Details
P2: Important Description
Steps to reproduce
0) Have a Mac
1) Open quicknanobrowser
2) Go to http://webglsamples.org/
3) Click on third "Caves example", and wait for it to load
4) Click back arrow in the application, observe crash.
=================================================================
==85470==ERROR: AddressSanitizer: heap-use-after-free on address 0x60200040cdf8 at pc 0x0001360f4e0a bp 0x70000052ba00 sp 0x70000052b9f8
READ of size 8 at 0x60200040cdf8 thread T28
#0 0x1360f4e09 in QScopedPointer<QOpenGLFramebufferObjectPrivate, QScopedPointerDeleter<QOpenGLFramebufferObjectPrivate> >::data() const qscopedpointer.h:140
#1 0x1360f02b4 in QScopedPointer<QOpenGLFramebufferObjectPrivate, QScopedPointerDeleter<QOpenGLFramebufferObjectPrivate> >::pointer qGetPtrHelper<QScopedPointer<QOpenGLFramebufferObjectPrivate, QScopedPointerDeleter<QOpenGLFramebufferObjectPrivate> > >(QScopedPointer<QOpenGLFramebufferObjectPrivate, QScopedPointerDeleter<QOpenGLFramebufferObjectPrivate> > const&) qglobal.h:984
#2 0x1360f31d8 in QOpenGLFramebufferObject::d_func() const qopenglframebufferobject.h:60
#3 0x1360ed902 in QOpenGLFramebufferObject::format() const qopenglframebufferobject.cpp:1264
#4 0x1328801d5 in QSG24BitTextMaskShader::useSRGB() const qsgdefaultglyphnode_p.cpp:243
#5 0x1328802d0 in QSG24BitTextMaskShader::activate() qsgdefaultglyphnode_p.cpp:253
#6 0x13279f4c5 in QSGBatchRenderer::Renderer::setActiveShader(QSGMaterialShader*, QSGBatchRenderer::ShaderManager::Shader*) qsgbatchrenderer.cpp:2229
#7 0x1327a0a90 in QSGBatchRenderer::Renderer::renderMergedBatch(QSGBatchRenderer::Batch const*) qsgbatchrenderer.cpp:2299
#8 0x1327a5847 in QSGBatchRenderer::Renderer::renderBatches() qsgbatchrenderer.cpp:2550
#9 0x1327aac61 in QSGBatchRenderer::Renderer::render() qsgbatchrenderer.cpp:2744
#10 0x132773e89 in QSGRenderer::renderScene(QSGBindable const&) qsgrenderer.cpp:240
#11 0x132773709 in QSGRenderer::renderScene(unsigned int) qsgrenderer.cpp:194
#12 0x1328bbe3b in QSGDefaultRenderContext::renderNextFrame(QSGRenderer*, unsigned int) qsgdefaultrendercontext.cpp:181
#13 0x132a26b43 in QQuickWindowPrivate::renderSceneGraph(QSize const&) qquickwindow.cpp:465
#14 0x1328ec4e0 in QSGRenderThread::syncAndRender() qsgthreadedrenderloop.cpp:630
#15 0x1328edd01 in QSGRenderThread::run() qsgthreadedrenderloop.cpp:711
#16 0x138cf46e1 in QThreadPrivate::start(void*) qthread_unix.cpp:368
#17 0x7fff9c69399c in _pthread_body (libsystem_pthread.dylib+0x399c)
#18 0x7fff9c693919 in _pthread_start (libsystem_pthread.dylib+0x3919)
#19 0x7fff9c691350 in thread_start (libsystem_pthread.dylib+0x1350)
0x60200040cdf8 is located 8 bytes inside of 16-byte region [0x60200040cdf0,0x60200040ce00)
freed by thread T28 here:
#0 0x13a25887b in wrap__ZdlPv (libclang_rt.asan_osx_dynamic.dylib+0x5487b)
#1 0x1360ec4a1 in QOpenGLFramebufferObject::~QOpenGLFramebufferObject() qopenglframebufferobject.cpp:936
#2 0x1328dec3a in QSGDefaultLayer::invalidated() qsgdefaultlayer.cpp:124
#3 0x1328dea02 in QSGDefaultLayer::~QSGDefaultLayer() qsgdefaultlayer.cpp:117
#4 0x1328dea44 in QSGDefaultLayer::~QSGDefaultLayer() qsgdefaultlayer.cpp:116
#5 0x1328dea68 in QSGDefaultLayer::~QSGDefaultLayer() qsgdefaultlayer.cpp:116
#6 0x101c181bb in QtSharedPointer::CustomDeleter<QSGLayer, QtSharedPointer::NormalDeleter>::execute() qsharedpointer_impl.h:195
#7 0x101c18080 in QtSharedPointer::ExternalRefCountWithCustomDeleter<QSGLayer, QtSharedPointer::NormalDeleter>::deleter(QtSharedPointer::ExternalRefCountData*) qsharedpointer_impl.h:213
#8 0x101b4785e in QtSharedPointer::ExternalRefCountData::destroy() qsharedpointer_impl.h:157
#9 0x101c1278c in QSharedPointer<QSGLayer>::deref(QtSharedPointer::ExternalRefCountData*) qsharedpointer_impl.h:458
#10 0x101c12749 in QSharedPointer<QSGLayer>::deref() qsharedpointer_impl.h:453
#11 0x101c126f4 in QSharedPointer<QSGLayer>::~QSharedPointer() qsharedpointer_impl.h:312
#12 0x101c08d04 in QSharedPointer<QSGLayer>::~QSharedPointer() qsharedpointer_impl.h:312
#13 0x101c0fcf8 in QPair<cc::RenderPassId, QSharedPointer<QSGLayer> >::~QPair() qpair.h:49
#14 0x101c09714 in QPair<cc::RenderPassId, QSharedPointer<QSGLayer> >::~QPair() qpair.h:49
#15 0x101c0d988 in QVector<QPair<cc::RenderPassId, QSharedPointer<QSGLayer> > >::destruct(QPair<cc::RenderPassId, QSharedPointer<QSGLayer> >*, QPair<cc::RenderPassId, QSharedPointer<QSGLayer> >*) qvector.h:351
#16 0x101c0d93b in QVector<QPair<cc::RenderPassId, QSharedPointer<QSGLayer> > >::freeData(QTypedArrayData<QPair<cc::RenderPassId, QSharedPointer<QSGLayer> > >*) qvector.h:527
#17 0x101c0d8e6 in QVector<QPair<cc::RenderPassId, QSharedPointer<QSGLayer> > >::~QVector() qvector.h:75
#18 0x101c0d3d4 in QVector<QPair<cc::RenderPassId, QSharedPointer<QSGLayer> > >::~QVector() qvector.h:75
#19 0x101c0d36b in QtWebEngineCore::DelegatedFrameNode::SGObjects::~SGObjects() delegated_frame_node.h:98
#20 0x101c07264 in QtWebEngineCore::DelegatedFrameNode::SGObjects::~SGObjects() delegated_frame_node.h:98
#21 0x101c04afc in QtWebEngineCore::DelegatedFrameNode::commit(QtWebEngineCore::ChromiumCompositorData*, std::__1::vector<cc::ReturnedResource, std::__1::allocator<cc::ReturnedResource> >*, QtWebEngineCore::RenderWidgetHostViewQtDelegate*) delegated_frame_node.cpp:702
#22 0x101cd83bf in QtWebEngineCore::RenderWidgetHostViewQt::updatePaintNode(QSGNode*) render_widget_host_view_qt.cpp:737
#23 0x1019e70c3 in QtWebEngineCore::RenderWidgetHostViewQtDelegateQuick::updatePaintNode(QSGNode*, QQuickItem::UpdatePaintNodeData*) render_widget_host_view_qt_delegate_quick.cpp:373
#24 0x132a4aadb in QQuickWindowPrivate::updateDirtyNode(QQuickItem*) qquickwindow.cpp:3094
#25 0x132a260aa in QQuickWindowPrivate::updateDirtyNodes() qquickwindow.cpp:2839
#26 0x132a2533b in QQuickWindowPrivate::syncSceneGraph() qquickwindow.cpp:420
#27 0x1328eb0fa in QSGRenderThread::sync(bool) qsgthreadedrenderloop.cpp:549
#28 0x1328ebcdf in QSGRenderThread::syncAndRender() qsgthreadedrenderloop.cpp:595
#29 0x1328edd01 in QSGRenderThread::run() qsgthreadedrenderloop.cpp:711
previously allocated by thread T28 here:
#0 0x13a2582bb in wrap__Znwm (libclang_rt.asan_osx_dynamic.dylib+0x542bb)
#1 0x1328e1a0c in QSGDefaultLayer::grab() qsgdefaultlayer.cpp:353
#2 0x1328dfaa6 in QSGDefaultLayer::updateTexture() qsgdefaultlayer.cpp:179
#3 0x101bff299 in QtWebEngineCore::DelegatedFrameNode::preprocess() delegated_frame_node.cpp:472
#4 0x132775295 in QSGRenderer::preprocess() qsgrenderer.cpp:300
