Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-56685

QtSvg: Memory leak when creating invalid SVG file

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • P2: Important
    • None
    • 5.8.0 Alpha
    • SVG Support
    • None
    • Ubuntu 16.04.1; Linux clang mkspec
      qt5 commit 6ddf18df95b69b59; adjusted clang mkspec to build with "-fsanitize-coverage=edge -fsanitize=address"

    Description

      When creating an invalid SVG file, Qt leaks memory in createLinearGradientNode. Stacktrace of one of the leaks (there are more):

      Indirect leak of 576 byte(s) in 6 object(s) allocated from:
    #0 0x5096d0 in operator new(unsigned long) /home/peter/dev/llvm/projects/compiler-rt/lib/asan/asan_new_delete.cc:82
    #1 0x7f2649ba8df0 in createLinearGradientNode(QSvgNode*, QXmlStreamAttributes const&, QSvgHandler*) /home/peter/dev/qt5/qtsvg/src/svg/qsvghandler.cpp:2844:31
    #2 0x7f2649b739a1 in QSvgHandler::startElement(QString const&, QXmlStreamAttributes const&) /home/peter/dev/qt5/qtsvg/src/svg/qsvghandler.cpp:3710:35
    #3 0x7f2649b70e32 in QSvgHandler::parse() /home/peter/dev/qt5/qtsvg/src/svg/qsvghandler.cpp:3578:18
    #4 0x7f2649b70598 in QSvgHandler::init() /home/peter/dev/qt5/qtsvg/src/svg/qsvghandler.cpp:3556:5
    #5 0x7f2649b70786 in QSvgHandler::QSvgHandler(QByteArray const&) /home/peter/dev/qt5/qtsvg/src/svg/qsvghandler.cpp:3539:5
    #6 0x7f2649c12b55 in QSvgTinyDocument::load(QByteArray const&) /home/peter/dev/qt5/qtsvg/src/svg/qsvgtinydocument.cpp:204:17
    #7 0x7f2649c222a3 in bool loadDocument<QByteArray>(QSvgRenderer*, QSvgRendererPrivate*, QByteArray const&) /home/peter/dev/qt5/qtsvg/src/svg/qsvgrenderer.cpp:316:17
    #8 0x7f2649c20425 in QSvgRenderer::load(QByteArray const&) /home/peter/dev/qt5/qtsvg/src/svg/qsvgrenderer.cpp:352:12
    #9 0x7f2649c203ab in QSvgRenderer::QSvgRenderer(QByteArray const&, QObject*) /home/peter/dev/qt5/qtsvg/src/svg/qsvgrenderer.cpp:149:5
    #10 0x50dbc5 in LLVMFuzzerTestOneInput /home/peter/dev/fuzzers/qt-fuzzing/libFuzzer-testcases/QSvgRenderer/qsvgrenderer.cpp:6:18
    #11 0x5172c5 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /home/peter/dev/fuzzers/Fuzzer/FuzzerLoop.cpp:475:13
    #12 0x50ef60 in main /home/peter/dev/fuzzers/Fuzzer/FuzzerMain.cpp:20:10

      For all leaks and a way how to reproduce see the attachment.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            matthias_rauter Matthias Rauter
            peter-har Peter Hartmann
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:

              Gerrit Reviews

                There are no open Gerrit changes