Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-122475

global-buffer-overflow in QMetaType when running tst_basic

    XMLWordPrintable

Details

    • Bug
    • Resolution: Out of scope
    • P1: Critical
    • 6.8
    • 6.8
    • Core: Object Model
    • None
    • Windows

    Description

      I checked out latest dev in qtbase, qtdeclarative and friends, wiped my build directory and built Qt from scratch. When running tst_basic.exe -input C:\dev\qt-dev2\qtdeclarative\tests\auto\quickcontrols\controls\data\tst_swipedelegate.qml on Windows, I get this:

      11:08:57: Starting C:\dev\qt-dev2-debug\qtdeclarative\tests\auto\quickcontrols\controls\basic\tst_basic.exe -input C:\dev\qt-dev2\qtdeclarative\tests\auto\quickcontrols\controls\data\tst_swipedelegate.qml...
********* Start testing of tst_controls::Basic *********
Config: Using QtTest library 6.8.0, Qt 6.8.0 (x86_64-little_endian-llp64 shared (dynamic) debug build; by MSVC 2022), windows 11
PASS   : tst_controls::Basic::SwipeDelegate::initTestCase()
PASS   : tst_controls::Basic::SwipeDelegate::test_animations()
=================================================================
==27632==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7ffaf2a4ea40 at pc 0x7ffaf4701820 bp 0x0002b87b13b0 sp 0x0002b87b13b8
READ of size 8 at 0x7ffaf2a4ea40 thread T0
    #0 0x7ffaf470181f in interfaceForTypeNoWarning C:\dev\qt-dev2\qtbase\src\corelib\kernel\qmetatype.cpp:2753
    #1 0x7ffaf4701f9b in interfaceForType C:\dev\qt-dev2\qtbase\src\corelib\kernel\qmetatype.cpp:3194
    #2 0x7ffaf46c9ea5 in QMetaType::QMetaType(int) C:\dev\qt-dev2\qtbase\src\corelib\kernel\qmetatype.cpp:3214
    #3 0x7ffaf46cd084 in QMetaType::fromName(class QByteArrayView) C:\dev\qt-dev2\qtbase\src\corelib\kernel\qmetatype.cpp:2982
    #4 0x7ffadc2b790c in ``QmlCacheGeneratedCode::_qt_0x2d_project_0x2e_org_imports_QtQuick_Controls_Basic_SwipeDelegate_qml::<lambda_13>::operator()'::`2'::<lambda_1>::operator()'::`89'::<lambda_4>::operator() C:\dev\qt-dev2-debug\qtdeclarative\src\quickcontrols\basic\.rcc\qmlcache\QuickControls2Basic_SwipeDelegate_qml.cpp:2046
    #5 0x7ffadc2b6a74 in `QmlCacheGeneratedCode::_qt_0x2d_project_0x2e_org_imports_QtQuick_Controls_Basic_SwipeDelegate_qml::<lambda_13>::operator()'::`2'::<lambda_1>::operator() C:\dev\qt-dev2-debug\qtdeclarative\src\quickcontrols\basic\.rcc\qmlcache\QuickControls2Basic_SwipeDelegate_qml.cpp:2046
    #6 0x7ffadc2b836d in QmlCacheGeneratedCode::_qt_0x2d_project_0x2e_org_imports_QtQuick_Controls_Basic_SwipeDelegate_qml::wrapCall<`QmlCacheGeneratedCode::_qt_0x2d_project_0x2e_org_imports_QtQuick_Controls_Basic_SwipeDelegate_qml::<lambda_13>::operator()'::`2'::<lambda_1> > C:\dev\qt-dev2-debug\qtdeclarative\src\quickcontrols\basic\.rcc\qmlcache\QuickControls2Basic_SwipeDelegate_qml.cpp:789
    #7 0x7ffadc2b460a in QmlCacheGeneratedCode::_qt_0x2d_project_0x2e_org_imports_QtQuick_Controls_Basic_SwipeDelegate_qml::<lambda_13>::operator() C:\dev\qt-dev2-debug\qtdeclarative\src\quickcontrols\basic\.rcc\qmlcache\QuickControls2Basic_SwipeDelegate_qml.cpp:1768
    #8 0x7ffadc2b4688 in QmlCacheGeneratedCode::_qt_0x2d_project_0x2e_org_imports_QtQuick_Controls_Basic_SwipeDelegate_qml::<lambda_13>::<lambda_invoker_cdecl> C:\dev\qt-dev2-debug\qtdeclarative\src\quickcontrols\basic\.rcc\qmlcache\QuickControls2Basic_SwipeDelegate_qml.cpp:2070