#5 0x132773b0b in QSGRenderer::renderScene(QSGBindable const&) qsgrenderer.cpp:218
#6 0x132773709 in QSGRenderer::renderScene(unsigned int) qsgrenderer.cpp:194
#7 0x1328bbe3b in QSGDefaultRenderContext::renderNextFrame(QSGRenderer*, unsigned int) qsgdefaultrendercontext.cpp:181
#8 0x132a26b43 in QQuickWindowPrivate::renderSceneGraph(QSize const&) qquickwindow.cpp:465
#9 0x1328ec4e0 in QSGRenderThread::syncAndRender() qsgthreadedrenderloop.cpp:630
#10 0x1328edd01 in QSGRenderThread::run() qsgthreadedrenderloop.cpp:711
#11 0x138cf46e1 in QThreadPrivate::start(void*) qthread_unix.cpp:368
#12 0x7fff9c69399c in _pthread_body (libsystem_pthread.dylib+0x399c)
#13 0x7fff9c693919 in _pthread_start (libsystem_pthread.dylib+0x3919)
#14 0x7fff9c691350 in thread_start (libsystem_pthread.dylib+0x1350)
Thread T28 created by T0 here:
#0 0x13a242f99 in wrap_pthread_create (libclang_rt.asan_osx_dynamic.dylib+0x3ef99)
#1 0x138cf7060 in QThread::start(QThread::Priority) qthread_unix.cpp:645
#2 0x1328f3657 in QSGThreadedRenderLoop::handleExposure(QQuickWindow*) qsgthreadedrenderloop.cpp:972
#3 0x1328f14cc in QSGThreadedRenderLoop::exposureChanged(QQuickWindow*) qsgthreadedrenderloop.cpp:891
#4 0x132a22ff7 in QQuickWindow::exposeEvent(QExposeEvent*) qquickwindow.cpp:215
#5 0x13555ed6c in QWindow::event(QEvent*) qwindow.cpp:2107
#6 0x132a3726b in QQuickWindow::event(QEvent*) qquickwindow.cpp:1575
#7 0x133a215d9 in QApplicationPrivate::notify_helper(QObject*, QEvent*) qapplication.cpp:3741
#8 0x133a2644b in QApplication::notify(QObject*, QEvent*) qapplication.cpp:3101
#9 0x13944695b in QCoreApplication::notifyInternal2(QObject*, QEvent*) qcoreapplication.cpp:988
#10 0x135532c6c in QCoreApplication::sendSpontaneousEvent(QObject*, QEvent*) qcoreapplication.h:234
#11 0x135521a19 in QGuiApplicationPrivate::processExposeEvent(QWindowSystemInterfacePrivate::ExposeEvent*) qguiapplication.cpp:2821
#12 0x135512e0e in QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) qguiapplication.cpp:1769
#13 0x13549d862 in QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) qwindowsysteminterface.cpp:662
#14 0x135493aac in QWindowSystemInterface::flushWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) qwindowsysteminterface.cpp:640
#15 0x1401f101c in QCocoaWindow::setVisible(bool) qcocoawindow.mm:696
#16 0x13554fa0b in QWindow::setVisible(bool) qwindow.cpp:552
#17 0x132dbe602 in QQuickWindowQmlImpl::setVisible(bool) qquickwindowmodule.cpp:82
#18 0x132dbfb0e in QQuickWindowQmlImpl::setWindowVisibility() qquickwindowmodule.cpp:167
#19 0x132dbed99 in QQuickWindowQmlImpl::componentComplete() qquickwindowmodule.cpp:124
#20 0x137a1063f in QQmlObjectCreator::finalize(QQmlInstantiationInterrupt&) qqmlobjectcreator.cpp:1222
#21 0x13780153a in QQmlComponentPrivate::complete(QQmlEnginePrivate*, QQmlComponentPrivate::ConstructionState*) qqmlcomponent.cpp:911
#22 0x1377fd33e in QQmlComponentPrivate::completeCreate() qqmlcomponent.cpp:947
#23 0x137803977 in QQmlComponent::createObject(QQmlV4Function*) qqmlcomponent.cpp:1274
#24 0x137b63c64 in QQmlComponent::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) moc_qqmlcomponent.cpp:147
#25 0x137b64814 in QQmlComponent::qt_metacall(QMetaObject::Call, int, void**) moc_qqmlcomponent.cpp:212
