Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-59721

QString crash attempt to free() shared_null static variable

    XMLWordPrintable

Details

    • Bug
    • Resolution: Out of scope
    • P1: Critical
    • None
    • 5.8.0 Alpha
    • Core: QString and Unicode
    • None

    Description

      In the latest Qt5.8 checkout the usage of QString crashes when the string is empty or moved away using move-assignment or move-construction. This is because the shared_null of QArrayData does not have a refCount of -1, causing the deallocate() method to assume it cannot be dereferenced, triggering a heap free.

      Example of crash is the QUtf8::convertToUnicode routine because it uses move-construction in Visual Studio 2017 compilation mode.

      Compiled from source using params:

      call configure.bat -static -static-runtime -debug-and-release -mp ^
    -platform win32-msvc2017 ^
    -opensource -nomake examples -nomake tests ^
    -opengl desktop -prefix %_TMPOUTPATH%

      Example code of crash:

      static const QRegExp testExp( "meow string" ); // this should crash because of a complicated callstack where it calls QUtf8::convertToUnicode

int main( int argc, char *argv[] )
{
    QString emptyString;
    {
        QString evilString;
        emptyString = std::move( evilString );
        // In DEBUG MODE, it should crash here with heap error.
    }
    return 0;
}

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-59570 MSVC 2017: free/realloc on non heap address when Qt is built statically

          • P1: Critical - Urgent and Important, will STOP the release if matched with set FixVersion field. This includes regressions from the last version that are not edge cases; Data loss; Build issues; All but the most unlikely crashes/lockups/hanging; Serious usability issues and embarrassing bugs & Bugs critical to a deliverable. This is the highest possible priority for requirements.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-86057 Crash with static build on Windows before entering main due to variable initialization order across compilation units

          • Not Evaluated - Not yet evaluated/prioritized
          • Closed
          replaces

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-61074 Wrong pointers are freed in QList and QArray

          • Not Evaluated - Not yet evaluated/prioritized
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-62693 Initialization of staticMetaObject (MSVC2017)

          • Not Evaluated - Not yet evaluated/prioritized
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              thiago Thiago Macieira
              the_gta Rick Sandiego
              Votes:
              4 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes