Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-41107

QImageReader::supportedImageFormats() leads to overwritten memory and crashes when used from a thread

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P1: Critical
    • 6.0, 5.15
    • 5.3.0, 5.3.1
    • Image formats
    • None
    • MacOSX, maybe others too
    • macOS

    Description

      Create a thread and call QImageReader::supportedImageFormats() from it.
      This leads to overwritten memory and crashes on application exit.

      I've attached a demo project reproducing the issue.

      The important line is the following slot being called after pushing the surrounding worker object into a thread:

          void work()
    {
        (void)QImageReader::supportedImageFormats();
        emit done();
    }

      In this case the loading of the plugins is done within the thread's context. If you preload the plugins by calling QImageReader::supportedImageFormats(); from the main thread first everything seems to be ok - at least it does not crash within several minutes of running the code.

      It's not happening all the time - only in some cases. This is why I've also created 2 bash files: calling the executable in multiple processes parallel. The crash should happen in about 10 seconds at least once.

      > multirun.sh

helloworld(32999,0x7fff72090310) malloc: *** error for object 0x7ff911e02ce8: incorrect checksum for freed object - object was probably modified after being freed.
*** set a breakpoint in malloc_error_break to debug
helloworld(34196,0x10ea81000) malloc: *** error for object 0x7f944a109fb8: incorrect checksum for freed object - object was probably modified after being freed.
*** set a breakpoint in malloc_error_break to debug
./run.sh: line 6: 32999 Abort trap: 6           ../qt5test-build/helloworld
helloworld(34602,0x7fff72090310) malloc: *** error for object 0x7fa722900688: incorrect checksum for freed object - object was probably modified after being freed.
*** set a breakpoint in malloc_error_break to debug
helloworld(34856,0x7fff72090310) malloc: *** error for object 0x7fb62b30a648: incorrect checksum for freed object - object was probably modified after being freed.
*** set a breakpoint in malloc_error_break to debug

      For me it's ok to preload the image formats - the issue I am having with this is that there is no warning. Nothing.
      You just end up with memory corruption...

      Attachments

        1. crash.zip
          2 kB
        2. main.cpp
          1.0 kB

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-39642 QPluginLoader not reentrant

          • P3: Somewhat important - Should be fixed, but doesn't affect the release in any way.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              vgt Eirik Aavitsland
              andreasloew Andreas Loew
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes