Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-57778

Linking to QtWebEngine redirects "operator new" due to chromium's allocator_shim.cc

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P1: Critical
    • Resolution: Done
    • Affects Version/s: 5.8.0 RC
    • Fix Version/s: 5.9.0 Beta 2
    • Component/s: WebEngine
    • Labels:
      None
    • Environment:
      Qt 5.8 git, Linux X11
    • Commits:
      5c2cbfc

      Description

      Running some Qt apps in valgrind shows problems like this:

      ==4799== Mismatched free() / delete / delete []
==4799==    at 0x4C2A65D: operator delete(void*) (vg_replace_malloc.c:576)
==4799==    by 0x6CF853D: QVBoxLayout::~QVBoxLayout() (qboxlayout.cpp:1354)
==4799==    by 0x6D1CE90: QWidget::~QWidget() (qwidget.cpp:1594)
==4799==    by 0x6F631A1: QDialog::~QDialog() (qdialog.cpp:352)
==4799==    by 0x5152C85: Akonadi::EmailAddressSelectionDialog::~EmailAddressSelectionDialog() (emailaddressselectiondialog.cpp:92)
==4799==    by 0x401876: main (emailaddressselectiondialogtest.cpp:35)
==4799==  Address 0x279546e0 is 0 bytes inside a block of size 32 alloc'd
==4799==    at 0x4C29D78: operator new[](unsigned long) (vg_replace_malloc.c:423)
==4799==    by 0x5152DB7: Akonadi::EmailAddressSelectionDialog::Private::Private(Akonadi::EmailAddressSelectionDialog*, QAbstractItemModel*) (emailaddressselectiondialog.cpp:40)
==4799==    by 0x5152B22: Akonadi::EmailAddressSelectionDialog::EmailAddressSelectionDialog(QWidget*) (emailaddressselectiondialog.cpp:82)
==4799==    by 0x401681: main (emailaddressselectiondialogtest.cpp:35)

      Using "step" in gdb I found out that the new call at emailaddressselectiondialog.cpp:40 goes into.....

      qtwebengine/src/3rdparty/chromium/base/allocator/allocator_shim.cc

      146├>void* ShimCppNew(size_t size) {
147│   const allocator::AllocatorDispatch* const chain_head = GetChainHead();
148│   void* ptr;
149│   do {
150│     ptr = chain_head->alloc_function(chain_head, size);
151│   } while (!ptr && CallNewHandler());
152│   return ptr;
153│ }

      Indeed chromium's allocator_shim_override_cpp_symbols.h says

      SHIM_ALWAYS_EXPORT void* operator new(size_t size)
    SHIM_ALIAS_SYMBOL(ShimCppNew);

      I checked and this header doesn't end up included when compiling my cpp file.
      It looks more like the symbol exported by QtWebEngine/chromium ends up being used at runtime...

      And the corresponding delete, for a QObject, is done in QtCore so, I suppose, not redirected to the shim delete (I don't really know how this overriding works).

      Would it help if that custom operator new wasn't exported?
      Or maybe it should be disabled since chromium in QtWebEngine is "just a library" and shouldn't affect the whole application like this?

        Attachments

          Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-61521 symbol free, version Qt_5 not defined in file libQt5WebEngineCore.so.5 with link time reference

          • P2: Important - Urgent, should be fixed, but will not stop the release.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            Activity

              People

              Assignee:
              qt_webengine_team Qt WebEngine Team
              Reporter:
              dfaure_kdab David Faure
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Gerrit Reviews

                  There are no open Gerrit changes