#26 0x139460c80 in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) qmetaobject.cpp:301
#27 0x13792baa1 in QQmlObjectOrGadget::metacall(QMetaObject::Call, int, void**) const qqmlpropertycache.cpp:1701
#28 0x1376d7bc9 in QV4::QObjectMethod::callInternal(QV4::CallData*, QV4::Scope&) const qv4qobjectwrapper.cpp:1820
#29 0x1376d6d5c in QV4::QObjectMethod::call(QV4::Managed const*, QV4::Scope&, QV4::CallData*) qv4qobjectwrapper.cpp:1755
#30 0x1371ec521 in QV4::Object::call(QV4::Scope&, QV4::CallData*) const qv4object_p.h:333
#31 0x137756918 in QV4::Runtime::method_callProperty(QV4::ExecutionEngine*, int, QV4::CallData*) qv4runtime.cpp:1034
#32 0x145c8023a (<unknown module>)
#33 0x13753056d in QV4::SimpleScriptFunction::call(QV4::Managed const*, QV4::Scope&, QV4::CallData*) qv4functionobject.cpp:587
#34 0x1371ec521 in QV4::Object::call(QV4::Scope&, QV4::CallData*) const qv4object_p.h:333
#35 0x137754c7c in QV4::Runtime::method_callActivationProperty(QV4::ExecutionEngine*, int, QV4::CallData*) qv4runtime.cpp:982
#36 0x145c805fb (<unknown module>)
#37 0x13753056d in QV4::SimpleScriptFunction::call(QV4::Managed const*, QV4::Scope&, QV4::CallData*) qv4functionobject.cpp:587
#38 0x1371ec521 in QV4::Object::call(QV4::Scope&, QV4::CallData*) const qv4object_p.h:333
#39 0x137789097 in QQmlVMEMetaObject::metaCall(QObject*, QMetaObject::Call, int, void**) qqmlvmemetaobject.cpp:950
#40 0x139460be0 in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) qmetaobject.cpp:299
#41 0x13946d8fe in QMetaMethod::invoke(QObject*, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) const qmetaobject.cpp:2225
#42 0x13946c01e in QMetaObject::invokeMethod(QObject*, char const*, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) qmetaobject.cpp:1488
#43 0x101958696 in QMetaObject::invokeMethod(QObject*, char const*, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) qobjectdefs.h:487
#44 0x10195722e in main main.cpp:91
GVA info: Successfully connected to the Intel plugin, offline Gen9
#45 0x7fffa1dae5ac in start (libdyld.dylib+0x35ac)
#46 0x0 (<unknown module>)
SUMMARY: AddressSanitizer: heap-use-after-free qscopedpointer.h:140 in QScopedPointer<QOpenGLFramebufferObjectPrivate, QScopedPointerDeleter<QOpenGLFramebufferObjectPrivate> >::data() const
Shadow bytes around the buggy address:
0x1c0400081960: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd
0x1c0400081970: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd
0x1c0400081980: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd
0x1c0400081990: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd
0x1c04000819a0: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd
=>0x1c04000819b0: fa fa fd fd fa fa fd fd fa fa fd fa fa fa fd[fd]
0x1c04000819c0: fa fa fd fd fa fa 00 00 fa fa fd fd fa fa fd fd
0x1c04000819d0: fa fa fd fd fa fa fd fa fa fa fd fa fa fa fd fd
0x1c04000819e0: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd
0x1c04000819f0: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd
0x1c0400081a00: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==85470==ABORTING
The program has unexpectedly finished.
Attachments
Issue Links
- mentioned in
-
Page Loading...