Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-45601

QProcess/Win can cause malformed heap

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P1: Critical
    • Resolution: Done
    • Affects Version/s: 5.4.0
    • Fix Version/s: 5.4.2
    • Component/s: Core: I/O
    • Labels:
      None
    • Environment:
      Windows 7, MSVC
    • Commits:
      5ce567c536fde6b7cb93657d14df404f3e270119

      Description

      Consider a short-lived process that produces some output.

      Start this process via QProcess and call waitForFinished.

      Then the following can happen:

      • in QProcessPrivate::waitForFinished WaitForSingleObject returns WAIT_OBJECT_0
      • drainOutputPipes is called and returns.
      • The QWindowsPipeReader objects are still active, because the pipe has not been closed yet.
      • _q_processDied() is called, which calls cleanup(), which calls QWindowsPipeReader::stop()
      • QWindowsPipeReader::stop() sets readSequenceStarted to false, but doesn't cancel the I/O operation (should it rather?)
      • waitForFinished() returns
      • The QProcess object is destroyed with all its children.
      • QWindowsPipeReader with readSequenceStarted==false but an active I/O operation is destroyed.
      • The OVERLAPPED object and the read buffer in QWindowsPipeReader is destroyed.
      • The active I/O operation modifies the (now destroyed) OVERLAPPED object and, potentially, the read buffer. BAM! The heap is a mess.

      This issue originates from QTCREATORBUG-13713.
      We can only reproduce it on Windows 7.

        Attachments

          Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            Activity

              People

              • Assignee:
                jbornema Joerg Bornemann
                Reporter:
                jbornema Joerg Bornemann
              • Votes:
                1 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Gerrit Reviews

                  There are no open Gerrit changes