    #9 0x7ffaef6bff91 in `QV4::Moth::VME::exec'::`2'::<lambda_1>::operator() C:\dev\qt-dev2\qtdeclarative\src\qml\jsruntime\qv4vme_moth.cpp:446
    #10 0x7ffaef6c2aa9 in QV4::coerceAndCall<AOTCompiledMetaMethod,`QV4::Moth::VME::exec'::`2'::<lambda_1> > C:\dev\qt-dev2\qtdeclarative\src\qml\jsruntime\qv4jscall_p.h:548
    #11 0x7ffaef6a9af6 in QV4::Moth::VME::exec(struct QV4::MetaTypesStackFrame *, struct QV4::ExecutionEngine *) C:\dev\qt-dev2\qtdeclarative\src\qml\jsruntime\qv4vme_moth.cpp:431
    #12 0x7ffaef37405b in QV4::Function::call(class QObject *, void **, class QMetaType const *, int, struct QV4::ExecutionContext *) C:\dev\qt-dev2\qtdeclarative\src\qml\jsruntime\qv4function.cpp:38
    #13 0x7ffaefa0cfa5 in QQmlJavaScriptExpression::evaluate(void **, class QMetaType const *, int) C:\dev\qt-dev2\qtdeclarative\src\qml\qml\qqmljavascriptexpression.cpp:270
    #14 0x7ffaef582c59 in QQmlBinding::evaluate(void *, class QMetaType) C:\dev\qt-dev2\qtdeclarative\src\qml\qml\qqmlbinding_p.h:84
    #15 0x7ffaef808ca0 in QQmlBinding::doUpdate(class QQmlJavaScriptExpression::DeleteWatcher const &, class QFlags<enum QQmlPropertyData::WriteFlag>, struct QV4::Scope &) C:\dev\qt-dev2\qtdeclarative\src\qml\qml\qqmlbinding.cpp:681
    #16 0x7ffaef8073af in QQmlBinding::update(class QFlags<enum QQmlPropertyData::WriteFlag>) C:\dev\qt-dev2\qtdeclarative\src\qml\qml\qqmlbinding.cpp:164
    #17 0x7ffaef806ba3 in QQmlBinding::setEnabled(bool, class QFlags<enum QQmlPropertyData::WriteFlag>) C:\dev\qt-dev2\qtdeclarative\src\qml\qml\qqmlbinding.cpp:621
    #18 0x7ffaefb18956 in QQmlObjectCreator::finalize(class QQmlInstantiationInterrupt &) C:\dev\qt-dev2\qtdeclarative\src\qml\qml\qqmlobjectcreator.cpp:1477
    #19 0x7ffaef88b426 in QQmlComponentPrivate::complete(class QQmlEnginePrivate *, struct QQmlComponentPrivate::ConstructionState *) C:\dev\qt-dev2\qtdeclarative\src\qml\qml\qqmlcomponent.cpp:1157
    #20 0x7ffaef88b2ca in QQmlComponentPrivate::completeDeferred(class QQmlEnginePrivate *, class std::vector<struct QQmlComponentPrivate::ConstructionState, class std::allocator<struct QQmlComponentPrivate::ConstructionState>> *) C:\dev\qt-dev2\qtdeclarative\src\qml\qml\qqmlcomponent.cpp:1150
    #21 0x7ffadf4b5d78 in QtQuickPrivate::completeDeferred(class QObject *, class QString const &, class QQuickUntypedDeferredPointer *) C:\dev\qt-dev2\qtdeclarative\src\quicktemplates\qquickdeferredexecute.cpp:130
    #22 0x7ffadf407d33 in quickCompleteDeferred<class QQuickItem>(class QObject *, class QString const &, class QQuickDeferredPointer<class QQuickItem> &) C:\dev\qt-dev2\qtdeclarative\src\quicktemplates\qquickdeferredexecute_p_p.h:54
    #23 0x7ffadf4ad9c0 in QQuickControlPrivate::executeBackground(bool) C:\dev\qt-dev2\qtdeclarative\src\quicktemplates\qquickcontrol.cpp:751
    #24 0x7ffadf4a111e in QQuickControl::componentComplete(void) C:\dev\qt-dev2\qtdeclarative\src\quicktemplates\qquickcontrol.cpp:1937
    #25 0x7ffadf3ea1f7 in QQuickAbstractButton::componentComplete(void) C:\dev\qt-dev2\qtdeclarative\src\quicktemplates\qquickabstractbutton.cpp:1065
    #26 0x7ffadf66dd9b in QQuickSwipeDelegate::componentComplete(void) C:\dev\qt-dev2\qtdeclarative\src\quicktemplates\qquickswipedelegate.cpp:1338
