Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-115752

stack-use-after-return in tst_assetimport

    XMLWordPrintable

Details

    • Linux/X11
    • 6258cbd45 (6.5), d4a6c8108 (6.6), bb4e6d908 (6.6.0), ba33685ad (tqtc/lts-6.2)

    Description

      ********* Start testing of tst_assetimport *********
Config: Using QtTest library 6.7.0, Qt 6.7.0 (x86_64-little_endian-lp64 shared (dynamic) debug build; by Ubuntu Clang 16.0.6 (++20230710042046+7cbf1a259152-1~exp1~20230710162136.105)), ubuntu 20.04
PASS   : tst_assetimport::initTestCase()
=================================================================
==703186==ERROR: AddressSanitizer: stack-use-after-return on address 0x7f078fe928a0 at pc 0x55ae12afd2fd bp 0x7ffe865c75b0 sp 0x7ffe865c6d78
READ of size 8 at 0x7f078fe928a0 thread T0
    #0 0x55ae12afd2fc in __asan_memcpy (/home/sanitizer-runs/sanitizer_runs/build/qtquick3d-asan/tests/auto/assetimport/tst_qquick3dassetimport+0xb82fc) (BuildId: 0fbc7e2fcf8de760002eff5b87c1e71871c2436b)
    #1 0x7f07958dde59 in QtPrivate::QPodArrayOps<char>::copyAppend(char const*, char const*) /home/sanitizer-runs/sanitizer_runs/build/qtbase-asan/include/QtCore/../../../../../../cc-runs/src/qt/qt5/qtbase/src/corelib/tools/qarraydataops.h:64:9
    #2 0x7f07958e0511 in QArrayDataPointer<char>::reallocateAndGrow(QArrayData::GrowthPosition, long long, QArrayDataPointer<char>*) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/atomic_base.h
    #3 0x7f07958ddf84 in QArrayDataPointer<char>::detachAndGrow(QArrayData::GrowthPosition, long long, char const**, QArrayDataPointer<char>*) /home/sanitizer-runs/sanitizer_runs/build/qtbase-asan/include/QtCore/../../../../../../cc-runs/src/qt/qt5/qtbase/src/corelib/tools/qarraydatapointer.h:203:13
    #4 0x7f07958d0725 in QByteArray::insert(long long, QByteArrayView) /home/cc-runs/src/qt/qt5/qtbase/src/corelib/text/qbytearray.cpp:2213:11
    #5 0x7f07958cfcbe in QByteArray::append(QByteArrayView) /home/cc-runs/src/qt/qt5/qtbase/src/corelib/text/qbytearray.h:235:14
    #6 0x7f07958cfcbe in QByteArray::append(QByteArray const&) /home/cc-runs/src/qt/qt5/qtbase/src/corelib/text/qbytearray.cpp:2051:13
    #7 0x7f078cef3e2c in QByteArray::operator+=(QByteArray const&) /home/sanitizer-runs/sanitizer_runs/install_dir/asan/include/QtCore/qbytearray.h:290:14
    #8 0x7f078ced3234 in (anonymous namespace)::VertexBufferDataExt::addVertexAttributeData((anonymous namespace)::VertexAttributeDataExt const&, (anonymous namespace)::VertexDataRequirments const&) /home/cc-runs/src/qt/qt5/qtquick3d/src/plugins/assetimporters/assimp/assimputils.cpp:294:31
    #9 0x7f078cec87f1 in AssimpUtils::generateMeshData(aiScene const&, QList<aiMesh const*> const&, bool, bool, float, float, QString&) /home/cc-runs/src/qt/qt5/qtquick3d/src/plugins/assetimporters/assimp/assimputils.cpp:777:30
    #10 0x7f078cf4c9dc in setModelProperties(QSSGSceneDesc::Model&, aiNode const&, SceneInfo const&)::$_1::operator()(aiString const&) const /home/cc-runs/src/qt/qt5/qtquick3d/src/plugins/assetimporters/assimp/assimpimporter_rt.cpp:1150:25
    #11 0x7f078cf47135 in setModelProperties(QSSGSceneDesc::Model&, aiNode const&, SceneInfo const&) /home/cc-runs/src/qt/qt5/qtquick3d/src/plugins/assetimporters/assimp/assimpimporter_rt.cpp:1171:20
    #12 0x7f078cf41caa in createSceneNode(NodeInfo const&, aiNode const&, QSSGSceneDesc::Node&, SceneInfo const&) /home/cc-runs/src/qt/qt5/qtquick3d/src/plugins/assetimporters/assimp/assimpimporter_rt.cpp:1238:9
    #13 0x7f078cf3b4a4 in processNode(SceneInfo const&, aiNode const&, QSSGSceneDesc::Node&, QHash<aiNode const*, NodeInfo> const&, QHash<QByteArray, QSSGSceneDesc::Node*>&) /home/cc-runs/src/qt/qt5/qtquick3d/src/plugins/assetimporters/assimp/assimpimporter_rt.cpp:1281:16
