Details
-
Bug
-
Resolution: Done
-
P2: Important
-
5.0.0 RC 1
-
None
-
Linux, Clang trunk/3.3, -sanitize-address
https://codereview.qt-project.org/#change,41476
-
a3a4114f5377597a4641f1c21cac37453afdda9c
Description
heap-buffer-overflow: not sure if only the unit test is buggy.
==23824== ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7fbded216fc0 at pc 0x7fbdeaf215cd bp 0x7ffffeeb1510 sp 0x7ffffeeb1508 READ of size 1 at 0x7fbded216fc0 thread T0 #0 0x7fbdeaf215cc in swap_bit_order(QImageData*, QImageData const*, QFlags<Qt::ImageConversionFlag>) qimage.cpp:2114 #1 0x7fbdeaed1da2 in QImage::convertToFormat(QImage::Format, QFlags<Qt::ImageConversionFlag>) const qimage.cpp:3370 #2 0x43c5a6 in ?? ??:0 #3 0x47f31a in ?? ??:0 #4 0x7fbde9a4c9ba in QMetaMethod::invoke(QObject*, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) const qmetaobject.cpp:2146 #5 0x7fbde9a4a533 in QMetaObject::invokeMethod(QObject*, char const*, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) qmetaobject.cpp:1462 #6 0x7fbdece883e6 in QMetaObject::invokeMethod(QObject*, char const*, Qt::ConnectionType, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) qobjectdefs.h:396 #7 0x7fbdece61ccc in QTest::qInvokeTestMethodDataEntry(char*) qtestcase.cpp:1651 #8 0x7fbdece60187 in QTest::qInvokeTestMethod(char const*, char const*) qtestcase.cpp:1769 #9 0x7fbdece51392 in QTest::qInvokeTestMethods(QObject*) qtestcase.cpp:1923 #10 0x7fbdece4f52c in QTest::qExec(QObject*, int, char**) qtestcase.cpp:2136 #11 0x47e8d6 in ?? ??:0 #12 0x7fbde778676c in ?? ??:0 0x7fbded216fc0 is located 0 bytes to the right of 128-byte region [0x7fbded216f40,0x7fbded216fc0) allocated by thread T0 here: #0 0x4dc24a in ?? ??:0 #1 0x7fbdeaeb4d46 in QImageData::create(QSize const&, QImage::Format, int) qimage.cpp:169 #2 0x7fbdeaeb7f18 in QImage qimage.cpp:743 #3 0x43ab78 in ?? ??:0 #4 0x47f31a in ?? ??:0 #5 0x7fbde9a4c9ba in QMetaMethod::invoke(QObject*, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) const qmetaobject.cpp:2146 #6 0x7fbde9a4a533 in QMetaObject::invokeMethod(QObject*, char const*, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) qmetaobject.cpp:1462 Shadow byte and word: 0x1ff7bda42df8: fa 0x1ff7bda42df8: fa fa fa fa fa fa fa fa More shadow bytes: 0x1ff7bda42dd8: fa fa fa fa fa fa fa fa 0x1ff7bda42de0: fa fa fa fa fa fa fa fa 0x1ff7bda42de8: 00 00 00 00 00 00 00 00 0x1ff7bda42df0: 00 00 00 00 00 00 00 00 =>0x1ff7bda42df8: fa fa fa fa fa fa fa fa 0x1ff7bda42e00: fa fa fa fa fa fa fa fa 0x1ff7bda42e08: fd fd fd fd fd fd fd fd 0x1ff7bda42e10: fd fd fd fd fd fd fd fd 0x1ff7bda42e18: fa fa fa fa fa fa fa fa Stats: 113M malloced (120M for red zones) by 135402 calls Stats: 104M realloced by 10992 calls Stats: 113M freed by 132727 calls Stats: 81M really freed by 95799 calls Stats: 70M (18046 full pages) mmaped in 140 calls mmaps by size class: 7:36855; 8:4094; 9:1023; 10:511; 11:255; 12:128; 13:64; 14:64; 15:16; 16:968; mallocs by size class: 7:122112; 8:8666; 9:677; 10:94; 11:90; 12:194; 13:106; 14:37; 15:12; 16:3414; frees by size class: 7:119924; 8:8337; 9:622; 10:58; 11:42; 12:185; 13:100; 14:36; 15:10; 16:3413; rfrees by size class: 7:86305; 8:6143; 9:540; 10:58; 11:31; 12:136; 13:81; 14:36; 15:10; 16:2459; Stats: malloc large: 3426 small slow: 641 ==23824== ABORTING