Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-33158

Crash in (QProcess (). waitForStarted ())

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P1: Critical
    • Resolution: Done
    • Affects Version/s: 4.8.4
    • Fix Version/s: 5.2.0
    • Component/s: Core: I/O
    • Labels:
      None
    • Environment:
    • Commits:
      c8d9b17367cfdcb034d11f8a168ca4ae3993e7c3

      Description

      The expression causes Qt to crash: (QProcess (). waitForStarted ()) because childStartedPipe[0] is -1 which is not a valid argument for FD_SET. The function should verify that childStartedPipe[0] is valid and return an error otherwise.

      Starting program: /tmp/a.out
      [Thread debugging using libthread_db enabled]
      Using host libthread_db library "/lib64/libthread_db.so.1".

          • buffer overflow detected ***: /tmp/a.out terminated
            ======= Backtrace: =========
            /lib64/libc.so.6(__fortify_fail+0x37)[0x7ffff6e35277]
            /lib64/libc.so.6(+0xfc350)[0x7ffff6e33350]
            /lib64/libc.so.6(+0xfe1e7)[0x7ffff6e351e7]
            /usr/lib64/libQtCore.so.4(+0x1591a4)[0x7ffff7a571a4]
            /tmp/a.out[0x400f81]
            /lib64/libc.so.6(__libc_start_main+0xf5)[0x7ffff6d58a15]
            /tmp/a.out[0x400e49]
            ======= Memory map: ========

      Program received signal SIGABRT, Aborted.
      0x00007ffff6d6c3d5 in __GI_raise (sig=sig@entry=6)
      at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
      56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
      (gdb) bt
      #0 0x00007ffff6d6c3d5 in __GI_raise (sig=sig@entry=6)
      at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
      #1 0x00007ffff6d6d858 in __GI_abort () at abort.c:90
      #2 0x00007ffff6dac07b in __libc_message (do_abort=do_abort@entry=2,
      fmt=fmt@entry=0x7ffff6ea17f8 "*** %s ***: %s terminated\n")
      at ../sysdeps/unix/sysv/linux/libc_fatal.c:196
      #3 0x00007ffff6e35277 in _GI__fortify_fail (msg=msg@entry=
      0x7ffff6ea178f "buffer overflow detected") at fortify_fail.c:31
      #4 0x00007ffff6e33350 in _GI__chk_fail () at chk_fail.c:28
      #5 0x00007ffff6e351e7 in __fdelt_chk (d=<optimized out>) at fdelt_chk.c:25
      #6 0x00007ffff7a571a4 in QProcessPrivate::waitForStarted (this=0x603010,
      msecs=30000) at io/qprocess_unix.cpp:1040
      #7 0x0000000000400f81 in main () at test.cpp:13
      (gdb) f 6
      #6 0x00007ffff7a571a4 in QProcessPrivate::waitForStarted (this=0x603010,
      msecs=30000) at io/qprocess_unix.cpp:1040
      1040 FD_SET(childStartedPipe[0], &fds);
      (gdb) p childStartedPipe
      $20 = {-1, -1}
      (gdb) p fds
      $21 = {fds_bits = {0 <repeats 16 times>}}
      (gdb) f 6
      #6 0x00007ffff7a571a4 in QProcessPrivate::waitForStarted (this=0x603010,
      msecs=30000) at io/qprocess_unix.cpp:1040
      1040 FD_SET(childStartedPipe[0], &fds);
      (gdb) c
      Continuing.

      Program terminated with signal SIGABRT, Aborted.
      The program no longer exists.
      (gdb) ! c++ -g test.cpp -lQtCore
      (gdb) run
      `/tmp/a.out' has changed; re-reading symbols.
      Starting program: /tmp/a.out
      [Thread debugging using libthread_db enabled]
      Using host libthread_db library "/lib64/libthread_db.so.1".

          • buffer overflow detected ***: /tmp/a.out terminated
            ======= Backtrace: =========
            /lib64/libc.so.6(__fortify_fail+0x37)[0x7ffff6e35277]
            /lib64/libc.so.6(+0xfc350)[0x7ffff6e33350]
            /lib64/libc.so.6(+0xfe1e7)[0x7ffff6e351e7]
            /usr/lib64/libQtCore.so.4(+0x1591a4)[0x7ffff7a571a4]
            /tmp/a.out[0x400f37]
            /lib64/libc.so.6(__libc_start_main+0xf5)[0x7ffff6d58a15]
            /tmp/a.out[0x400e49]
            ======= Memory map: ========

      Program received signal SIGABRT, Aborted.
      0x00007ffff6d6c3d5 in __GI_raise (sig=sig@entry=6)
      at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
      56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
      (gdb) bt
      #0 0x00007ffff6d6c3d5 in __GI_raise (sig=sig@entry=6)
      at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
      #1 0x00007ffff6d6d858 in __GI_abort () at abort.c:90
      #2 0x00007ffff6dac07b in __libc_message (do_abort=do_abort@entry=2,
      fmt=fmt@entry=0x7ffff6ea17f8 "*** %s ***: %s terminated\n")
      at ../sysdeps/unix/sysv/linux/libc_fatal.c:196
      #3 0x00007ffff6e35277 in _GI__fortify_fail (msg=msg@entry=
      0x7ffff6ea178f "buffer overflow detected") at fortify_fail.c:31
      #4 0x00007ffff6e33350 in _GI__chk_fail () at chk_fail.c:28
      #5 0x00007ffff6e351e7 in __fdelt_chk (d=<optimized out>) at fdelt_chk.c:25
      #6 0x00007ffff7a571a4 in QProcessPrivate::waitForStarted (this=0x603010,
      msecs=30000) at io/qprocess_unix.cpp:1040
      #7 0x0000000000400f37 in main () at test.cpp:10
      (gdb) f 6
      #6 0x00007ffff7a571a4 in QProcessPrivate::waitForStarted (this=0x603010,
      msecs=30000) at io/qprocess_unix.cpp:1040
      1040 FD_SET(childStartedPipe[0], &fds);
      (gdb) c
      Continuing.

      Program terminated with signal SIGABRT, Aborted.
      The program no longer exists.
      (gdb) info shared
      warning: Temporarily disabling breakpoints for unloaded shared library "/usr/lib64/libQtCore.so.4"
      warning: Temporarily disabling breakpoints for unloaded shared library "/lib64/libc.so.6"
      warning: Temporarily disabling breakpoints for unloaded shared library "/lib64/libpthread.so.0"
      From To Syms Read Shared Object Library
      0x00007ffff7ddbac0 0x00007ffff7df4be9 Yes /lib64/ld-linux-x86-64.so.2

        Attachments

          Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            Activity

              People

              Assignee:
              thiago Thiago Macieira
              Reporter:
              yecril71pl Christopher Yeleighton
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Gerrit Reviews

                  There are no open Gerrit changes