Details
-
Bug
-
Resolution: Done
-
P2: Important
-
5.0.0
-
None
-
msvc2008, win7, qt5
-
9f5ad02d516563e91f839cca82207f48bd75cfeb
Description
This is actually two separate bugs, the first is using uninitialized memory, the second, is using an unchecked invalid value via implicit conversion.
qaxserver.cpp:1127 uses an unallocated variable, on my machine, this gets set to -1, which gets passed down through the stack to QCoreApplicationPrivate (qcoreapplicationprivate:287), which then tries to allocate this value converted to uint, which leads to a crash in windows.
[W] UMR: Uninitialized memory read in QCoreApplicationPrivate::QCoreApplicationPrivate(int&,char * *,UINT)
{1 occurrence}Reading 4 bytes from 0x0019ee68 (4 bytes at 0x0019ee68 uninitialized)
Address 0x0019ee68 points into a thread's stack
Address 0x0019ee68 is the local variable 'argc' in DumpIDL
Thread ID: 0x2744
Error location
QCoreApplicationPrivate::QCoreApplicationPrivate(int&,char * *,UINT) [c:\depot\qt5\qtbase\src\corelib\kernel\qcoreapplication.cpp:293]
QGuiApplicationPrivate::QGuiApplicationPrivate(int&,char * *,int) [c:\depot\qt5\qtbase\src\gui\kernel\qguiapplication.cpp:379]
QApplicationPrivate::QApplicationPrivate(int&,char * *,Type::QCoreApplication,int) [c:\depot\qt5\qtbase\src\widgets\kernel\qapplication.cpp:161]
QApplication::QApplication(int&,char * *,int) [c:\depot\qt5\qtbase\src\widgets\kernel\qapplication.cpp:555]
DumpIDL [c:\depot\qt5\qtactiveqt\src\activeqt\control\qaxserver.cpp:1127]
bool delete_qApp = false;
if (!qApp) { int argc; => (void)new QApplication(argc, 0); delete_qApp = true; }
dumpIdl [c:\depot\qt5\qtactiveqt\src\tools\idc\main.cpp:176]
runIdc(int,char * *) [c:\depot\qt5\qtactiveqt\src\tools\idc\main.cpp:292]
main [c:\depot\qt5\qtactiveqt\src\tools\idc\main.cpp:334]
_tmainCRTStartup [f:\dd\vctools\crt_bld\self_x86\crt\src\crtexe.c:582]
mainCRTStartup [f:\dd\vctools\crt_bld\self_x86\crt\src\crtexe.c:398]
[I] MAF: Memory allocation failure of -1 bytes in new(UINT) {1 occurrence}
Allocation location
new(UINT) [C:\DEPOT\QT5\QTBASE\BIN\QTCORED5.DLL]
<>=(UINT) [f:\dd\vctools\crt_bld\self_x86\crt\src\newaop.cpp:7]
QCoreApplicationPrivate::QCoreApplicationPrivate(int&,char * *,UINT) [c:\depot\qt5\qtbase\src\corelib\kernel\qcoreapplication.cpp:293]
, in_exec(false)
, aboutToQuitEmitted(false)
, threadData_clean(false)
=> {
app_compile_version = flags & 0xffffff;
static const char *const empty = "";
if (argc == 0 || argv == 0) {
QGuiApplicationPrivate::QGuiApplicationPrivate(int&,char * *,int) [c:\depot\qt5\qtbase\src\gui\kernel\qguiapplication.cpp:379]
QApplicationPrivate::QApplicationPrivate(int&,char * *,Type::QCoreApplication,int) [c:\depot\qt5\qtbase\src\widgets\kernel\qapplication.cpp:161]
QApplication::QApplication(int&,char * *,int) [c:\depot\qt5\qtbase\src\widgets\kernel\qapplication.cpp:555]
DumpIDL [c:\depot\qt5\qtactiveqt\src\activeqt\control\qaxserver.cpp:1127]
dumpIdl [c:\depot\qt5\qtactiveqt\src\tools\idc\main.cpp:176]
runIdc(int,char * *) [c:\depot\qt5\qtactiveqt\src\tools\idc\main.cpp:292]
main [c:\depot\qt5\qtactiveqt\src\tools\idc\main.cpp:334]
please note: the second failure is in the code:
#ifdef Q_OS_WIN
, origArgc(aargc)
, origArgv(new char *[aargc])
#endif
Attachments
Issue Links
- relates to
-
QTBUG-26219 QCoreApplication with negative argc parameter causes memory allocation exception.
- Closed