    #14 0x7f078cf3c804 in processNode(SceneInfo const&, aiNode const&, QSSGSceneDesc::Node&, QHash<aiNode const*, NodeInfo> const&, QHash<QByteArray, QSSGSceneDesc::Node*>&) /home/cc-runs/src/qt/qt5/qtquick3d/src/plugins/assetimporters/assimp/assimpimporter_rt.cpp:1329:9
    #15 0x7f078cf33470 in importImp(QUrl const&, QJsonObject const&, QSSGSceneDesc::Scene&) /home/cc-runs/src/qt/qt5/qtquick3d/src/plugins/assetimporters/assimp/assimpimporter_rt.cpp:1700:9
    #16 0x7f078cf350d1 in AssimpImporter::import(QString const&, QDir const&, QJsonObject const&, QList<QString>*) /home/cc-runs/src/qt/qt5/qtquick3d/src/plugins/assetimporters/assimp/assimpimporter_rt.cpp:1952:19
    #17 0x7f0799e54bc7 in QSSGAssetImportManager::importFile(QString const&, QDir const&, QJsonObject const&, QString*) /home/cc-runs/src/qt/qt5/qtquick3d/src/assetimport/qssgassetimportmanager.cpp:75:34
    #18 0x7f0799e543cc in QSSGAssetImportManager::importFile(QString const&, QDir const&, QString*) /home/cc-runs/src/qt/qt5/qtquick3d/src/assetimport/qssgassetimportmanager.cpp:48:12
    #19 0x55ae12b3c071 in tst_assetimport::importFile() /home/cc-runs/src/qt/qt5/qtquick3d/tests/auto/assetimport/tst_assetimport.cpp:73:38
    #20 0x55ae12b3c95b in tst_assetimport::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/sanitizer-runs/sanitizer_runs/build/qtquick3d-asan/tests/auto/assetimport/tst_qquick3dassetimport_autogen/include/tst_assetimport.moc:106:21
    #21 0x7f07956e129c in QMetaMethodInvoker::invokeImpl(QMetaMethod, void*, Qt::ConnectionType, long long, void const* const*, char const* const*, QtPrivate::QMetaTypeInterface const* const*) /home/cc-runs/src/qt/qt5/qtbase/src/corelib/kernel/qmetaobject.cpp:2714:13
    #22 0x7f07956f3667 in QMetaMethod::invokeImpl(QMetaMethod, void*, Qt::ConnectionType, long long, void const* const*, char const* const*, QtPrivate::QMetaTypeInterface const* const*) /home/cc-runs/src/qt/qt5/qtbase/src/corelib/kernel/qmetaobject.cpp:2553:13
    #23 0x7f079c137e96 in std::enable_if<!AreOldStyleArgs<>::value, bool>::type QMetaMethod::invoke<>(QObject*, Qt::ConnectionType, QMetaMethodReturnArgument) const /home/sanitizer-runs/sanitizer_runs/build/qtbase-asan/include/QtCore/../../../../../../cc-runs/src/qt/qt5/qtbase/src/corelib/kernel/qmetaobject.h:148:16
    #24 0x7f079c137e96 in std::enable_if<!AreOldStyleArgs<>::value, bool>::type QMetaMethod::invoke<>(QObject*, Qt::ConnectionType) const /home/sanitizer-runs/sanitizer_runs/build/qtbase-asan/include/QtCore/../../../../../../cc-runs/src/qt/qt5/qtbase/src/corelib/kernel/qmetaobject.h:160:16
    #25 0x7f079c137e96 in QTest::TestMethods::invokeTestOnData(int) const /home/cc-runs/src/qt/qt5/qtbase/src/testlib/qtestcase.cpp:1134:45
    #26 0x7f079c139f59 in QTest::TestMethods::invokeTest(int, QLatin1String, QTest::WatchDog*) const /home/cc-runs/src/qt/qt5/qtbase/src/testlib/qtestcase.cpp:1426:17
    #27 0x7f079c13cb65 in QTest::TestMethods::invokeTests(QObject*) const /home/cc-runs/src/qt/qt5/qtbase/src/testlib/qtestcase.cpp:1752:33
    #28 0x7f079c13ed7a in QTest::qRun() /home/cc-runs/src/qt/qt5/qtbase/src/testlib/qtestcase.cpp:2365:14
    #29 0x7f079c13d184 in QTest::qExec(QObject*, int, char**) /home/cc-runs/src/qt/qt5/qtbase/src/testlib/qtestcase.cpp:2251:15
    #30 0x55ae12b3c7a6 in main /home/cc-runs/src/qt/qt5/qtquick3d/tests/auto/assetimport/tst_assetimport.cpp:87:1
    #31 0x7f0794e05082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
    #32 0x55ae12a6553d in _start (/home/sanitizer-runs/sanitizer_runs/build/qtquick3d-asan/tests/auto/assetimport/tst_qquick3dassetimport+0x2053d) (BuildId: 0fbc7e2fcf8de760002eff5b87c1e71871c2436b)

      Address 0x7f078fe928a0 is located in stack of thread T0 at offset 160 in frame
    #0 0x7f078ced2b4f in (anonymous namespace)::VertexBufferDataExt::addVertexAttributeData((anonymous namespace)::VertexAttributeDataExt const&, (anonymous namespace)::VertexDataRequirments const&) /home/cc-runs/src/qt/qt5/qtquick3d/src/plugins/assetimporters/assimp/assimputils.cpp:282

  This frame has 22 object(s):
    [32, 56) 'ref.tmp' (line 285)
    [96, 120) 'ref.tmp4' (line 288)
    [160, 168) 'uv' (line 293) <== Memory access at offset 160 is inside this variable
    [192, 216) 'ref.tmp19' (line 294)
    [256, 280) 'ref.tmp24' (line 296)
    [320, 328) 'uv38' (line 303)
    [352, 376) 'ref.tmp44' (line 304)
    [416, 440) 'ref.tmp50' (line 306)
    [480, 504) 'ref.tmp62' (line 313)
    [544, 568) 'ref.tmp68' (line 314)
    [608, 632) 'ref.tmp77' (line 319)
    [672, 688) 'fBoneIndex' (line 325)
    [704, 728) 'ref.tmp94' (line 326)
    [768, 792) 'ref.tmp99' (line 328)
    [832, 856) 'ref.tmp106' (line 330)
    [896, 920) 'ref.tmp114' (line 336)
    [960, 984) 'ref.tmp133' (line 340)
    [1024, 1048) 'ref.tmp154' (line 344)
    [1088, 1112) 'ref.tmp172' (line 346)
    [1152, 1176) 'ref.tmp193' (line 350)
    [1216, 1240) 'ref.tmp214' (line 354)
    [1280, 1304) 'ref.tmp235' (line 358)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
      (longjmp and C++ exceptions *are* supported)

      SUMMARY: AddressSanitizer: stack-use-after-return (/home/sanitizer-runs/sanitizer_runs/build/qtquick3d-asan/tests/auto/assetimport/tst_qquick3dassetimport+0xb82fc) (BuildId: 0fbc7e2fcf8de760002eff5b87c1e71871c2436b) in __asan_memcpy
Shadow bytes around the buggy address:
  0x7f078fe92600: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x7f078fe92680: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x7f078fe92700: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x7f078fe92780: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x7f078fe92800: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x7f078fe92880: f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x7f078fe92900: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x7f078fe92980: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x7f078fe92a00: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x7f078fe92a80: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x7f078fe92b00: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==703186==ABORTING

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            manordheim MÃ¥rten Nordheim
            jimis Dimitrios Apostolou
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes