Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-126396

Illegal memory access in QQuickShaderEffectPrivate

    XMLWordPrintable

Details

    • WebAssembly
    • 33a969ac8 (dev), 3479b2ca5 (6.8), 8587b4fed (6.7), 8cec6f096 (tqtc/lts-6.5)

    Description

      QQuickShaderEffectPrivate accesses QQuickShaderEffect after it has been destroyed.

       

      It is not possible to build desktop with -sanitize undefined, but it is possible for the webassembly build, which gives this calllstack:

       

       
      pptestGrabWindow.js:1157 /home/evenan/source/repos/6.8.0/qt6/qtdeclarative/src/quick/items/qquickshadereffect_p_p.h:34:5: runtime error: downcast of address 0x054ea658 which does not point to an object of type 'QQuickShaderEffect'
      put_char @ apptestGrabWindow.js:1157
      write @ apptestGrabWindow.js:1109
      write @ apptestGrabWindow.js:2471
      doWritev @ apptestGrabWindow.js:13118
      _fd_write @ apptestGrabWindow.js:13135
      $__sanitizer::internal_write(int, void const*, unsigned long) @ apptestGrabWindow.wasm:0xbec4240
      $__sanitizer::ReportFile::Write(char const*, unsigned long) @ apptestGrabWindow.wasm:0xbec512d
      $__sanitizer::RawWrite(char const*) @ apptestGrabWindow.wasm:0xbebe929
      $__sanitizer::SharedPrintfCodeNoBuffer(bool, char*, int, char const*, void*) @ apptestGrabWindow.wasm:0xbec6677
      $__sanitizer::SharedPrintfCode(bool, char const*, void*) @ apptestGrabWindow.wasm:0xbec6302
      $__sanitizer::Printf(char const*, ...) @ apptestGrabWindow.wasm:0xbec6224
      $__ubsan::Diag::~Diag() @ apptestGrabWindow.wasm:0xbeb0a4b
      $HandleDynamicTypeCacheMiss(__ubsan::DynamicTypeCacheMissData*, unsigned long, unsigned long, __ubsan::ReportOptions) @ apptestGrabWindow.wasm:0xbeb847f
      $__ubsan_handle_dynamic_type_cache_miss @ apptestGrabWindow.wasm:0xbeb8094
      $QQuickShaderEffectPrivate::q_func() @ apptestGrabWindow.wasm:0x20fff71
      $QQuickShaderEffectPrivate::disconnectSignals(QQuickShaderEffectPrivate::Shader) @ apptestGrabWindow.wasm:0x211a5f4
      $QQuickShaderEffectPrivate::~QQuickShaderEffectPrivate() @ apptestGrabWindow.wasm:0x2119e48
      $QQuickShaderEffectPrivate::~QQuickShaderEffectPrivate().1 @ apptestGrabWindow.wasm:0x211eb27
      $QScopedPointerDeleter<QObjectData>::cleanup(QObjectData*) @ apptestGrabWindow.wasm:0x712e05
      $QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData>>::~QScopedPointer() @ apptestGrabWindow.wasm:0x70f533
      $QObject::~QObject() @ apptestGrabWindow.wasm:0x7172a1
      $QQuickItem::~QQuickItem() @ apptestGrabWindow.wasm:0x2af14b6
      $QQuickShaderEffect::~QQuickShaderEffect() @ apptestGrabWindow.wasm:0x20fe462
      $QQmlPrivate::QQmlElement<QQuickShaderEffect>::~QQmlElement() @ apptestGrabWindow.wasm:0x41fe043
      $QQmlPrivate::QQmlElement<QQuickShaderEffect>::~QQmlElement().1 @ apptestGrabWindow.wasm:0x41fe15e
      $QObject::event(QEvent*) @ apptestGrabWindow.wasm:0x724af4
      $QQuickItem::event(QEvent*) @ apptestGrabWindow.wasm:0x2bb40a3
      $QQuickShaderEffect::event(QEvent*) @ apptestGrabWindow.wasm:0x210a1b5
      $QCoreApplicationPrivate::notify_helper(QObject*, QEvent*) @ apptestGrabWindow.wasm:0x48d6ee
      $doNotify(QObject*, QEvent*) @ apptestGrabWindow.wasm:0x48caad
      $QCoreApplication::notify(QObject*, QEvent*) @ apptestGrabWindow.wasm:0x48d9e9
      $QGuiApplication::notify(QObject*, QEvent*) @ apptestGrabWindow.wasm:0x5fad2d5
      $dynCall_iiii @ apptestGrabWindow.wasm:0xbefc682
      ret.<computed> @ apptestGrabWindow.js:6228
      invoke_iiii @ apptestGrabWindow.js:14532
      $QCoreApplication::notifyInternal2(QObject*, QEvent*) @ apptestGrabWindow.wasm:0x48c660
      $QCoreApplication::sendEvent(QObject*, QEvent*) @ apptestGrabWindow.wasm:0x49a803
      $dynCall_iii @ apptestGrabWindow.wasm:0xbefc5b4
      ret.<computed> @ apptestGrabWindow.js:6228
      invoke_iii @ apptestGrabWindow.js:14521
      $QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) @ apptestGrabWindow.wasm:0x498d23
      $QCoreApplication::sendPostedEvents(QObject*, int) @ apptestGrabWindow.wasm:0x4934c0
      $QEventDispatcherWasm::processPostedEvents() @ apptestGrabWindow.wasm:0x1623c30
      $QWasmEventDispatcher::processPostedEvents() @ apptestGrabWindow.wasm:0x47f5bf6
      $QEventDispatcherWasm::callProcessPostedEvents(void*) @ apptestGrabWindow.wasm:0x1623b0f
      $QEventDispatcherWasm::wakeUp()::$_0::operator()() const @ apptestGrabWindow.wasm:0x166721f
       
      As to the consequences they are unknown except that
      1) It is probably U.B.
      2) It shows up when debugging
       
      Seen when debugging QTBUG-124152
      which can be used as a reproducer

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            evenandersen Even Oscar Andersen
            evenandersen Even Oscar Andersen
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes