Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-44161

Read out of bounds in QTranslator

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Not Evaluated
    • Resolution: Done
    • Affects Version/s: 5.4.0
    • Fix Version/s: 5.4.1
    • Component/s: Core: Locales (i18n)
    • Labels:
      None
    • Environment:
      OSX Clang Address Sanitizer 3.6
    • Commits:
      247607a1af0253576b3330075fdcbb3d5c4cca00

      Description

      When running the qtquickcontrols controls auto tests in 5.4.0 compiled with clang address sanitizer on OSX, I get the following crash:

      =================================================================
      ==4137==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00010a3a4eae at pc 0x00010396713d bp 0x00011f57dfb0 sp 0x00011f57d768
      READ of size 17 at 0x00010a3a4eae thread T7
          #0 0x10396713c in 0x0002513c (in libclang_rt.asan_osx_dynamic.dylib) + 412
          #1 0x10c80402f in match qtranslator.cpp:95
          #2 0x10c8080fb in getMessage qtranslator.cpp:914
          #3 0x10c8026ca in QTranslatorPrivate::do_translate const qtranslator.cpp:1022
          #4 0x10c8093ee in QTranslator::translate const qtranslator.cpp:1105
          #5 0x10c482706 in QCoreApplication::translate qcoreapplication.cpp:1896
          #6 0x108420b98 in QtFontStyle::Key::Key qfontdatabase.cpp:225
          #7 0x108424de9 in QtFontStyle::Key::Key qfontdatabase.cpp:230
          #8 0x108435b9f in QFontDatabase::isSmoothlyScalable const qfontdatabase.cpp:1562
          #9 0x111f6447e in QQuickTextNode::addGlyphs qquicktextnode.cpp:144
          #10 0x111f94428 in QQuickTextNodeEngine::addToSceneGraph qquicktextnodeengine.cpp:737
          #11 0x111f6adb1 in QQuickTextNode::addTextLayout qquicktextnode.cpp:305
          #12 0x111f380e2 in QQuickText::updatePaintNode qquicktext.cpp:2253
          #13 0x111c11b69 in QQuickWindowPrivate::updateDirtyNode qquickwindow.cpp:2822
          #14 0x111bc9961 in QQuickWindowPrivate::updateDirtyNodes qquickwindow.cpp:2647
          #15 0x111bc7ffd in QQuickWindowPrivate::syncSceneGraph qquickwindow.cpp:338
          #16 0x111a099de in QSGRenderThread::sync qsgthreadedrenderloop.cpp:510
          #17 0x111a0ae4c in QSGRenderThread::syncAndRender qsgthreadedrenderloop.cpp:553
          #18 0x111a0e2d4 in QSGRenderThread::run qsgthreadedrenderloop.cpp:663
          #19 0x10af0f513 in QThreadPrivate::start qthread_unix.cpp:337
          #20 0x7fff8ca58898 in _pthread_body (in libsystem_pthread.dylib) + 137
          #21 0x7fff8ca58729 in _pthread_start (in libsystem_pthread.dylib) + 136
          #22 0x7fff8ca5cfc8 in thread_start (in libsystem_pthread.dylib) + 12
      
      0x00010a3a4eae is located 50 bytes to the left of global variable '<string literal>' defined in 'text/qfontdatabase.cpp:227:49' (0x10a3a4ee0) of size 8
        '<string literal>' is ascii string 'Oblique'
      0x00010a3a4eae is located 0 bytes to the right of global variable '<string literal>' defined in 'text/qfontdatabase.cpp:225:61' (0x10a3a4ea0) of size 14
        '<string literal>' is ascii string 'QFontDatabase'
      SUMMARY: AddressSanitizer: global-buffer-overflow ??:0 ??
      Shadow bytes around the buggy address:
        0x100021474980: f9 f9 f9 f9 00 00 00 00 00 00 00 00 f9 f9 f9 f9
        0x100021474990: 00 00 00 00 00 00 00 02 f9 f9 f9 f9 00 00 07 f9
        0x1000214749a0: f9 f9 f9 f9 00 00 00 00 03 f9 f9 f9 f9 f9 f9 f9
        0x1000214749b0: 00 00 00 00 00 01 f9 f9 f9 f9 f9 f9 00 00 00 00
        0x1000214749c0: 00 00 00 07 f9 f9 f9 f9 00 00 00 00 07 f9 f9 f9
      =>0x1000214749d0: f9 f9 f9 f9 00[06]f9 f9 f9 f9 f9 f9 00 f9 f9 f9
        0x1000214749e0: f9 f9 f9 f9 00 00 07 f9 f9 f9 f9 f9 00 02 f9 f9
        0x1000214749f0: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
        0x100021474a00: 00 00 00 00 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 07
        0x100021474a10: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 07 f9 f9
        0x100021474a20: f9 f9 f9 f9 03 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9
      Shadow byte legend (one shadow byte represents 8 application bytes):
        Addressable:           00
        Partially addressable: 01 02 03 04 05 06 07
        Heap left redzone:       fa
        Heap right redzone:      fb
        Freed heap region:       fd
        Stack left redzone:      f1
        Stack mid redzone:       f2
        Stack right redzone:     f3
        Stack partial redzone:   f4
        Stack after return:      f5
        Stack use after scope:   f8
        Global redzone:          f9
        Global init order:       f6
        Poisoned by user:        f7
        Container overflow:      fc
        Array cookie:            ac
        ASan internal:           fe
      Thread T7 created by T0 here:
          #0 0x103966d4f in 0x00024d4f (in libclang_rt.asan_osx_dynamic.dylib) + 63
          #1 0x10af13e47 in QThread::start qthread_unix.cpp:616
          #2 0x111a1911a in QSGThreadedRenderLoop::handleExposure qsgthreadedrenderloop.cpp:922
          #3 0x111a162e1 in QSGThreadedRenderLoop::exposureChanged qsgthreadedrenderloop.cpp:843
          #4 0x111bc4f6b in QQuickWindow::exposeEvent qquickwindow.cpp:206
          #5 0x107a8a5dc in QWindow::event qwindow.cpp:2021
          #6 0x111be8eb6 in QQuickWindow::event qquickwindow.cpp:1392
          #7 0x1047d2b37 in QApplicationPrivate::notify_helper qapplication.cpp:3719
          #8 0x1047df4d1 in QApplication::notify qapplication.cpp:3161
          #9 0x10c47335d in QCoreApplication::notifyInternal qcoreapplication.cpp:932
          #10 0x107a218f5 in QCoreApplication::sendSpontaneousEvent qcoreapplication.h:231
          #11 0x107a00248 in QGuiApplicationPrivate::processExposeEvent qguiapplication.cpp:2643
          #12 0x1079e7b36 in QGuiApplicationPrivate::processWindowSystemEvent qguiapplication.cpp:1671
          #13 0x1078d9b65 in QWindowSystemInterface::sendWindowSystemEvents qwindowsysteminterface.cpp:573
          #14 0x1078c6ed9 in QWindowSystemInterface::flushWindowSystemEvents qwindowsysteminterface.cpp:557
          #15 0x11821d526 in QCocoaWindow::setVisible qcocoawindow.mm:679
          #16 0x107a6f115 in QWindow::setVisible qwindow.cpp:499
          #17 0x107a6a8c1 in QWindow::showNormal qwindow.cpp:1843
          #18 0x107a6a6ff in QWindow::show qwindow.cpp:1771
          #19 0x104622ed6 in quick_test_main quicktest.cpp:363
          #20 0x10393f8a0 in main tst_controls.cpp:35
          #21 0x10393f3b3 in start (in tst_controls) + 51
          #22 0x2 (<unknown module>)
      
      ==4137==ABORTING
      

      The call from qfontdatabase.cpp:225 is

      QCoreApplication::translate("QFontDatabase", "Italic")
      

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            • Assignee:
              thiago Thiago Macieira
              Reporter:
              daiweili Daiwei Li
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Gerrit Reviews

                There are no open Gerrit changes