Details
-
Bug
-
Resolution: Incomplete
-
P1: Critical
-
None
-
5.4.0
-
None
-
Mac OS X Yosemite 10.10.1, Qt 5.4.0 downloaded direct from Qt, Mac OSX libGuardMalloc and Qt Creator.app
-
macOS
Description
I had posted this as bug QTBUG-43692 earlier today but that bug seems to have been lost in the migration. So here it is again:
1. Fire up Qt Creator.app from Qt 5.4.0 for Mac OS X under lldb
2. Enable Mac OS X 's libGuardMalloc
3. Open up existing project from main page under "Open Project"
4. File->Close Project
And you get the following use of memory after a free that libguardmalloc turns into a segfault.
KevinsiMac:Qt kbhend$ lldb "Qt Creator.app"
(lldb) target create "Qt Creator.app"
Current executable set to 'Qt Creator.app' (x86_64).
(lldb) env DYLD_INSERT_LIBRARIES=/usr/lib/libgmalloc.dylib
(lldb) process launch
Process 940 launched: '/Users/kbhend/Qt/Qt Creator.app/Contents/MacOS/Qt Creator' (x86_64)
GuardMalloc[Qt Creator-940]: Allocations will be placed on 16 byte boundaries.
GuardMalloc[Qt Creator-940]: - Some buffer overruns may not be noticed.
GuardMalloc[Qt Creator-940]: - Applications using vector instructions (e.g., SSE) should work.
GuardMalloc[Qt Creator-940]: version 104
Process 940 stopped
- thread #1: tid = 0x50728, 0x0000000106edd594 libqcocoa.dylib`___lldb_unnamed_function570$$libqcocoa.dylib + 4, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x123520220fb8)
frame #0: 0x0000000106edd594 libqcocoa.dylib`___lldb_unnamed_function570$$libqcocoa.dylib + 4
libqcocoa.dylib`___lldb_unnamed_function570$$libqcocoa.dylib + 4:
-> 0x106edd594: cmpq %rsi, 0x38(%rdi)
0x106edd598: jne 0x106edd5a2 ; ___lldb_unnamed_function570$$libqcocoa.dylib + 18
0x106edd59a: movq $0x0, 0x38(%rdi)
0x106edd5a2: popq %rbp
(lldb) bt - thread #1: tid = 0x50728, 0x0000000106edd594 libqcocoa.dylib`___lldb_unnamed_function570$$libqcocoa.dylib + 4, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x123520220fb8)
- frame #0: 0x0000000106edd594 libqcocoa.dylib`___lldb_unnamed_function570$$libqcocoa.dylib + 4
frame #1: 0x0000000106edac83 libqcocoa.dylib`___lldb_unnamed_function527$$libqcocoa.dylib + 387
frame #2: 0x0000000106edadfe libqcocoa.dylib`___lldb_unnamed_function529$$libqcocoa.dylib + 14
frame #3: 0x00000001003c2aaa QtWidgets`___lldb_unnamed_function2242$$QtWidgets + 106
frame #4: 0x00000001003c267e QtWidgets`___lldb_unnamed_function2231$$QtWidgets + 14
frame #5: 0x0000000101020997 QtCore`QObject::~QObject() + 1879
frame #6: 0x0000000100281a09 QtWidgets`QWidget::~QWidget() + 1609
frame #7: 0x00000001003bc0b8 QtWidgets`QMenu::~QMenu() + 456
frame #8: 0x00000001003bc12e QtWidgets`QMenu::~QMenu() + 14
frame #9: 0x0000000101020c05 QtCore`QObjectPrivate::deleteChildren() + 245
frame #10: 0x000000010028197b QtWidgets`QWidget::~QWidget() + 1467
frame #11: 0x00000001003bc0b8 QtWidgets`QMenu::~QMenu() + 456
frame #12: 0x00000001003bc12e QtWidgets`QMenu::~QMenu() + 14
frame #13: 0x0000000101020c05 QtCore`QObjectPrivate::deleteChildren() + 245
frame #14: 0x000000010028197b QtWidgets`QWidget::~QWidget() + 1467
frame #15: 0x0000000129eea30e libProjectExplorer.dylib`ProjectExplorer::Internal::TargetSettingsPanelWidget::~TargetSettingsPanelWidget() + 94
frame #16: 0x0000000129e9884e libProjectExplorer.dylib`ProjectExplorer::Internal::WidgetCache::deregisterProject(ProjectExplorer::Project*) + 318
frame #17: 0x0000000129e9862d libProjectExplorer.dylib`ProjectExplorer::Internal::ProjectWindow::deregisterProject(ProjectExplorer::Project*) + 61
frame #18: 0x000000012a00dc5d libProjectExplorer.dylib`ProjectExplorer::Internal::ProjectWindow::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) + 125
frame #19: 0x00000001010289db QtCore`QMetaObject::activate(QObject*, int, int, void**) + 2987
frame #20: 0x000000012a013ae0 libProjectExplorer.dylib`ProjectExplorer::SessionManager::aboutToRemoveProject(ProjectExplorer::Project*) + 64
frame #21: 0x0000000129f04f0b libProjectExplorer.dylib`ProjectExplorer::SessionManager::removeProjects(QList<ProjectExplorer::Project*>) + 235
frame #22: 0x0000000129f04cfc libProjectExplorer.dylib`ProjectExplorer::SessionManager::removeProject(ProjectExplorer::Project*) + 364
frame #23: 0x0000000129e60c65 libProjectExplorer.dylib`ProjectExplorer::ProjectExplorerPlugin::unloadProject(ProjectExplorer::Project*) + 1205
frame #24: 0x0000000129e61025 libProjectExplorer.dylib`ProjectExplorer::ProjectExplorerPlugin::unloadProject() + 277
frame #25: 0x000000012a00c087 libProjectExplorer.dylib`ProjectExplorer::ProjectExplorerPlugin::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) + 1191
frame #26: 0x00000001010289db QtCore`QMetaObject::activate(QObject*, int, int, void**) + 2987
frame #27: 0x000000010024a328 QtWidgets`___lldb_unnamed_function130$$QtWidgets + 344
frame #28: 0x00000001010289db QtCore`QMetaObject::activate(QObject*, int, int, void**) + 2987
frame #29: 0x0000000100249eff QtWidgets`QAction::activate(QAction::ActionEvent) + 271
frame #30: 0x000000010024a364 QtWidgets`___lldb_unnamed_function130$$QtWidgets + 404
frame #31: 0x00000001010289db QtCore`QMetaObject::activate(QObject*, int, int, void**) + 2987
frame #32: 0x0000000106eda430 libqcocoa.dylib`___lldb_unnamed_function521$$libqcocoa.dylib + 112
frame #33: 0x00007fff8f428cd7 libsystem_trace.dylib`_os_activity_initiate + 75
frame #34: 0x00007fff85bc9497 AppKit`-[NSApplication sendAction:to:from:] + 410
frame #35: 0x00007fff85be35da AppKit`-[NSMenuItem _corePerformAction] + 382
frame #36: 0x00007fff85be32f7 AppKit`-[NSCarbonMenuImpl performActionWithHighlightingForItemAtIndex:] + 114
frame #37: 0x00007fff8f428cd7 libsystem_trace.dylib`_os_activity_initiate + 75
frame #38: 0x00007fff85c30b96 AppKit`-[NSMenu performActionForItemAtIndex:] + 131
frame #39: 0x00007fff85c30b06 AppKit`-[NSMenu _internalPerformActionForItemAtIndex:] + 35
frame #40: 0x00007fff85c30952 AppKit`-[NSCarbonMenuImpl _carbonCommandProcessEvent:handlerCallRef:] + 107
frame #41: 0x00007fff85bd8eeb AppKit`NSSLMMenuEventHandler + 724
frame #42: 0x00007fff8f8c132c HIToolbox`DispatchEventToHandlers(EventTargetRec*, OpaqueEventRef*, HandlerCallRec*) + 1260
frame #43: 0x00007fff8f8c076e HIToolbox`SendEventToEventTargetInternal(OpaqueEventRef*, OpaqueEventTargetRef*, HandlerCallRec*) + 386
frame #44: 0x00007fff8f8d5286 HIToolbox`SendEventToEventTarget + 40
frame #45: 0x00007fff8f90a795 HIToolbox`SendHICommandEvent(unsigned int, HICommand const*, unsigned int, unsigned int, unsigned char, void const*, OpaqueEventTargetRef*, OpaqueEventTargetRef*, OpaqueEventRef**) + 428
frame #46: 0x00007fff8f93de8d HIToolbox`SendMenuCommandWithContextAndModifiers + 59
frame #47: 0x00007fff8f93de34 HIToolbox`SendMenuItemSelectedEvent + 188
frame #48: 0x00007fff8f93dd06 HIToolbox`FinishMenuSelection(SelectionData*, MenuResult*, MenuResult*) + 96
frame #49: 0x00007fff8f9458b1 HIToolbox`MenuSelectCore(MenuData*, Point, double, unsigned int, OpaqueMenuRef*, unsigned short) + 702
frame #50: 0x00007fff8f94549e HIToolbox`_HandleMenuSelection2 + 446
frame #51: 0x00007fff85b5ed1e AppKit`_NSHandleCarbonMenuEvent + 277
frame #52: 0x00007fff859faa40 AppKit`_DPSNextEvent + 1843
frame #53: 0x00007fff859f9e80 AppKit`-[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 194
frame #54: 0x00007fff859ede23 AppKit`-[NSApplication run] + 594
frame #55: 0x0000000106ed692d libqcocoa.dylib`___lldb_unnamed_function434$$libqcocoa.dylib + 2189
frame #56: 0x0000000100ff35ad QtCore`QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) + 381
frame #57: 0x0000000100ff658a QtCore`QCoreApplication::exec() + 346
frame #58: 0x000000010000d6b7 Qt Creator`main + 22103
frame #59: 0x00000001000053a4 Qt Creator`start + 52
(lldb)
In case this helps, a similar bug was found when testing a debug build of Sigil (a heavy user of Qt) under Mac OS X libguradmalloc after opening a Context Menu and closing a MainWindow; Notice the similarity of the back traces:
Process 1213 stopped
- thread #1: tid = 0x11c29, 0x000000011527a884 libqcocoa_debug.dylib`QCocoaMenuItem::clearMenu(QCocoaMenu*) + 20, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xc7fb39fb8)
frame #0: 0x000000011527a884 libqcocoa_debug.dylib`QCocoaMenuItem::clearMenu(QCocoaMenu*) + 20
libqcocoa_debug.dylib`QCocoaMenuItem::clearMenu(QCocoaMenu*) + 20:
-> 0x11527a884: cmpq 0x38(%rsi), %rdi
0x11527a888: movq %rsi, -0x18(%rbp)
0x11527a88c: jne 0x11527a89e ; QCocoaMenuItem::clearMenu(QCocoaMenu*) + 46
0x11527a892: movq -0x18(%rbp), %rax
(lldb) bt - thread #1: tid = 0x11c29, 0x000000011527a884 libqcocoa_debug.dylib`QCocoaMenuItem::clearMenu(QCocoaMenu*) + 20, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xc7fb39fb8)
- frame #0: 0x000000011527a884 libqcocoa_debug.dylib`QCocoaMenuItem::clearMenu(QCocoaMenu*) + 20
frame #1: 0x0000000115276119 libqcocoa_debug.dylib`QCocoaMenu::~QCocoaMenu() + 569
frame #2: 0x0000000115276225 libqcocoa_debug.dylib`QCocoaMenu::~QCocoaMenu() + 21
frame #3: 0x0000000115276249 libqcocoa_debug.dylib`QCocoaMenu::~QCocoaMenu() + 25
frame #4: 0x00000001017b254c QtWidgets_debug`QMenuPrivate::~QMenuPrivate() + 188
frame #5: 0x00000001017b1605 QtWidgets_debug`QMenuPrivate::~QMenuPrivate() + 21
frame #6: 0x00000001017b1629 QtWidgets_debug`QMenuPrivate::~QMenuPrivate() + 25
frame #7: 0x000000010ce822de QtCore_debug`QScopedPointerDeleter<QObjectData>::cleanup(QObjectData*) + 46
frame #8: 0x000000010ce82298 QtCore_debug`QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> >::~QScopedPointer() + 24
frame #9: 0x000000010ce7e7c5 QtCore_debug`QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> >::~QScopedPointer() + 21
frame #10: 0x000000010ce70ca9 QtCore_debug`QObject::~QObject() + 2553
frame #11: 0x00000001015e48d4 QtWidgets_debug`QWidget::~QWidget() + 2148
frame #12: 0x00000001017a7ede QtWidgets_debug`QMenu::~QMenu() + 318
frame #13: 0x00000001017a7f55 QtWidgets_debug`QMenu::~QMenu() + 21
frame #14: 0x00000001017a7fa9 QtWidgets_debug`QMenu::~QMenu() + 25
frame #15: 0x000000010ce70e4b QtCore_debug`QObjectPrivate::deleteChildren() + 235
frame #16: 0x00000001015e47fe QtWidgets_debug`QWidget::~QWidget() + 1934
frame #17: 0x0000000101736da5 QtWidgets_debug`QDockWidget::~QDockWidget() + 21
frame #18: 0x000000010031a31f Sigil`BookBrowser::~BookBrowser(this=0x00000001f77ccea0) + 159 at BookBrowser.cpp:86
frame #19: 0x000000010031a555 Sigil`BookBrowser::~BookBrowser(this=0x00000001f77ccea0) + 21 at BookBrowser.cpp:84
frame #20: 0x000000010031a5a9 Sigil`BookBrowser::~BookBrowser(this=0x00000001f77ccea0) + 25 at BookBrowser.cpp:84
frame #21: 0x000000010ce70e4b QtCore_debug`QObjectPrivate::deleteChildren() + 235
frame #22: 0x00000001015e47fe QtWidgets_debug`QWidget::~QWidget() + 1934
frame #23: 0x0000000101771085 QtWidgets_debug`QMainWindow::~QMainWindow() + 21
frame #24: 0x00000001002bf8f1 Sigil`MainWindow::~MainWindow(this=0x0000000132043890) + 721 at MainWindow.cpp:212
frame #25: 0x00000001002bf915 Sigil`MainWindow::~MainWindow(this=0x0000000132043890) + 21 at MainWindow.cpp:201
frame #26: 0x00000001002bf969 Sigil`MainWindow::~MainWindow(this=0x0000000132043890) + 25 at MainWindow.cpp:201