Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-132186

JS file makes QJSEngine crash

    XMLWordPrintable

Details

    • Linux/X11

    Description

      Given foo.mjs

      On AArch64 Linux, with a fsanitize=address,undefined build of Qt, when doing engine.importModule("path/to/foo.mjs");

       

      /home/jcelerier/libs/qt5/qtdeclarative/src/qml/../3rdparty/masm/assembler/ARM64Assembler.h:95:29: runtime error: left shift of negative value -16

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/jcelerier/libs/qt5/qtdeclarative/src/qml/../3rdparty/masm/assembler/ARM64Assembler.h:95:29  
/home/jcelerier/libs/qt5/qtdeclarative/src/qml/../3rdparty/masm/assembler/ARM64Assembler.h:3703:9: runtime error: left shift of negative value -2

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/jcelerier/libs/qt5/qtdeclarative/src/qml/../3rdparty/masm/assembler/ARM64Assembler.h:3703:9  
/home/jcelerier/libs/qt5/qtdeclarative/src/qml/../3rdparty/masm/assembler/ARM64Assembler.h:90:29: runtime error: left shift of negative value -2

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/jcelerier/libs/qt5/qtdeclarative/src/qml/../3rdparty/masm/assembler/ARM64Assembler.h:90:29  
/home/jcelerier/libs/qt5/qtdeclarative/src/qml/../3rdparty/masm/assembler/ARM64Assembler.h:61:29: runtime error: left shift of negative value -8

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/jcelerier/libs/qt5/qtdeclarative/src/qml/../3rdparty/masm/assembler/ARM64Assembler.h:61:29  
/home/jcelerier/libs/qt5/qtdeclarative/src/qml/../3rdparty/masm/assembler/ARM64Assembler.h:3426:23: runtime error: left shift of 335544320 by 6 places cannot be represented in type 'int'

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/jcelerier/libs/qt5/qtdeclarative/src/qml/../3rdparty/masm/assembler/ARM64Assembler.h:3426:23  
/home/jcelerier/libs/qt5/qtdeclarative/src/qml/../3rdparty/masm/assembler/ARM64Assembler.h:3795:9: runtime error: left shift of negative value -10

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/jcelerier/libs/qt5/qtdeclarative/src/qml/../3rdparty/masm/assembler/ARM64Assembler.h:3795:9  
AddressSanitizer:DEADLYSIGNAL

=================================================================

==4133477==ERROR: AddressSanitizer: SEGV on unknown address 0xffff2613bff8 (pc 0xffff49c0be30 bp 0xffffda4563e0 sp 0xffffda456060 T0)

==4133477==The signal is caused by a READ memory access.

    #0 0xffff49c0be30 in QV4::Moth::VME::exec(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*) /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:484:18

    #1 0xffff4966fb34 in qfoDoCall(QV4::JavaScriptFunctionObject const*, QV4::Value const*, QV4::Value const*, int) /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:527:18

    #2 0xffff4966a0d8 in QV4::ArrowFunction::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:558:12

    #3 0xffff492de114 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:187:20

    #4 0xffff49c2e71c in QV4::Moth::VME::interpret(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*, char const*) /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:761:57

    #5 0xffff49c0bf98 in QV4::Moth::VME::exec(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*) /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:487:18

    #6 0xffff4966fb34 in qfoDoCall(QV4::JavaScriptFunctionObject const*, QV4::Value const*, QV4::Value const*, int) /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:527:18

    #7 0xffff4966a0d8 in QV4::ArrowFunction::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:558:12

    #8 0xffff492de114 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:187:20

    #9 0xffff49c2e71c in QV4::Moth::VME::interpret(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*, char const*) /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:761:57

    #10 0xffff49c0bf98 in QV4::Moth::VME::exec(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*) /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:487:18

    #11 0xffff4966fb34 in qfoDoCall(QV4::JavaScriptFunctionObject const*, QV4::Value const*, QV4::Value const*, int) /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:527:18

    #12 0xffff4966a0d8 in QV4::ArrowFunction::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:558:12

    #13 0xffff492de114 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:187:20

    #14 0xffff49c2e71c in QV4::Moth::VME::interpret(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*, char const*) /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:761:57

    #15 0xffff49c0bf98 in QV4::Moth::VME::exec(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*) /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:487:18

    #16 0xffff4966fb34 in qfoDoCall(QV4::JavaScriptFunctionObject const*, QV4::Value const*, QV4::Value const*, int) /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:527:18

    #17 0xffff4966a0d8 in QV4::ArrowFunction::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:558:12

    #18 0xffff492de114 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:187:20

    #19 0xffff493560c8 in QV4::ArrayPrototype::method_forEach(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4arrayobject.cpp:1290:19

    #20 0xffff49663264 in QV4::DynamicFunctionObject::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:191:16

    #21 0xffff492de114 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:187:20

    #22 0xffff49c34414 in QV4::Moth::VME::interpret(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*, char const*) /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:798:52

    #23 0xffff49c0bf98 in QV4::Moth::VME::exec(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*) /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:487:18

    #24 0xffff4966fb34 in qfoDoCall(QV4::JavaScriptFunctionObject const*, QV4::Value const*, QV4::Value const*, int) /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:527:18

    #25 0xffff4966a0d8 in QV4::ArrowFunction::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:558:12

    #26 0xffff492de114 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:187:20

    #27 0xffff49c2e71c in QV4::Moth::VME::interpret(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*, char const*) /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:761:57

    #28 0xffff49c0bf98 in QV4::Moth::VME::exec(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*) /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:487:18

    #29 0xffff4966fb34 in qfoDoCall(QV4::JavaScriptFunctionObject const*, QV4::Value const*, QV4::Value const*, int) /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:527:18

    #30 0xffff4966a0d8 in QV4::ArrowFunction::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:558:12

    #31 0xffff492de114 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:187:20

    #32 0xffff496684d0 in QV4::FunctionPrototype::method_call(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:390:33

    #33 0xffff49663264 in QV4::DynamicFunctionObject::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:191:16

    #34 0xffff492de114 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:187:20

    #35 0xffff49c34414 in QV4::Moth::VME::interpret(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*, char const*) /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:798:52

    #36 0xffff49c0bf98 in QV4::Moth::VME::exec(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*) /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:487:18

    #37 0xffff4966fb34 in qfoDoCall(QV4::JavaScriptFunctionObject const*, QV4::Value const*, QV4::Value const*, int) /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:527:18

    #38 0xffff4966a0d8 in QV4::ArrowFunction::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:558:12

    #39 0xffff492de114 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:187:20

    #40 0xffff49c2e71c in QV4::Moth::VME::interpret(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*, char const*) /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:761:57

    #41 0xffff49c0bf98 in QV4::Moth::VME::exec(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*) /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:487:18

    #42 0xffff4966fb34 in qfoDoCall(QV4::JavaScriptFunctionObject const*, QV4::Value const*, QV4::Value const*, int) /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:527:18

    #43 0xffff4966a0d8 in QV4::ArrowFunction::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:558:12

    #44 0xffff492de114 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:187:20

    #45 0xffff49c2e71c in QV4::Moth::VME::interpret(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*, char const*) /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:761:57

    #46 0xffff49c0bf98 in QV4::Moth::VME::exec(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*) /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:487:18

    #47 0xffff4977f9fc in QV4::Module::evaluate() /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4module.cpp:90:5

    #48 0xffff495f3b48 in QV4::ExecutableCompilationUnit::evaluate() /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsruntime/qv4executablecompilationunit.cpp:626:10

    #49 0xffff492a2380 in QJSEngine::importModule(QString const&) /home/jcelerier/libs/qt5/qtdeclarative/src/qml/jsapi/qjsengine.cpp:587:19

      Attachments

        1. foo.mjs
          1013 kB
          Jean-Michaël Celerier
        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            qtqmlteam Qt Qml Team User
            jcelerier Jean-Michaël Celerier
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:

              Gerrit Reviews

                There are no open Gerrit changes