Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-59909

Segfault in QRingBuffer::append with QNetworkDiskCache

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P1: Critical
    • None
    • 5.7.1, 5.8.0
    • Network: Cache
    • None
    • Archlinux
    • 254f35ce98bebd8f4446fec66bb50f2126b61c28

    Description

      I haven't been able to write an example using QNetworkDiskCache directly which reproduces this, but with this example using QtWebKit (either the reloaded fork or the 5.8 community release) I get a segfault after the page is loaded:

      #include <QApplication>
#include <QNetworkDiskCache>
#include <QNetworkAccessManager>
#include <QWebView>

int main(int argc, char *argv[])
{
    QApplication app(argc, argv);

    QNetworkDiskCache cache;
    cache.setCacheDirectory("cache_test");

    QNetworkAccessManager nam;
    nam.setCache(&cache);

    QWebView webview;
    webview.page()->setNetworkAccessManager(&nam);

    webview.load(QUrl("http://seriouseats.com"));
    webview.show();

    return app.exec();
}

      .pro file:

      TEMPLATE = app
QT += network widgets webkitwidgets
TARGET = cache
SOURCES += cache.cpp

      As far as I'm aware, this is a Qt 5.8 regression. When not using a cache, the page loads fine. This happens on various other websites too.

      Stack (note the this=0x0):

      #0  0x00007ffff69f4cf7 in QRingBuffer::append(QByteArray const&) (this=0x0, qba=...) at tools/qringbuffer.cpp:339
#1  0x00007ffff70321ee in QIODevicePrivate::QRingBufferRef::append(QByteArray const&) (qba=..., this=0x555555fca070) at ../../include/QtCore/5.8.0/QtCore/private/../../../../../src/corelib/io/qiodevice_p.h:117
#2  0x00007ffff70321ee in QNetworkReplyHttpImplPrivate::_q_cacheLoadReadyRead() (this=0x555555fc9fe0) at access/qnetworkreplyhttpimpl.cpp:1813
#3  0x00007ffff70de3e9 in QNetworkReplyHttpImpl::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (_o=<optimized out>, _c=<optimized out>, _id=<optimized out>, _a=<optimized out>) at .moc/moc_qnetworkreplyhttpimpl_p.cpp:246
#4  0x00007ffff6b83c49 in QObject::event(QEvent*) (this=0x555555fc9f90, e=<optimized out>) at kernel/qobject.cpp:1263
#5  0x00007ffff748e3dc in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=<optimized out>, receiver=0x555555fc9f90, e=0x555555fe0450) at kernel/qapplication.cpp:3745
#6  0x00007ffff7495bf1 in QApplication::notify(QObject*, QEvent*) (this=0x7fffffffdf10, receiver=0x555555fc9f90, e=0x555555fe0450) at kernel/qapplication.cpp:3502
#7  0x00007ffff6b574e0 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (receiver=0x555555fc9f90, event=event@entry=0x555555fe0450) at kernel/qcoreapplication.cpp:988
#8  0x00007ffff6b59c6d in QCoreApplication::sendEvent(QObject*, QEvent*) (event=0x555555fe0450, receiver=<optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:231
#9  0x00007ffff6b59c6d in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (receiver=receiver@entry=0x0, event_type=event_type@entry=0, data=0x5555557772d0) at kernel/qcoreapplication.cpp:1648
#10 0x00007ffff6b5a0d8 in QCoreApplication::sendPostedEvents(QObject*, int) (receiver=receiver@entry=0x0, event_type=event_type@entry=0) at kernel/qcoreapplication.cpp:1502
#11 0x00007ffff6babce3 in postEventSourceDispatch(GSource*, GSourceFunc, gpointer) (s=0x555555848110) at kernel/qeventdispatcher_glib.cpp:276
#12 0x00007fffeebf25a7 in g_main_context_dispatch () at /usr/lib/libglib-2.0.so.0
#13 0x00007fffeebf2810 in  () at /usr/lib/libglib-2.0.so.0
#14 0x00007fffeebf28bc in g_main_context_iteration () at /usr/lib/libglib-2.0.so.0
#15 0x00007ffff6bac0ef in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x555555848000, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#16 0x00007ffff6b5593a in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7fffffffde80, flags=..., flags@entry=...) at kernel/qeventloop.cpp:212
#17 0x00007ffff6b5de84 in QCoreApplication::exec() () at kernel/qcoreapplication.cpp:1261
#18 0x0000555555555107 in main(int, char**) (argc=<optimized out>, argv=<optimized out>) at cache.cpp:22

      valgrind:

