Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-56419

XCB: Use of uninitialized value in qxcbbackingstore.cpp if shmget() fails

    XMLWordPrintable

    Details

    • Commits:
      f4fff02cbb1f9399f407c15a27741c6cd1a17133

      Description

      In plugins/platforms/xcb/qxcbbackingstore.cpp, if shmget() fails in QXcbShmImage() and returns -1, m_shm_info.shmid is uninitialized.

      valgrind output (dev branch):

      QXcbShmImage: shmget() failed (2: No such file or directory) for size 1116288 (646x432)
      ==3201== Syscall param shmat(shmid) contains uninitialised byte(s)
      ==3201==    at 0x63BA447: shmat (syscall-template.S:84)
      ==3201==    by 0x40D2261: QXcbShmImage::QXcbShmImage(QXcbScreen*, QSize const&, unsigned int, QImage::Format) (qxcbbackingstore.cpp:177)
      ==3201==    by 0x40D4427: QXcbBackingStore::resize(QSize const&, QRegion const&) (qxcbbackingstore.cpp:645)
      ==3201==    by 0x697D0C9: QBackingStore::resize(QSize const&) (qbackingstore.cpp:221)
      ==3201==    by 0x4FBF3ED: QWidgetBackingStore::doSync() (qwidgetbackingstore.cpp:1195)
      ==3201==    by 0x4FBEDF4: QWidgetBackingStore::sync(QWidget*, QRegion const&) (qwidgetbackingstore.cpp:1138)
      ==3201==    by 0x4FF232F: QWidgetPrivate::syncBackingStore(QRegion const&) (qwidget.cpp:1967)
      ==3201==    by 0x5036C54: QWidgetWindow::handleExposeEvent(QExposeEvent*) (qwidgetwindow.cpp:921)
      ==3201==    by 0x5033CBA: QWidgetWindow::event(QEvent*) (qwidgetwindow.cpp:284)
      ==3201==    by 0x4FAE895: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:3743)
      ==3201==    by 0x4FABAFD: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:3103)
      ==3201==    by 0x59DD3E8: QCoreApplication::notifyInternal2(QObject*, QEvent*) (qcoreapplication.cpp:988)
      ==3201== 
      ==3201== Syscall param writev(vector[...]) points to uninitialised byte(s)
      ==3201==    at 0x63AE73D: ??? (syscall-template.S:84)
      ==3201==    by 0xC417F28: _xcb_conn_wait (in /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0)
      ==3201==    by 0xC41831C: _xcb_out_send (in /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0)
      ==3201==    by 0xC418A76: _xcb_out_flush_to (in /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0)
      ==3201==    by 0xC419833: xcb_request_check (in /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0)
      ==3201==    by 0x40D2346: QXcbShmImage::QXcbShmImage(QXcbScreen*, QSize const&, unsigned int, QImage::Format) (qxcbbackingstore.cpp:184)
      ==3201==    by 0x40D4427: QXcbBackingStore::resize(QSize const&, QRegion const&) (qxcbbackingstore.cpp:645)
      ==3201==    by 0x697D0C9: QBackingStore::resize(QSize const&) (qbackingstore.cpp:221)
      ==3201==    by 0x4FBF3ED: QWidgetBackingStore::doSync() (qwidgetbackingstore.cpp:1195)
      ==3201==    by 0x4FBEDF4: QWidgetBackingStore::sync(QWidget*, QRegion const&) (qwidgetbackingstore.cpp:1138)
      ==3201==    by 0x4FF232F: QWidgetPrivate::syncBackingStore(QRegion const&) (qwidget.cpp:1967)
      ==3201==    by 0x5036C54: QWidgetWindow::handleExposeEvent(QExposeEvent*) (qwidgetwindow.cpp:921)
      ==3201==  Address 0xcea97fc is 4,524 bytes inside a block of size 21,152 alloc'd
      ==3201==    at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
      ==3201==    by 0xC4178DB: xcb_connect_to_fd (in /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0)
      ==3201==    by 0xC41B610: xcb_connect_to_display_with_auth_info (in /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0)
      ==3201==    by 0xBCF2809: _XConnectXCB (in /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0)
      ==3201==    by 0xBCE3391: XOpenDisplay (in /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0)
      ==3201==    by 0x409F36E: QXcbConnection::QXcbConnection(QXcbNativeInterface*, bool, unsigned int, char const*) (qxcbconnection.cpp:581)
      ==3201==    by 0x40AB804: QXcbIntegration::QXcbIntegration(QStringList const&, int&, char**) (qxcbintegration.cpp:186)
      ==3201==    by 0x402A783: QXcbIntegrationPlugin::create(QString const&, QStringList const&, int&, char**) (qxcbmain.cpp:56)
      ==3201==    by 0x677DF09: _Z11qLoadPluginI20QPlatformIntegration26QPlatformIntegrationPluginIRK11QStringListRiRPPcEEPT_PK14QFactoryLoaderRK7QStringDpOT1_ (qfactoryloader_p.h:101)
      ==3201==    by 0x677D70D: QPlatformIntegrationFactory::create(QString const&, QStringList const&, int&, char**, QString const&) (qplatformintegrationfactory.cpp:71)
      ==3201==    by 0x678BD89: init_platform(QString const&, QString const&, QString const&, int&, char**) (qguiapplication.cpp:1106)
      ==3201==    by 0x678CEFD: QGuiApplicationPrivate::createPlatformIntegration() (qguiapplication.cpp:1269)
      ==3201== 
      ==3201== Warning: client syscall shmdt tried to modify addresses 0xffffffffffffffff-0xffffffffffffffff
      ==3201== Syscall param shmctl(shmid) contains uninitialised byte(s)
      ==3201==    at 0x63BA4D7: shmctl (syscall-template.S:84)
      ==3201==    by 0x40D239F: QXcbShmImage::QXcbShmImage(QXcbScreen*, QSize const&, unsigned int, QImage::Format) (qxcbbackingstore.cpp:189)
      ==3201==    by 0x40D4427: QXcbBackingStore::resize(QSize const&, QRegion const&) (qxcbbackingstore.cpp:645)
      ==3201==    by 0x697D0C9: QBackingStore::resize(QSize const&) (qbackingstore.cpp:221)
      ==3201==    by 0x4FBF3ED: QWidgetBackingStore::doSync() (qwidgetbackingstore.cpp:1195)
      ==3201==    by 0x4FBEDF4: QWidgetBackingStore::sync(QWidget*, QRegion const&) (qwidgetbackingstore.cpp:1138)
      ==3201==    by 0x4FF232F: QWidgetPrivate::syncBackingStore(QRegion const&) (qwidget.cpp:1967)
      ==3201==    by 0x5036C54: QWidgetWindow::handleExposeEvent(QExposeEvent*) (qwidgetwindow.cpp:921)
      ==3201==    by 0x5033CBA: QWidgetWindow::event(QEvent*) (qwidgetwindow.cpp:284)
      ==3201==    by 0x4FAE895: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:3743)
      ==3201==    by 0x4FABAFD: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:3103)
      ==3201==    by 0x59DD3E8: QCoreApplication::notifyInternal2(QObject*, QEvent*) (qcoreapplication.cpp:988)
      ==3201== 
      

        Attachments

        For Gerrit Dashboard: QTBUG-56419
        # Subject Branch Project Status CR V

          Activity

            People

            Assignee:
            Eddy Edward Welbourne
            Reporter:
            poikelin Joni Poikelin
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Gerrit Reviews

                There are no open Gerrit changes