    #27 0x7ffaefb19195 in QQmlObjectCreator::finalize(class QQmlInstantiationInterrupt &) C:\dev\qt-dev2\qtdeclarative\src\qml\qml\qqmlobjectcreator.cpp:1536
    #28 0x7ffaef88b426 in QQmlComponentPrivate::complete(class QQmlEnginePrivate *, struct QQmlComponentPrivate::ConstructionState *) C:\dev\qt-dev2\qtdeclarative\src\qml\qml\qqmlcomponent.cpp:1157
    #29 0x7ffaef887993 in QQmlComponentPrivate::completeCreate(void) C:\dev\qt-dev2\qtdeclarative\src\qml\qml\qqmlcomponent.cpp:1262
    #30 0x7ffaef87ef21 in QQmlComponent::completeCreate(void) C:\dev\qt-dev2\qtdeclarative\src\qml\qml\qqmlcomponent.cpp:1240
    #31 0x7ffaef88e401 in QQmlComponentPrivate::createWithProperties(class QObject *, class QMap<class QString, class QVariant> const &, class QQmlContext *, enum QQmlComponentPrivate::CreateBehavior) C:\dev\qt-dev2\qtdeclarative\src\qml\qml\qqmlcomponent.cpp:958
    #32 0x7ffaef88300e in QQmlComponent::createObject(class QObject *, class QMap<class QString, class QVariant> const &) C:\dev\qt-dev2\qtdeclarative\src\qml\qml\qqmlcomponent.cpp:1799
    #33 0x7ffaef87baee in QQmlComponent::qt_static_metacall(class QObject *, enum QMetaObject::Call, int, void **) C:\dev\qt-dev2-debug\qtdeclarative\src\qml\qml\moc_qqmlcomponent.cpp:229
    #34 0x7ffaef87b10a in QQmlComponent::qt_metacall(enum QMetaObject::Call, int, void **) C:\dev\qt-dev2-debug\qtdeclarative\src\qml\qml\moc_qqmlcomponent.cpp:291
    #35 0x7ffaf465ec5f in QMetaObject::metacall(class QObject *, enum QMetaObject::Call, int, void **) C:\dev\qt-dev2\qtbase\src\corelib\kernel\qmetaobject.cpp:334
    #36 0x7ffaefb90ce5 in QQmlObjectOrGadget::metacall(enum QMetaObject::Call, int, void **) const C:\dev\qt-dev2\qtdeclarative\src\qml\qml\qqmlobjectorgadget.cpp:14
    #37 0x7ffaef4dfd9f in QV4::CallMethod C:\dev\qt-dev2\qtdeclarative\src\qml\jsruntime\qv4qobjectwrapper.cpp:1666
    #38 0x7ffaef4e2f50 in QV4::CallPrecise C:\dev\qt-dev2\qtdeclarative\src\qml\jsruntime\qv4qobjectwrapper.cpp:1971
    #39 0x7ffaef4ead21 in `QV4::QObjectMethod::callInternal'::`2'::<lambda_4>::operator() C:\dev\qt-dev2\qtdeclarative\src\qml\jsruntime\qv4qobjectwrapper.cpp:2945
    #40 0x7ffaef4f8b09 in `QV4::QObjectMethod::callInternal'::`2'::<lambda_2>::operator()<`QV4::QObjectMethod::callInternal'::`2'::<lambda_4> > C:\dev\qt-dev2\qtdeclarative\src\qml\jsruntime\qv4qobjectwrapper.cpp:2922
    #41 0x7ffaef4cd1f7 in QV4::QObjectMethod::callInternal(struct QV4::Value const *, struct QV4::Value const *, int) const C:\dev\qt-dev2\qtdeclarative\src\qml\jsruntime\qv4qobjectwrapper.cpp:2945
    #42 0x7ffaef4cc0ca in QV4::QObjectMethod::virtualCall(struct QV4::FunctionObject const *, struct QV4::Value const *, struct QV4::Value const *, int) C:\dev\qt-dev2\qtdeclarative\src\qml\jsruntime\qv4qobjectwrapper.cpp:2827
    #43 0x7ffaef14ac8e in QV4::FunctionObject::call(struct QV4::Value const *, struct QV4::Value const *, int) const C:\dev\qt-dev2\qtdeclarative\src\qml\jsruntime\qv4functionobject_p.h:171
    #44 0x7ffaef6b07a6 in QV4::Moth::VME::interpret(struct QV4::JSTypesStackFrame *, struct QV4::ExecutionEngine *, char const *) C:\dev\qt-dev2\qtdeclarative\src\qml\jsruntime\qv4vme_moth.cpp:798
    #45 0x7ffaef6aa35f in QV4::Moth::VME::exec(struct QV4::JSTypesStackFrame *, struct QV4::ExecutionEngine *) C:\dev\qt-dev2\qtdeclarative\src\qml\jsruntime\qv4vme_moth.cpp:487
    #46 0x7ffaef39d194 in qfoDoCall C:\dev\qt-dev2\qtdeclarative\src\qml\jsruntime\qv4functionobject.cpp:526
    #47 0x7ffaef398e83 in QV4::ArrowFunction::virtualCall(struct QV4::FunctionObject const *, struct QV4::Value const *, struct QV4::Value const *, int) C:\dev\qt-dev2\qtdeclarative\src\qml\jsruntime\qv4functionobject.cpp:556
    #48 0x7ffaef14ac8e in QV4::FunctionObject::call(struct QV4::Value const *, struct QV4::Value const *, int) const C:\dev\qt-dev2\qtdeclarative\src\qml\jsruntime\qv4functionobject_p.h:171
    #49 0x7ffaef5cd2e1 in QV4::Runtime::CallQmlContextPropertyLookup::call(struct QV4::ExecutionEngine *, unsigned int, struct QV4::Value *const, int) C:\dev\qt-dev2\qtdeclarative\src\qml\jsruntime\qv4runtime.cpp:1416
    #50 0x7ffaef6b1566 in QV4::Moth::VME::interpret(struct QV4::JSTypesStackFrame *, struct QV4::ExecutionEngine *, char const *) C:\dev\qt-dev2\qtdeclarative\src\qml\jsruntime\qv4vme_moth.cpp:833
    #51 0x7ffaef6aa35f in QV4::Moth::VME::exec(struct QV4::JSTypesStackFrame *, struct QV4::ExecutionEngine *) C:\dev\qt-dev2\qtdeclarative\src\qml\jsruntime\qv4vme_moth.cpp:487
    #52 0x7ffaef39d194 in qfoDoCall C:\dev\qt-dev2\qtdeclarative\src\qml\jsruntime\qv4functionobject.cpp:526
    #53 0x7ffaef398e83 in QV4::ArrowFunction::virtualCall(struct QV4::FunctionObject const *, struct QV4::Value const *, struct QV4::Value const *, int) C:\dev\qt-dev2\qtdeclarative\src\qml\jsruntime\qv4functionobject.cpp:556
    #54 0x7ffaef14ac8e in QV4::FunctionObject::call(struct QV4::Value const *, struct QV4::Value const *, int) const C:\dev\qt-dev2\qtdeclarative\src\qml\jsruntime\qv4functionobject_p.h:171
    #55 0x7ffaef5d0191 in QV4::Runtime::CallWithReceiver::call(struct QV4::ExecutionEngine *, struct QV4::Value const &, struct QV4::Value const &, struct QV4::Value *const, int) C:\dev\qt-dev2\qtdeclarative\src\qml\jsruntime\qv4runtime.cpp:1533
    #56 0x1d80f610704  (<unknown module>)
0x7ffaf2a4ea40 is located 0 bytes inside of global variable '`anonymous namespace'::qVariantGuiHelper' defined in 'qguivariant.cpp:136:2' (0x7ffaf2a4ea40) of size 8
0x7ffaf2a4ea40 is located 96 bytes to the right of global variable '`anonymous namespace'::<unnamed-type-qVariantGuiHelper>::`vftable'' defined in 'qguivariant.cpp:60:24' (0x7ffaf2a4e9c8) of size 24
SUMMARY: AddressSanitizer: global-buffer-overflow C:\dev\qt-dev2\qtbase\src\corelib\kernel\qmetatype.cpp:2753 in interfaceForTypeNoWarning
Shadow bytes around the buggy address:
  0x11d7a55c9cf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x11d7a55c9d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x11d7a55c9d10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x11d7a55c9d20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x11d7a55c9d30: 00 00 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9
=>0x11d7a55c9d40: f9 f9 f9 f9 f9 f9 f9 f9[f9]f9 f9 f9 f9 f9 f9 f9
  0x11d7a55c9d50: f9 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
  0x11d7a55c9d60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x11d7a55c9d70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x11d7a55c9d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x11d7a55c9d90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==27632==ABORTING
11:09:00: C:\dev\qt-dev2-debug\qtdeclarative\tests\auto\quickcontrols\controls\basic\tst_basic.exe exited with code 1

