Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-117069

ERROR: AddressSanitizer: stack-use-after-scope in tst_WaylandCompositor::emitsErrorOnSameIviId()

    XMLWordPrintable

Details

    • 3b58b13d9 (dev)

    Description

      Full log here.

      QWARN  : tst_WaylandCompositor::createsIviSurfaces() qt.waylandcompositor.hardwareintegration: Failed to initialize EGL display. Could not get EglDisplay for window.
PASS   : tst_WaylandCompositor::createsIviSurfaces()
QWARN  : tst_WaylandCompositor::emitsErrorOnSameIviId() qt.waylandcompositor.hardwareintegration: Failed to initialize EGL display. Could not get EglDisplay for window.
error in client communication (pid 2287)
ivi_application@10: error 1: Given ivi_id, 123, is already assigned to wl_surface@11
=================================================================

      ==2287==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7ffcf8f8b580 at pc 0x55fa99b38f74 bp 0x7ffcf8f89950 sp 0x7ffcf8f89948

      WRITE of size 8 at 0x7ffcf8f8b580 thread T0

          #0 0x55fa99b38f73 in operator() /home/qt/work/qt/qtwayland/tests/auto/compositor/compositor/tst_compositor.cpp:1203
    #1 0x55fa99b65864 in call /home/qt/work/install/include/QtCore/qobjectdefs_impl.h:137
    #2 0x55fa99b64d0c in call<QtPrivate::List<QWaylandIviSurface*>, void> /home/qt/work/install/include/QtCore/qobjectdefs_impl.h:339
    #3 0x55fa99b645d1 in impl /home/qt/work/install/include/QtCore/qobjectdefs_impl.h:558
    #4 0x7fa9f698478f  (/home/qt/work/install/lib/libQt6Core.so.6+0x49978f)
    #5 0x7fa9f6ac8464  (/home/qt/work/install/lib/libQt6Core.so.6+0x5dd464)
    #6 0x7fa9f6ab22ae in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (/home/qt/work/install/lib/libQt6Core.so.6+0x5c72ae)
    #7 0x7fa9fe4f4b10 in QWaylandIviApplication::iviSurfaceCreated(QWaylandIviSurface*) (/home/qt/work/install/lib/libQt6WaylandCompositor.so.6+0x253b10)
    #8 0x7fa9fe4f3b41 in QWaylandIviApplicationPrivate::ivi_application_surface_create(QtWaylandServer::ivi_application::Resource*, unsigned int, wl_resource*, unsigned int) (/home/qt/work/install/lib/libQt6WaylandCompositor.so.6+0x252b41)
    #9 0x7fa9fe5d1b51 in QtWaylandServer::ivi_application::handle_surface_create(wl_client*, wl_resource*, unsigned int, wl_resource*, unsigned int) (/home/qt/work/install/lib/libQt6WaylandCompositor.so.6+0x330b51)
    #10 0x7fa9f592d6dc  (/usr/lib64/libffi.so.7+0x66dc)
    #11 0x7fa9f592cbde  (/usr/lib64/libffi.so.7+0x5bde)
    #12 0x7fa9fee29413  (/usr/lib64/libwayland-server.so.0+0xd413)
    #13 0x7fa9fee2563e  (/usr/lib64/libwayland-server.so.0+0x963e)
    #14 0x7fa9fee272a9 in wl_event_loop_dispatch (/usr/lib64/libwayland-server.so.0+0xb2a9)
    #15 0x7fa9fe41b57a in QWaylandCompositor::processWaylandEvents() (/home/qt/work/install/lib/libQt6WaylandCompositor.so.6+0x17a57a)
    #16 0x7fa9fe41ce92  (/home/qt/work/install/lib/libQt6WaylandCompositor.so.6+0x17be92)
    #17 0x7fa9f6ac8647  (/home/qt/work/install/lib/libQt6Core.so.6+0x5dd647)
    #18 0x7fa9f6ab22ae in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (/home/qt/work/install/lib/libQt6Core.so.6+0x5c72ae)
    #19 0x7fa9f6b06c3d in QSocketNotifier::activated(QSocketDescriptor, QSocketNotifier::Type, QSocketNotifier::QPrivateSignal) (/home/qt/work/install/lib/libQt6Core.so.6+0x61bc3d)
    #20 0x7fa9f6b05c96 in QSocketNotifier::event(QEvent*) (/home/qt/work/install/lib/libQt6Core.so.6+0x61ac96)
    #21 0x7fa9f69771fb in QCoreApplicationPrivate::notify_helper(QObject*, QEvent*) (/home/qt/work/install/lib/libQt6Core.so.6+0x48c1fb)
    #22 0x7fa9f69769e0  (/home/qt/work/install/lib/libQt6Core.so.6+0x48b9e0)