      ==6714== Invalid read of size 4
==6714==    at 0x5D8DCF7: QRingBuffer::append(QByteArray const&) (qringbuffer.cpp:339)
==6714==    by 0x59621ED: append (qiodevice_p.h:117)
==6714==    by 0x59621ED: QNetworkReplyHttpImplPrivate::_q_cacheLoadReadyRead() (qnetworkreplyhttpimpl.cpp:1813)
==6714==    by 0x5A0E3E8: QNetworkReplyHttpImpl::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (moc_qnetworkreplyhttpimpl_p.cpp:246)
==6714==    by 0x5F1CC48: QObject::event(QEvent*) (qobject.cpp:1263)
==6714==    by 0x51D43DB: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:3745)
==6714==    by 0x51DBBF0: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:3502)
==6714==    by 0x5EF04DF: QCoreApplication::notifyInternal2(QObject*, QEvent*) (qcoreapplication.cpp:988)
==6714==    by 0x5EF2C6C: sendEvent (qcoreapplication.h:231)
==6714==    by 0x5EF2C6C: QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (qcoreapplication.cpp:1648)
==6714==    by 0x5F44CE2: postEventSourceDispatch(_GSource*, int (*)(void*), void*) (qeventdispatcher_glib.cpp:276)
==6714==    by 0xDDA05A6: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.5000.3)
==6714==    by 0xDDA080F: ??? (in /usr/lib/libglib-2.0.so.0.5000.3)
==6714==    by 0xDDA08BB: g_main_context_iteration (in /usr/lib/libglib-2.0.so.0.5000.3)
==6714==  Address 0xc is not stack'd, malloc'd or (recently) free'd
==6714== 
==6714== 
==6714== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==6714==  Access not within mapped region at address 0xC
==6714==    at 0x5D8DCF7: QRingBuffer::append(QByteArray const&) (qringbuffer.cpp:339)
==6714==    by 0x59621ED: append (qiodevice_p.h:117)
==6714==    by 0x59621ED: QNetworkReplyHttpImplPrivate::_q_cacheLoadReadyRead() (qnetworkreplyhttpimpl.cpp:1813)
==6714==    by 0x5A0E3E8: QNetworkReplyHttpImpl::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (moc_qnetworkreplyhttpimpl_p.cpp:246)
==6714==    by 0x5F1CC48: QObject::event(QEvent*) (qobject.cpp:1263)
==6714==    by 0x51D43DB: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:3745)
==6714==    by 0x51DBBF0: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:3502)
==6714==    by 0x5EF04DF: QCoreApplication::notifyInternal2(QObject*, QEvent*) (qcoreapplication.cpp:988)
==6714==    by 0x5EF2C6C: sendEvent (qcoreapplication.h:231)
==6714==    by 0x5EF2C6C: QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (qcoreapplication.cpp:1648)
==6714==    by 0x5F44CE2: postEventSourceDispatch(_GSource*, int (*)(void*), void*) (qeventdispatcher_glib.cpp:276)
==6714==    by 0xDDA05A6: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.5000.3)
==6714==    by 0xDDA080F: ??? (in /usr/lib/libglib-2.0.so.0.5000.3)
==6714==    by 0xDDA08BB: g_main_context_iteration (in /usr/lib/libglib-2.0.so.0.5000.3)

      Attachments

        For Gerrit Dashboard: QTBUG-59909
        # Subject Branch Project Status CR V
        190818,7 QNetworkReplyHttpImpl - check 'isOpen' twice 5.9 qt/qtbase Status: MERGED +2 0

        Activity

          People

            tpochep Timur Pocheptsov
            the compiler Florian Bruhin
            Votes:
            3 Vote for this issue
            Watchers:
            8 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes