Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-27886

QXmlQuery::setQuery() crash when bindVariable() is used

    XMLWordPrintable

Details

    • Bug
    • Resolution: Out of scope
    • P2: Important
    • None
    • 4.8.1, 5.4.0 Alpha
    • XML: QtXmlPatterns
    • None
    • Ubuntu 12.04
      Linux halk 3.2.0-32-generic #51-Ubuntu SMP Wed Sep 26 21:33:09 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
      QMake version 2.01a
      Using Qt version 4.8.1 in /usr/lib/x86_64-linux-gnu

    Description

      Trying to add a variable with a call to bindVariable() and somehow the libraries crashes in QPatternist::TypeChecker::verifyType(). The crash happens on line 166 of type/qtypechecker.cpp. The call comes from QPatternist::TypeChecker::applyFunctionConversion(). There is the full stack trace in gdb:

      #0 0x00007ffff7ac3904 in QPatternist::TypeChecker::verifyType (operand=..., reqSeqType=..., context=..., code=QPatternist::ReportContext::XPTY0004, options=...)
      at type/qtypechecker.cpp:166
      #1 0x00007ffff7ac5958 in QPatternist::TypeChecker::applyFunctionConversion (operand=..., reqType=..., context=..., code=QPatternist::ReportContext::XPTY0004,
      options=...) at type/qtypechecker.cpp:81
      #2 0x00007ffff795cdae in QPatternist::resolveVariable (name=..., sourceLocator=..., parseInfo=0x63e050, raiseErrorOnUnavailability=<optimized out>)
      at querytransformparser.ypp:987
      #3 0x00007ffff796a69e in QPatternist::XPathparse (parseInfo=0x63e050) at querytransformparser.ypp:3604
      #4 0x00007ffff78b5b9b in QPatternist::ExpressionFactory::createExpression (this=0x636f10, tokenizer=..., context=..., lang=QXmlQuery::XSLT20, requiredType=...,
      queryURI=..., initialTemplateName=...) at expr/qexpressionfactory.cpp:151
      #5 0x00007ffff78b7f76 in QPatternist::ExpressionFactory::createExpression (this=0x636f10, device=<optimized out>, context=..., lang=QXmlQuery::XSLT20,
      requiredType=..., queryURI=..., initialTemplateName=...) at expr/qexpressionfactory.cpp:125
      #6 0x00007ffff784f49c in QXmlQueryPrivate::expression (this=0x62b9e0, queryDevice=0x7fffffffe070) at api/qxmlquery_p.h:258
      #7 0x00007ffff7860b65 in QXmlQuery::setQuery (this=0x7fffffffe140, sourceCode=0x7fffffffe070, documentURI=...) at api/qxmlquery.cpp:430
      #8 0x00007ffff7860c28 in QXmlQuery::setQuery (this=0x7fffffffe140, sourceCode=..., documentURI=...) at api/qxmlquery.cpp:449
      #9 0x0000000000401408 in main ()

      The strange thing is that the crash is due to a NULL pointer in the reqType variable which is checked in the parser before calling the function that verifies the type and makes sure that reqType is not NULL... (at least that's how it looks like.)

      I'm attaching a sample that exposes the crash in 4.8.1. To compile with cmake do this:

      tar xf bind-bug.tar.bz2
      mkdir BUILD
      cd BUILD
      cmake ..
      make
      ./bind-bug
      (crash!)

      Note:
      Comment out the bindVariable() call and the sample doesn't crash!

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            Unassigned Unassigned
            alexiswilke Alexis Wilke
            Votes:
            2 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes