform.cpp \
main.cpp
QT += widgetstarget.path = $$[QT_INSTALL_EXAMPLES]/designer/calculatorform
INSTALLS += target
CONFIG(debug, debug|release) {
QMAKE_CXXFLAGS += -fsanitize=address -fno-omit-frame-pointer
QMAKE_CFLAGS += -fsanitize=address -fno-omit-frame-pointer
QMAKE_LFLAGS += -fsanitize=address
}
This is the error with Qt6.5.1
13:38:15: Debugging /home/peter/QtCom/Examples/Qt-6.5.1/designer/build-calculatorform-Desktop_Qt_6_5_1_GCC_64bit-Debug/calculatorform ... ================================================================= ==27961==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6030001fd635 at pc 0x7ffff75fbf65 bp 0x7fffffffde80 sp 0x7fffffffd628 READ of size 22 at 0x6030001fd635 thread T0 #0 0x7ffff75fbf64 in __interceptor_strchr ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:708 #1 0x7fffeec02ed3 (/lib/x86_64-linux-gnu/libxcb-cursor.so.0+0x2ed3) #2 0x7fffeec030e4 in xcb_cursor_load_cursor (/lib/x86_64-linux-gnu/libxcb-cursor.so.0+0x30e4) #3 0x7fffefda2828 in QXcbCursor::createFontCursor(int) /home/qt/work/qt/qtbase/src/plugins/platforms/xcb/qxcbcursor.cpp:493 #4 0x7fffefda2f9a in QXcbCursor::changeCursor(QCursor*, QWindow*) /home/qt/work/qt/qtbase/src/plugins/platforms/xcb/qxcbcursor.cpp:327 #5 0x7fffefda2f9a in QXcbCursor::changeCursor(QCursor*, QWindow*) /home/qt/work/qt/qtbase/src/plugins/platforms/xcb/qxcbcursor.cpp:306 #6 0x7ffff66cfd8c in QWindowPrivate::applyCursor() /home/qt/work/qt/qtbase/src/gui/kernel/qwindow.cpp:3011 #7 0x7ffff66d4576 in QWindowPrivate::setCursor(QCursor const*) /home/qt/work/qt/qtbase/src/gui/kernel/qwindow.cpp:2992 #8 0x7ffff7042320 in applyCursor /home/qt/work/qt/qtbase/src/widgets/kernel/qwidget.cpp:5012 #9 0x7ffff7042320 in qt_qpa_set_cursor(QWidget*, bool) /home/qt/work/qt/qtbase/src/widgets/kernel/qwidget.cpp:5050 #10 0x7ffff704bc21 in qt_qpa_set_cursor(QWidget*, bool) /home/qt/work/qt/qtbase/src/widgets/kernel/qwidget.cpp:5023 #11 0x7ffff704bc21 in QWidgetPrivate::show_sys() /home/qt/work/qt/qtbase/src/widgets/kernel/qwidget.cpp:8153 #12 0x7ffff70540ea in QWidgetPrivate::show_helper() /home/qt/work/qt/qtbase/src/widgets/kernel/qwidget.cpp:8079 #13 0x7ffff7056a62 in QWidgetPrivate::setVisible(bool) /home/qt/work/qt/qtbase/src/widgets/kernel/qwidget.cpp:8375 #14 0x5555555622a6 in main ../calculatorform/main.cpp:12 #15 0x7ffff587cd8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 #16 0x7ffff587ce3f in __libc_start_main_impl ../csu/libc-start.c:392 #17 0x5555555598c4 in _start (/home/peter/QtCom/Examples/Qt-6.5.1/designer/build-calculatorform-Desktop_Qt_6_5_1_GCC_64bit-Debug/calculatorform+0x58c4)0x6030001fd635 is located 0 bytes to the right of 21-byte region [0x6030001fd620,0x6030001fd635) allocated by thread T0 here: #0 0x7ffff7672867 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145 #1 0x7fffeec02c38 (/lib/x86_64-linux-gnu/libxcb-cursor.so.0+0x2c38)SUMMARY: AddressSanitizer: heap-buffer-overflow ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:708 in __interceptor_strchr Shadow bytes around the buggy address: 0x0c0680037a70: 00 00 00 00 fa fa fd fd fd fa fa fa 00 00 04 fa 0x0c0680037a80: fa fa fd fd fd fa fa fa 00 00 04 fa fa fa 00 00 0x0c0680037a90: 04 fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa 0x0c0680037aa0: 00 00 00 fa fa fa 00 00 00 00 fa fa 00 00 00 fa 0x0c0680037ab0: fa fa 00 00 00 fa fa fa fd fd fd fd fa fa fd fd =>0x0c0680037ac0: fd fd fa fa 00 00[05]fa fa fa fd fd fd fd fa fa 0x0c0680037ad0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0680037ae0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0680037af0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0680037b00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0680037b10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==27961==ABORTING 13:38:19: Debugging of /home/peter/QtCom/Examples/Qt-6.5.1/designer/build-calculatorform-Desktop_Qt_6_5_1_GCC_64bit-Debug/calculatorform has finished with exit code 1.
