Details
-
Bug
-
Resolution: Out of scope
-
P2: Important
-
None
-
4.8.1, 5.4.0 Alpha
-
None
-
Ubuntu 12.04
Linux halk 3.2.0-32-generic #51-Ubuntu SMP Wed Sep 26 21:33:09 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
QMake version 2.01a
Using Qt version 4.8.1 in /usr/lib/x86_64-linux-gnu
Description
Trying to add a variable with a call to bindVariable() and somehow the libraries crashes in QPatternist::TypeChecker::verifyType(). The crash happens on line 166 of type/qtypechecker.cpp. The call comes from QPatternist::TypeChecker::applyFunctionConversion(). There is the full stack trace in gdb:
#0 0x00007ffff7ac3904 in QPatternist::TypeChecker::verifyType (operand=..., reqSeqType=..., context=..., code=QPatternist::ReportContext::XPTY0004, options=...)
at type/qtypechecker.cpp:166
#1 0x00007ffff7ac5958 in QPatternist::TypeChecker::applyFunctionConversion (operand=..., reqType=..., context=..., code=QPatternist::ReportContext::XPTY0004,
options=...) at type/qtypechecker.cpp:81
#2 0x00007ffff795cdae in QPatternist::resolveVariable (name=..., sourceLocator=..., parseInfo=0x63e050, raiseErrorOnUnavailability=<optimized out>)
at querytransformparser.ypp:987
#3 0x00007ffff796a69e in QPatternist::XPathparse (parseInfo=0x63e050) at querytransformparser.ypp:3604
#4 0x00007ffff78b5b9b in QPatternist::ExpressionFactory::createExpression (this=0x636f10, tokenizer=..., context=..., lang=QXmlQuery::XSLT20, requiredType=...,
queryURI=..., initialTemplateName=...) at expr/qexpressionfactory.cpp:151
#5 0x00007ffff78b7f76 in QPatternist::ExpressionFactory::createExpression (this=0x636f10, device=<optimized out>, context=..., lang=QXmlQuery::XSLT20,
requiredType=..., queryURI=..., initialTemplateName=...) at expr/qexpressionfactory.cpp:125
#6 0x00007ffff784f49c in QXmlQueryPrivate::expression (this=0x62b9e0, queryDevice=0x7fffffffe070) at api/qxmlquery_p.h:258
#7 0x00007ffff7860b65 in QXmlQuery::setQuery (this=0x7fffffffe140, sourceCode=0x7fffffffe070, documentURI=...) at api/qxmlquery.cpp:430
#8 0x00007ffff7860c28 in QXmlQuery::setQuery (this=0x7fffffffe140, sourceCode=..., documentURI=...) at api/qxmlquery.cpp:449
#9 0x0000000000401408 in main ()
The strange thing is that the crash is due to a NULL pointer in the reqType variable which is checked in the parser before calling the function that verifies the type and makes sure that reqType is not NULL... (at least that's how it looks like.)
I'm attaching a sample that exposes the crash in 4.8.1. To compile with cmake do this:
tar xf bind-bug.tar.bz2
mkdir BUILD
cd BUILD
cmake ..
make
./bind-bug
(crash!)
Note:
Comment out the bindVariable() call and the sample doesn't crash!