Details
-
Bug
-
Resolution: Done
-
P2: Important
-
5.6.1, 5.8.0 Alpha
-
f4fff02cbb1f9399f407c15a27741c6cd1a17133
Description
In plugins/platforms/xcb/qxcbbackingstore.cpp, if shmget() fails in QXcbShmImage() and returns -1, m_shm_info.shmid is uninitialized.
valgrind output (dev branch):
QXcbShmImage: shmget() failed (2: No such file or directory) for size 1116288 (646x432) ==3201== Syscall param shmat(shmid) contains uninitialised byte(s) ==3201== at 0x63BA447: shmat (syscall-template.S:84) ==3201== by 0x40D2261: QXcbShmImage::QXcbShmImage(QXcbScreen*, QSize const&, unsigned int, QImage::Format) (qxcbbackingstore.cpp:177) ==3201== by 0x40D4427: QXcbBackingStore::resize(QSize const&, QRegion const&) (qxcbbackingstore.cpp:645) ==3201== by 0x697D0C9: QBackingStore::resize(QSize const&) (qbackingstore.cpp:221) ==3201== by 0x4FBF3ED: QWidgetBackingStore::doSync() (qwidgetbackingstore.cpp:1195) ==3201== by 0x4FBEDF4: QWidgetBackingStore::sync(QWidget*, QRegion const&) (qwidgetbackingstore.cpp:1138) ==3201== by 0x4FF232F: QWidgetPrivate::syncBackingStore(QRegion const&) (qwidget.cpp:1967) ==3201== by 0x5036C54: QWidgetWindow::handleExposeEvent(QExposeEvent*) (qwidgetwindow.cpp:921) ==3201== by 0x5033CBA: QWidgetWindow::event(QEvent*) (qwidgetwindow.cpp:284) ==3201== by 0x4FAE895: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:3743) ==3201== by 0x4FABAFD: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:3103) ==3201== by 0x59DD3E8: QCoreApplication::notifyInternal2(QObject*, QEvent*) (qcoreapplication.cpp:988) ==3201== ==3201== Syscall param writev(vector[...]) points to uninitialised byte(s) ==3201== at 0x63AE73D: ??? (syscall-template.S:84) ==3201== by 0xC417F28: _xcb_conn_wait (in /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0) ==3201== by 0xC41831C: _xcb_out_send (in /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0) ==3201== by 0xC418A76: _xcb_out_flush_to (in /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0) ==3201== by 0xC419833: xcb_request_check (in /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0) ==3201== by 0x40D2346: QXcbShmImage::QXcbShmImage(QXcbScreen*, QSize const&, unsigned int, QImage::Format) (qxcbbackingstore.cpp:184) ==3201== by 0x40D4427: QXcbBackingStore::resize(QSize const&, QRegion const&) (qxcbbackingstore.cpp:645) ==3201== by 0x697D0C9: QBackingStore::resize(QSize const&) (qbackingstore.cpp:221) ==3201== by 0x4FBF3ED: QWidgetBackingStore::doSync() (qwidgetbackingstore.cpp:1195) ==3201== by 0x4FBEDF4: QWidgetBackingStore::sync(QWidget*, QRegion const&) (qwidgetbackingstore.cpp:1138) ==3201== by 0x4FF232F: QWidgetPrivate::syncBackingStore(QRegion const&) (qwidget.cpp:1967) ==3201== by 0x5036C54: QWidgetWindow::handleExposeEvent(QExposeEvent*) (qwidgetwindow.cpp:921) ==3201== Address 0xcea97fc is 4,524 bytes inside a block of size 21,152 alloc'd ==3201== at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==3201== by 0xC4178DB: xcb_connect_to_fd (in /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0) ==3201== by 0xC41B610: xcb_connect_to_display_with_auth_info (in /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0) ==3201== by 0xBCF2809: _XConnectXCB (in /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0) ==3201== by 0xBCE3391: XOpenDisplay (in /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0) ==3201== by 0x409F36E: QXcbConnection::QXcbConnection(QXcbNativeInterface*, bool, unsigned int, char const*) (qxcbconnection.cpp:581) ==3201== by 0x40AB804: QXcbIntegration::QXcbIntegration(QStringList const&, int&, char**) (qxcbintegration.cpp:186) ==3201== by 0x402A783: QXcbIntegrationPlugin::create(QString const&, QStringList const&, int&, char**) (qxcbmain.cpp:56) ==3201== by 0x677DF09: _Z11qLoadPluginI20QPlatformIntegration26QPlatformIntegrationPluginIRK11QStringListRiRPPcEEPT_PK14QFactoryLoaderRK7QStringDpOT1_ (qfactoryloader_p.h:101) ==3201== by 0x677D70D: QPlatformIntegrationFactory::create(QString const&, QStringList const&, int&, char**, QString const&) (qplatformintegrationfactory.cpp:71) ==3201== by 0x678BD89: init_platform(QString const&, QString const&, QString const&, int&, char**) (qguiapplication.cpp:1106) ==3201== by 0x678CEFD: QGuiApplicationPrivate::createPlatformIntegration() (qguiapplication.cpp:1269) ==3201== ==3201== Warning: client syscall shmdt tried to modify addresses 0xffffffffffffffff-0xffffffffffffffff ==3201== Syscall param shmctl(shmid) contains uninitialised byte(s) ==3201== at 0x63BA4D7: shmctl (syscall-template.S:84) ==3201== by 0x40D239F: QXcbShmImage::QXcbShmImage(QXcbScreen*, QSize const&, unsigned int, QImage::Format) (qxcbbackingstore.cpp:189) ==3201== by 0x40D4427: QXcbBackingStore::resize(QSize const&, QRegion const&) (qxcbbackingstore.cpp:645) ==3201== by 0x697D0C9: QBackingStore::resize(QSize const&) (qbackingstore.cpp:221) ==3201== by 0x4FBF3ED: QWidgetBackingStore::doSync() (qwidgetbackingstore.cpp:1195) ==3201== by 0x4FBEDF4: QWidgetBackingStore::sync(QWidget*, QRegion const&) (qwidgetbackingstore.cpp:1138) ==3201== by 0x4FF232F: QWidgetPrivate::syncBackingStore(QRegion const&) (qwidget.cpp:1967) ==3201== by 0x5036C54: QWidgetWindow::handleExposeEvent(QExposeEvent*) (qwidgetwindow.cpp:921) ==3201== by 0x5033CBA: QWidgetWindow::event(QEvent*) (qwidgetwindow.cpp:284) ==3201== by 0x4FAE895: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:3743) ==3201== by 0x4FABAFD: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:3103) ==3201== by 0x59DD3E8: QCoreApplication::notifyInternal2(QObject*, QEvent*) (qcoreapplication.cpp:988) ==3201==
Attachments
For Gerrit Dashboard: QTBUG-56419 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
173421,2 | QXcbShmImage: don't use shmget()'s return unless it succeeds | 5.6 | qt/qtbase | Status: MERGED | +2 | 0 |