This is the error with Qt6.6.0 Beta 1
16:10:59: Debugging /home/peter/QtCom/Examples/Qt-6.5.1/designer/build-calculatorform-Desktop_Qt_6_6_0_GCC_64bit-Debug/calculatorform ... ================================================================= ==3307==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6030001fd5a5 at pc 0x7ffff75fbf65 bp 0x7fffffffde80 sp 0x7fffffffd628 READ of size 22 at 0x6030001fd5a5 thread T0 #0 0x7ffff75fbf64 in __interceptor_strchr ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:708 #1 0x7fffeec02ed3 (/lib/x86_64-linux-gnu/libxcb-cursor.so.0+0x2ed3) #2 0x7fffeec030e4 in xcb_cursor_load_cursor (/lib/x86_64-linux-gnu/libxcb-cursor.so.0+0x30e4) #3 0x7fffefda35d8 in QXcbCursor::createFontCursor(int) /home/qt/work/qt/qtbase/src/plugins/platforms/xcb/qxcbcursor.cpp:493 #4 0x7fffefda3d32 in QXcbCursor::changeCursor(QCursor*, QWindow*) /home/qt/work/qt/qtbase/src/plugins/platforms/xcb/qxcbcursor.cpp:327 #5 0x7fffefda3d32 in QXcbCursor::changeCursor(QCursor*, QWindow*) /home/qt/work/qt/qtbase/src/plugins/platforms/xcb/qxcbcursor.cpp:306 #6 0x7ffff66dd6cc in QWindowPrivate::applyCursor() /home/qt/work/qt/qtbase/src/gui/kernel/qwindow.cpp:3035 #7 0x7ffff66e1ef6 in QWindowPrivate::setCursor(QCursor const*) /home/qt/work/qt/qtbase/src/gui/kernel/qwindow.cpp:3016 #8 0x7ffff704c070 in applyCursor /home/qt/work/qt/qtbase/src/widgets/kernel/qwidget.cpp:5012 #9 0x7ffff704c070 in qt_qpa_set_cursor(QWidget*, bool) /home/qt/work/qt/qtbase/src/widgets/kernel/qwidget.cpp:5050 #10 0x7ffff70557c1 in qt_qpa_set_cursor(QWidget*, bool) /home/qt/work/qt/qtbase/src/widgets/kernel/qwidget.cpp:5023 #11 0x7ffff70557c1 in QWidgetPrivate::show_sys() /home/qt/work/qt/qtbase/src/widgets/kernel/qwidget.cpp:8177 #12 0x7ffff705dbea in QWidgetPrivate::show_helper() /home/qt/work/qt/qtbase/src/widgets/kernel/qwidget.cpp:8103 #13 0x7ffff7060542 in QWidgetPrivate::setVisible(bool) /home/qt/work/qt/qtbase/src/widgets/kernel/qwidget.cpp:8399 #14 0x555555562462 in main ../calculatorform/main.cpp:12 #15 0x7ffff5855d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 #16 0x7ffff5855e3f in __libc_start_main_impl ../csu/libc-start.c:392 #17 0x5555555598e4 in _start (/home/peter/QtCom/Examples/Qt-6.5.1/designer/build-calculatorform-Desktop_Qt_6_6_0_GCC_64bit-Debug/calculatorform+0x58e4)0x6030001fd5a5 is located 0 bytes to the right of 21-byte region [0x6030001fd590,0x6030001fd5a5) allocated by thread T0 here: #0 0x7ffff7672867 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145 #1 0x7fffeec02c38 (/lib/x86_64-linux-gnu/libxcb-cursor.so.0+0x2c38)SUMMARY: AddressSanitizer: heap-buffer-overflow ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:708 in __interceptor_strchr Shadow bytes around the buggy address: 0x0c0680037a60: 00 00 fa fa fd fd fd fa fa fa 00 00 04 fa fa fa 0x0c0680037a70: fd fd fd fa fa fa 00 00 04 fa fa fa 00 00 04 fa 0x0c0680037a80: fa fa fd fd fd fa fa fa fd fd fd fa fa fa 00 00 0x0c0680037a90: 00 fa fa fa 00 00 00 00 fa fa 00 00 00 fa fa fa 0x0c0680037aa0: 00 00 00 fa fa fa fd fd fd fd fa fa fd fd fd fd =>0x0c0680037ab0: fa fa 00 00[05]fa fa fa fd fd fd fd fa fa fa fa 0x0c0680037ac0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0680037ad0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0680037ae0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0680037af0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0680037b00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==3307==ABORTING 16:11:13: Debugging of /home/peter/QtCom/Examples/Qt-6.5.1/designer/build-calculatorform-Desktop_Qt_6_6_0_GCC_64bit-Debug/calculatorform has finished with exit code 1.
I hope this helps.
Regards
Peter