      I tried working around it with QML_DISABLE_DISK_CACHE=1, but then I get this:

      11:13:50: Starting C:\dev\qt-dev2-debug\qtdeclarative\tests\auto\quickcontrols\controls\basic\tst_basic.exe -input C:\dev\qt-dev2\qtdeclarative\tests\auto\quickcontrols\controls\data\tst_swipedelegate.qml...
********* Start testing of tst_controls::Basic *********
Config: Using QtTest library 6.8.0, Qt 6.8.0 (x86_64-little_endian-llp64 shared (dynamic) debug build; by MSVC 2022), windows 11
PASS   : tst_controls::Basic::SwipeDelegate::initTestCase()
PASS   : tst_controls::Basic::SwipeDelegate::test_animations()
PASS   : tst_controls::Basic::SwipeDelegate::test_beginSwipeOverRightItem()
PASS   : tst_controls::Basic::SwipeDelegate::test_callCloseWhenAlreadyClosed()
PASS   : tst_controls::Basic::SwipeDelegate::test_close()
PASS   : tst_controls::Basic::SwipeDelegate::test_closeOnPressed()
PASS   : tst_controls::Basic::SwipeDelegate::test_contentItemHeightOnHeightChanged()
PASS   : tst_controls::Basic::SwipeDelegate::test_contentItemPosOnWidthChanged()
PASS   : tst_controls::Basic::SwipeDelegate::test_defaults()
=================================================================
==4676==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7ffaf04bea40 at pc 0x7ffaf4bddbbe bp 0x0030156e8cf0 sp 0x0030156e8cf8
READ of size 8 at 0x7ffaf04bea40 thread T0
    #0 0x7ffaf4bddbbd in QMetaType::convert(class QMetaType, void const *, class QMetaType, void *) C:\dev\qt-dev2\qtbase\src\corelib\kernel\qmetatype.cpp:2375
    #1 0x7ffaf4d83ff4 in qvariant_cast<class QString>(class QVariant const &) C:\dev\qt-dev2\qtbase\src\corelib\kernel\qvariant.h:765
    #2 0x7ffaf4d63504 in QVariant::toString(void) const C:\dev\qt-dev2\qtbase\src\corelib\kernel\qvariant.cpp:1473
    #3 0x7ffaf61c3e0a in QuickTestResult::stringify(class QQmlV4Function *) C:\dev\qt-dev2\qtdeclarative\src\qmltest\quicktestresult.cpp:543
    #4 0x7ffaf61be80c in QuickTestResult::qt_static_metacall(class QObject *, enum QMetaObject::Call, int, void **) C:\dev\qt-dev2-debug\qtdeclarative\src\qmltest\QuickTest_autogen\include\moc_quicktestresult_p.cpp:482
    #5 0x7ffaf61be3c9 in QuickTestResult::qt_metacall(enum QMetaObject::Call, int, void **) C:\dev\qt-dev2-debug\qtdeclarative\src\qmltest\QuickTest_autogen\include\moc_quicktestresult_p.cpp:657
    #6 0x7ffaf4b6ec5f in QMetaObject::metacall(class QObject *, enum QMetaObject::Call, int, void **) C:\dev\qt-dev2\qtbase\src\corelib\kernel\qmetaobject.cpp:334
    #7 0x7ffadee50ce5 in QQmlObjectOrGadget::metacall(enum QMetaObject::Call, int, void **) const C:\dev\qt-dev2\qtdeclarative\src\qml\qml\qqmlobjectorgadget.cpp:14
    #8 0x7ffade7aa7f1 in `QV4::QObjectMethod::callInternal'::`40'::<lambda_3>::operator() C:\dev\qt-dev2\qtdeclarative\src\qml\jsruntime\qv4qobjectwrapper.cpp:2939
    #9 0x7ffade7b84b9 in `QV4::QObjectMethod::callInternal'::`2'::<lambda_2>::operator()<`QV4::QObjectMethod::callInternal'::`40'::<lambda_3> > C:\dev\qt-dev2\qtdeclarative\src\qml\jsruntime\qv4qobjectwrapper.cpp:2922
    #10 0x7ffade78d11d in QV4::QObjectMethod::callInternal(struct QV4::Value const *, struct QV4::Value const *, int) const C:\dev\qt-dev2\qtdeclarative\src\qml\jsruntime\qv4qobjectwrapper.cpp:2933
    #11 0x7ffade78c0ca in QV4::QObjectMethod::virtualCall(struct QV4::FunctionObject const *, struct QV4::Value const *, struct QV4::Value const *, int) C:\dev\qt-dev2\qtdeclarative\src\qml\jsruntime\qv4qobjectwrapper.cpp:2827
    #12 0x7ffade40ac8e in QV4::FunctionObject::call(struct QV4::Value const *, struct QV4::Value const *, int) const C:\dev\qt-dev2\qtdeclarative\src\qml\jsruntime\qv4functionobject_p.h:171
    #13 0x7ffade88f13e in QV4::Runtime::CallPropertyLookup::call(struct QV4::ExecutionEngine *, struct QV4::Value const &, unsigned int, struct QV4::Value *const, int) C:\dev\qt-dev2\qtdeclarative\src\qml\jsruntime\qv4runtime.cpp:1507
    #14 0x1640f650713  (<unknown module>)
0x7ffaf04bea40 is located 0 bytes inside of global variable '`anonymous namespace'::qVariantGuiHelper' defined in 'qguivariant.cpp:136:2' (0x7ffaf04bea40) of size 8
0x7ffaf04bea40 is located 96 bytes to the right of global variable '`anonymous namespace'::<unnamed-type-qVariantGuiHelper>::`vftable'' defined in 'qguivariant.cpp:60:24' (0x7ffaf04be9c8) of size 24
SUMMARY: AddressSanitizer: global-buffer-overflow C:\dev\qt-dev2\qtbase\src\corelib\kernel\qmetatype.cpp:2375 in QMetaType::convert(class QMetaType, void const *, class QMetaType, void *)
Shadow bytes around the buggy address:
  0x116394517cf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x116394517d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x116394517d10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x116394517d20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x116394517d30: 00 00 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9
=>0x116394517d40: f9 f9 f9 f9 f9 f9 f9 f9[f9]f9 f9 f9 f9 f9 f9 f9
  0x116394517d50: f9 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
  0x116394517d60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x116394517d70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x116394517d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x116394517d90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==4676==ABORTING
11:13:53: C:\dev\qt-dev2-debug\qtdeclarative\tests\auto\quickcontrols\controls\basic\tst_basic.exe exited with code 1

      With a debug statement in QMetaType:

      $ git diff
diff --git a/src/corelib/kernel/qmetatype.cpp b/src/corelib/kernel/qmetatype.cpp
index ebe79e0232..219120a2fc 100644
--- a/src/corelib/kernel/qmetatype.cpp
+++ b/src/corelib/kernel/qmetatype.cpp
@@ -2979,6 +2979,7 @@ QMetaType QMetaType::underlyingType() const
  */
 QMetaType QMetaType::fromName(QByteArrayView typeName)
 {
+    qDebug() << "@@@" << typeName;
     return QMetaType(qMetaTypeTypeImpl</*tryNormalizedType=*/true>(typeName.data(), typeName.size()));
 }

      I get this output:

      QDEBUG : tst_controls::Basic::SwipeDelegate::test_animations() @@@ "Qt"
QDEBUG : tst_controls::Basic::SwipeDelegate::test_animations() @@@ "QQuickPalette*"
PASS   : tst_controls::Basic::SwipeDelegate::test_animations()
QDEBUG : tst_controls::Basic::SwipeDelegate::test_beginSwipeOverRightItem() @@@ "QQuickPalette*"
QDEBUG : tst_controls::Basic::SwipeDelegate::test_beginSwipeOverRightItem() @@@ "QQuickPalette*"
QDEBUG : tst_controls::Basic::SwipeDelegate::test_beginSwipeOverRightItem() @@@ "QColor"
=================================================================
==33568==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7ffad498ea40 at pc 0x7ffad6781aa0 bp 0x009ed23115f0 sp 0x009ed23115f8
READ of size 8 at 0x7ffad498ea40 thread T0
    #0 0x7ffad6781a9f in interfaceForTypeNoWarning C:\dev\qt-dev2\qtbase\src\corelib\kernel\qmetatype.cpp:2753
    #1 0x7ffad678221b in interfaceForType C:\dev\qt-dev2\qtbase\src\corelib\kernel\qmetatype.cpp:3195
    #2 0x7ffad6749ea5 in QMetaType::QMetaType(int) C:\dev\qt-dev2\qtbase\src\corelib\kernel\qmetatype.cpp:3215
    #3 0x7ffad674d2be in QMetaType::fromName(class QByteArrayView) C:\dev\qt-dev2\qtbase\src\corelib\kernel\qmetatype.cpp:2983

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            olivier.decanniere Olivier De Cannière
            mitch_curtis Mitch Curtis
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes