Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: P2: Important
Fix Version/s: 5.0.0
Affects Version/s: 5.0.0
Component/s: ActiveX Support, Build tools: uic
Labels:
None
Environment:
msvc2008, win7, qt5

Commits:
9f5ad02d516563e91f839cca82207f48bd75cfeb

Description

This is actually two separate bugs, the first is using uninitialized memory, the second, is using an unchecked invalid value via implicit conversion.

qaxserver.cpp:1127 uses an unallocated variable, on my machine, this gets set to -1, which gets passed down through the stack to QCoreApplicationPrivate (qcoreapplicationprivate:287), which then tries to allocate this value converted to uint, which leads to a crash in windows.

[W] UMR: Uninitialized memory read in QCoreApplicationPrivate::QCoreApplicationPrivate(int&,char * *,UINT)

{1 occurrence}
Reading 4 bytes from 0x0019ee68 (4 bytes at 0x0019ee68 uninitialized)
Address 0x0019ee68 points into a thread's stack
Address 0x0019ee68 is the local variable 'argc' in DumpIDL
Thread ID: 0x2744
Error location
QCoreApplicationPrivate::QCoreApplicationPrivate(int&,char * *,UINT) [c:\depot\qt5\qtbase\src\corelib\kernel\qcoreapplication.cpp:293]
QGuiApplicationPrivate::QGuiApplicationPrivate(int&,char * *,int) [c:\depot\qt5\qtbase\src\gui\kernel\qguiapplication.cpp:379]
QApplicationPrivate::QApplicationPrivate(int&,char * *,Type::QCoreApplication,int) [c:\depot\qt5\qtbase\src\widgets\kernel\qapplication.cpp:161]
QApplication::QApplication(int&,char * *,int) [c:\depot\qt5\qtbase\src\widgets\kernel\qapplication.cpp:555]
DumpIDL [c:\depot\qt5\qtactiveqt\src\activeqt\control\qaxserver.cpp:1127]
bool delete_qApp = false;
if (!qApp) { int argc; => (void)new QApplication(argc, 0); delete_qApp = true; }

dumpIdl [c:\depot\qt5\qtactiveqt\src\tools\idc\main.cpp:176]
runIdc(int,char * *) [c:\depot\qt5\qtactiveqt\src\tools\idc\main.cpp:292]
main [c:\depot\qt5\qtactiveqt\src\tools\idc\main.cpp:334]
_tmainCRTStartup [f:\dd\vctools\crt_bld\self_x86\crt\src\crtexe.c:582]
mainCRTStartup [f:\dd\vctools\crt_bld\self_x86\crt\src\crtexe.c:398]

[I] MAF: Memory allocation failure of -1 bytes in new(UINT) {1 occurrence}

Allocation location
new(UINT) [C:\DEPOT\QT5\QTBASE\BIN\QTCORED5.DLL]
<>=(UINT) [f:\dd\vctools\crt_bld\self_x86\crt\src\newaop.cpp:7]
QCoreApplicationPrivate::QCoreApplicationPrivate(int&,char * *,UINT) [c:\depot\qt5\qtbase\src\corelib\kernel\qcoreapplication.cpp:293]
, in_exec(false)
, aboutToQuitEmitted(false)
, threadData_clean(false)
=> {
app_compile_version = flags & 0xffffff;
static const char *const empty = "";
if (argc == 0 || argv == 0) {
QGuiApplicationPrivate::QGuiApplicationPrivate(int&,char * *,int) [c:\depot\qt5\qtbase\src\gui\kernel\qguiapplication.cpp:379]
QApplicationPrivate::QApplicationPrivate(int&,char * *,Type::QCoreApplication,int) [c:\depot\qt5\qtbase\src\widgets\kernel\qapplication.cpp:161]
QApplication::QApplication(int&,char * *,int) [c:\depot\qt5\qtbase\src\widgets\kernel\qapplication.cpp:555]
DumpIDL [c:\depot\qt5\qtactiveqt\src\activeqt\control\qaxserver.cpp:1127]
dumpIdl [c:\depot\qt5\qtactiveqt\src\tools\idc\main.cpp:176]
runIdc(int,char * *) [c:\depot\qt5\qtactiveqt\src\tools\idc\main.cpp:292]
main [c:\depot\qt5\qtactiveqt\src\tools\idc\main.cpp:334]

please note: the second failure is in the code:
#ifdef Q_OS_WIN
, origArgc(aargc)
, origArgv(new char *[aargc])
#endif

Attachments

Issue Links

relates to

QTBUG-26219 QCoreApplication with negative argc parameter causes memory allocation exception.

Closed

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Bill King

Reporter:: Bill King

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 18 Jun '12 17:04

Updated:: 05 Mar '13 12:58

Resolved:: 19 Jun '12 12:08

Gerrit Reviews

There are no open Gerrit changes