    #23 0x7fa9f69768a7 in QCoreApplication::notify(QObject*, QEvent*) (/home/qt/work/install/lib/libQt6Core.so.6+0x48b8a7)
    #24 0x7fa9fa4f919e in QGuiApplication::notify(QObject*, QEvent*) (/home/qt/work/install/lib/libQt6Gui.so.6+0x68019e)
    #25 0x7fa9f69766b9 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (/home/qt/work/install/lib/libQt6Core.so.6+0x48b6b9)
    #26 0x7fa9f6977e48 in QCoreApplication::sendEvent(QObject*, QEvent*) (/home/qt/work/install/lib/libQt6Core.so.6+0x48ce48)
    #27 0x7fa9f731c0fa  (/home/qt/work/install/lib/libQt6Core.so.6+0xe310fa)
    #28 0x7fa9f52ad82a in g_main_context_dispatch (/usr/lib64/libglib-2.0.so.0+0x5582a)
    #29 0x7fa9f52adbcf  (/usr/lib64/libglib-2.0.so.0+0x55bcf)
    #30 0x7fa9f52adc5b in g_main_context_iteration (/usr/lib64/libglib-2.0.so.0+0x55c5b)
    #31 0x7fa9f731e51a in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (/home/qt/work/install/lib/libQt6Core.so.6+0xe3351a)
    #32 0x7fa9eeb7bf22  (/home/qt/work/install/plugins/platforms/../../lib/libQt6XcbQpa.so.6+0x158f22)
    #33 0x7fa9f697762d in QCoreApplication::processEvents(QFlags<QEventLoop::ProcessEventsFlag>, QDeadlineTimer) (/home/qt/work/install/lib/libQt6Core.so.6+0x48c62d)
    #34 0x7fa9f6b0b765 in QTest::qWait(std::chrono::duration<long, std::ratio<1l, 1000l> >) (/home/qt/work/install/lib/libQt6Core.so.6+0x620765)
    #35 0x7fa9f6b0b571 in QTest::qWait(int) (/home/qt/work/install/lib/libQt6Core.so.6+0x620571)
    #36 0x55fa99b3d4d1 in tst_WaylandCompositor::emitsErrorOnSameIviId() /home/qt/work/qt/qtwayland/tests/auto/compositor/compositor/tst_compositor.cpp:1237
    #37 0x55fa99b606d0 in tst_WaylandCompositor::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) tests/auto/compositor/compositor/tst_compositor_autogen/include/tst_compositor.moc:359
    #38 0x7fa9f69c24f9 in QMetaMethodInvoker::invokeImpl(QMetaMethod, void*, Qt::ConnectionType, long long, void const* const*, char const* const*, QtPrivate::QMetaTypeInterface const* const*) (/home/qt/work/install/lib/libQt6Core.so.6+0x4d74f9)
    #39 0x7fa9f69c017e in QMetaMethod::invokeImpl(QMetaMethod, void*, Qt::ConnectionType, long long, void const* const*, char const* const*, QtPrivate::QMetaTypeInterface const* const*) (/home/qt/work/install/lib/libQt6Core.so.6+0x4d517e)
    #40 0x7fa9fed192d4 in std::enable_if<!std::disjunction<>::value, bool>::type QMetaMethod::invoke<void>(QObject*, Qt::ConnectionType, QTemplatedMetaMethodReturnArgument<void>) const (/home/qt/work/install/lib/libQt6Test.so.6+0xca2d4)
    #41 0x7fa9fed1426d in std::enable_if<!std::disjunction<>::value, bool>::type QMetaMethod::invoke<>(QObject*, Qt::ConnectionType) const (/home/qt/work/install/lib/libQt6Test.so.6+0xc526d)
    #42 0x7fa9fecf2873  (/home/qt/work/install/lib/libQt6Test.so.6+0xa3873)
    #43 0x7fa9fecf45d8  (/home/qt/work/install/lib/libQt6Test.so.6+0xa55d8)
    #44 0x7fa9fecf737a  (/home/qt/work/install/lib/libQt6Test.so.6+0xa837a)
    #45 0x7fa9fecf9e2d in QTest::qRun() (/home/qt/work/install/lib/libQt6Test.so.6+0xaae2d)
    #46 0x7fa9fecf8b67 in QTest::qExec(QObject*, int, char**) (/home/qt/work/install/lib/libQt6Test.so.6+0xa9b67)
    #47 0x55fa99b611af in main /home/qt/work/qt/qtwayland/tests/auto/compositor/compositor/tst_compositor.cpp:1798
    #48 0x7fa9f5b7724c in __libc_start_main (/lib64/libc.so.6+0x3524c)
    #49 0x55fa99abe529 in _start ../sysdeps/x86_64/start.S:120

      Address 0x7ffcf8f8b580 is located in stack of thread T0 at offset 112 in frame

          #0 0x55fa99b38fef in tst_WaylandCompositor::emitsErrorOnSameIviId() /home/qt/work/qt/qtwayland/tests/auto/compositor/compositor/tst_compositor.cpp:1193

      This frame has 69 object(s):

          [48, 52) '<unknown>'
    [64, 68) '<unknown>'
    [80, 84) '<unknown>'
    [96, 100) '<unknown>'
    [112, 120) 'firstIviSurface' (line 1201) <== Memory access at offset 112 is inside this variable
    [144, 152) '<unknown>'
    [176, 184) '<unknown>'
    [208, 216) '<unknown>'
    [240, 248) '<unknown>'
    [272, 280) 'thirdIviSurface' (line 1230)
    [304, 312) '<unknown>'
    [336, 344) '<unknown>'
    [368, 384) '<unknown>'
    [400, 416) '<unknown>'
    [432, 448) '<unknown>'
    [464, 480) '<unknown>'
    [496, 512) '<unknown>'
    [528, 544) '<unknown>'
    [560, 576) '<unknown>'
    [592, 608) '<unknown>'
    [624, 640) '<unknown>'
    [656, 672) '<unknown>'
    [688, 704) '<unknown>'
    [720, 736) '<unknown>'
    [752, 768) '<unknown>'
    [784, 808) '<unknown>'
    [848, 872) '<unknown>'
    [912, 936) '<unknown>'
    [976, 1000) '<unknown>'
    [1040, 1064) '<unknown>'
    [1104, 1128) '<unknown>'
    [1168, 1192) '<unknown>'
    [1232, 1256) '<unknown>'
    [1296, 1320) '<unknown>'
    [1360, 1384) '<unknown>'
    [1424, 1448) '<unknown>'
    [1488, 1512) '<unknown>'
    [1552, 1576) '<unknown>'
    [1616, 1640) '<unknown>'
    [1680, 1704) '<unknown>'
    [1744, 1768) '<unknown>'
    [1808, 1832) '<unknown>'
    [1872, 1896) '<unknown>'
    [1936, 1960) '<unknown>'
    [2000, 2024) '<unknown>'
    [2064, 2088) '<unknown>'
    [2128, 2152) '<unknown>'
    [2192, 2216) '<unknown>'
    [2256, 2280) '<unknown>'
    [2320, 2344) '<unknown>'
    [2384, 2408) '<unknown>'
    [2448, 2472) '<unknown>'
    [2512, 2536) '<unknown>'
    [2576, 2600) '<unknown>'
    [2640, 2664) '<unknown>'
    [2704, 2728) '<unknown>'
    [2768, 2792) '<unknown>'
    [2832, 2856) '<unknown>'
    [2896, 2920) '<unknown>'
    [2960, 2984) '<unknown>'
    [3024, 3048) '<unknown>'
    [3088, 3112) '<unknown>'
    [3152, 3176) '<unknown>'
    [3216, 3240) '<unknown>'
    [3280, 3304) '<unknown>'
    [3344, 3464) 'compositor' (line 1194)
    [3504, 3736) 'firstClient' (line 1198)
    [3808, 4040) 'secondClient' (line 1211)
    [4112, 4344) 'thirdClient' (line 1227)

      HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork

      (longjmp and C++ exceptions are supported)

      SUMMARY: AddressSanitizer: stack-use-after-scope /home/qt/work/qt/qtwayland/tests/auto/compositor/compositor/tst_compositor.cpp:1203 in operator()

      Shadow bytes around the buggy address:

        0x10001f1e9660: 00 f2 f2 f2 00 00 f3 f3 00 00 00 00 00 00 00 00
  0x10001f1e9670: f1 f1 f1 f1 f1 f1 04 f2 00 f3 f3 f3 00 00 00 00
  0x10001f1e9680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10001f1e9690: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10001f1e96a0: 00 00 f1 f1 f1 f1 f1 f1 f8 f2 f8 f2 f8 f2 f8 00
=>0x10001f1e96b0:[f8]f2 00 00 f8 f2 00 00 f8 f2 00 00 f8 f2 00 00
  0x10001f1e96c0: f8 f2 00 00 00 f2 00 00 f8 f2 00 00 f8 f2 f2 f2
  0x10001f1e96d0: 00 00 f2 f2 00 00 f2 f2 00 00 f2 f2 00 00 f2 f2
  0x10001f1e96e0: 00 00 f2 f2 00 00 f2 f2 00 00 f2 f2 00 00 f2 f2
  0x10001f1e96f0: 00 00 f2 f2 00 00 f2 f2 00 00 f2 f2 00 00 f2 f2
  0x10001f1e9700: 00 00 f2 f2 00 00 00 f2 f2 f2 f2 f2 00 00 00 f2
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==2287==ABORTING
sanitizer-testrunner.py     INFO: Test exit code was: 1
sanitizer-testrunner.py    ERROR: ASAN issues detected

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            tvete Paul Olav Tvete
            jimis Dimitrios Apostolou
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes