Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-63613

Complex XPath query causes segfault

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P2: Important
    • Resolution: Done
    • Affects Version/s: 5.8.0, 5.9.1, 5.9.2
    • Fix Version/s: 5.10.1
    • Component/s: XML: QtXmlPatterns
    • Labels:
      None

      Description

      Segfault triggered by XPath query of the following form:

      if (empty(foo/@value)
      then '‘'
      else let $returnValue := foo/@value/string(.) return
      if (not($returnValue instance of xs:string))
      then $returnValue
      else let $returnValueString := xs:string($returnValue) return
      if (starts-with($returnValueString, '‘'))
      then concat('‘', $returnValueString)
      else $returnValueString
      

      However, I am only able to reproduce using more than one XmlRole with a query of this form.

      This issue is reproducible with the attached QML files (run via "qmlscene XPathBug.qml"), which I've simplified as much as possible. As such the original intent of the code is a bit lost but I find if I simplify the queries much further the bug is not triggered.

      GDB stack trace follows:

      #0 0x00007fffdf117b13 in QListData::size (this=0x7fffd800db40)
      at /home/forest/tmp/qt-src/qt-everywhere-opensource-src-5.9.1/qtbase/include/QtCore/../../src/corelib/tools/qlist.h:113
      #1 QList<QExplicitlySharedDataPointer<QPatternist::VariableReference> >::count (this=0x7fffd800db40)
      at /home/forest/tmp/qt-src/qt-everywhere-opensource-src-5.9.1/qtbase/include/QtCore/../../src/corelib/tools/qlist.h:343
      #2 QPatternist::VariableDeclaration::usedByMany (this=0x7fffd800db20)
      at ../../include/QtXmlPatterns/5.9.1/QtXmlPatterns/private/../../../../../src/xmlpatterns/expr/qvariabledeclaration_p.h:146
      #3 QPatternist::EvaluationCache<false>::compress (this=0x7fffd8008560, context=...) at expr/qevaluationcache_tpl_p.h:211
      #4 0x00007fffdf1162cb in QPatternist::UnlimitedContainer::compressOperands (this=0x7fffd8005cd0, context=...)
      at expr/qunlimitedcontainer.cpp:69
      #5 0x00007fffdf0e05d8 in QPatternist::Expression::compress (this=this@entry=0x7fffd8005cd0, context=...) at expr/qexpression.cpp:239
      #6 0x00007fffdf129c67 in QPatternist::ComparesCaseAware::compress (this=0x7fffd8005cd0, context=...) at functions/qcomparescaseaware.cpp:66
      #7 0x00007fffdf115350 in QPatternist::TripleContainer::compressOperands (this=0x7fffd8006550, context=...) at expr/qtriplecontainer.cpp:78
      #8 0x00007fffdf0e05d8 in QPatternist::Expression::compress (this=this@entry=0x7fffd8006550, context=...) at expr/qexpression.cpp:239
      #9 0x00007fffdf0f2903 in QPatternist::IfThenClause::compress (this=0x7fffd8006550, context=...) at expr/qifthenclause.cpp:87
      #10 0x00007fffdf115792 in QPatternist::TripleContainer::compressOperands (this=0x7fffd80089e0, context=...) at expr/qtriplecontainer.cpp:80
      #11 0x00007fffdf0e05d8 in QPatternist::Expression::compress (this=this@entry=0x7fffd80089e0, context=...) at expr/qexpression.cpp:239
      #12 0x00007fffdf0f2903 in QPatternist::IfThenClause::compress (this=0x7fffd80089e0, context=...) at expr/qifthenclause.cpp:87
      #13 0x00007fffdf106b6b in QPatternist::PairContainer::compressOperands (this=0x7fffd8008a60, context=...) at expr/qpaircontainer.cpp:78
      #14 0x00007fffdf0e05d8 in QPatternist::Expression::compress (this=0x7fffd8008a60, context=...) at expr/qexpression.cpp:239
      #15 0x00007fffdf115792 in QPatternist::TripleContainer::compressOperands (this=0x7fffd8006a50, context=...) at expr/qtriplecontainer.cpp:80
      #16 0x00007fffdf0e05d8 in QPatternist::Expression::compress (this=this@entry=0x7fffd8006a50, context=...) at expr/qexpression.cpp:239
      #17 0x00007fffdf0f2903 in QPatternist::IfThenClause::compress (this=0x7fffd8006a50, context=...) at expr/qifthenclause.cpp:87
      #18 0x00007fffdf10fc3a in QPatternist::SingleContainer::compressOperands (this=0x7fffd800b800, context=...) at expr/qsinglecontainer.cpp:74
      #19 0x00007fffdf0e05d8 in QPatternist::Expression::compress (this=this@entry=0x7fffd800b800, context=...) at expr/qexpression.cpp:239
      #20 0x00007fffdf199e05 in QPatternist::CardinalityVerifier::compress (this=0x7fffd800b800, context=...)
      at janitors/qcardinalityverifier.cpp:197
      #21 0x00007fffdf1162cb in QPatternist::UnlimitedContainer::compressOperands (this=0x7fffd8005800, context=...)
      at expr/qunlimitedcontainer.cpp:69
      #22 0x00007fffdf0e05d8 in QPatternist::Expression::compress (this=0x7fffd8005800, context=...) at expr/qexpression.cpp:239
      #23 0x00007fffdf10fc3a in QPatternist::SingleContainer::compressOperands (this=0x7fffd800ff00, context=...) at expr/qsinglecontainer.cpp:74
      #24 0x00007fffdf0e05d8 in QPatternist::Expression::compress (this=this@entry=0x7fffd800ff00, context=...) at expr/qexpression.cpp:239
      #25 0x00007fffdf117abe in QPatternist::EvaluationCache<false>::compress (this=0x7fffd800ff00, context=...)
      at expr/qevaluationcache_tpl_p.h:203
      #26 0x00007fffdf10694a in QPatternist::PairContainer::compressOperands (this=0x7fffd800b000, context=...) at expr/qpaircontainer.cpp:77
      #27 0x00007fffdf0e05d8 in QPatternist::Expression::compress (this=0x7fffd800b000, context=...) at expr/qexpression.cpp:239
      #28 0x00007fffdf106b6b in QPatternist::PairContainer::compressOperands (this=0x7fffd800b070, context=...) at expr/qpaircontainer.cpp:78
      #29 0x00007fffdf0e05d8 in QPatternist::Expression::compress (this=this@entry=0x7fffd800b070, context=...) at expr/qexpression.cpp:239
      #30 0x00007fffdf1075d6 in QPatternist::Path::compress (this=0x7fffd800b070, context=...) at expr/qpath.cpp:167
      #31 0x00007fffdf10fc3a in QPatternist::SingleContainer::compressOperands (this=0x7fffd800b330, context=...) at expr/qsinglecontainer.cpp:74
      #32 0x00007fffdf0e05d8 in QPatternist::Expression::compress (this=this@entry=0x7fffd800b330, context=...) at expr/qexpression.cpp:239
      #33 0x00007fffdf0f7ba2 in QPatternist::NodeSortExpression::compress (this=0x7fffd800b330, context=...) at expr/qnodesort.cpp:105
      #34 0x00007fffdf0e43b6 in QPatternist::ExpressionFactory::createExpression (this=this@entry=0x7fffd8013430, tokenizer=..., context=...,
      lang=lang@entry=QXmlQuery::XQuery10, requiredType=..., queryURI=..., initialTemplateName=...) at expr/qexpressionfactory.cpp:406
      #35 0x00007fffdf0e4ed7 in QPatternist::ExpressionFactory::createExpression (this=0x7fffd8013430, device=<optimized out>, context=...,
      lang=QXmlQuery::XQuery10, requiredType=..., queryURI=..., initialTemplateName=...) at expr/qexpressionfactory.cpp:123
      #36 0x00007fffdf080543 in QXmlQueryPrivate::expression (this=0x7fffd8012b40, queryDevice=0x7fffdefb0670) at api/qxmlquery_p.h:252
      #37 0x00007fffdf07df67 in QXmlQuery::setQuery (this=this@entry=0x7fffdefb06c0, sourceCode=sourceCode@entry=0x7fffdefb0670, documentURI=...)
      at api/qxmlquery.cpp:429
      #38 0x00007fffdf07f218 in QXmlQuery::setQuery (this=this@entry=0x7fffdefb06c0, sourceCode=..., documentURI=...) at api/qxmlquery.cpp:448
      #39 0x00007fffec3651be in QQuickXmlQueryEngine::doSubQueryJob (this=this@entry=0x7e5650, currentJob=currentJob@entry=0x7fffdefb0870,
      currentResult=currentResult@entry=0x7fffdefb0800) at qqmlxmllistmodel.cpp:490
      #40 0x00007fffec365694 in QQuickXmlQueryEngine::processQuery (this=this@entry=0x7e5650, job=job@entry=0x7fffdefb0870)
      at qqmlxmllistmodel.cpp:368
      #41 0x00007fffec3661eb in QQuickXmlQueryEngine::processJobs (this=0x7e5650) at qqmlxmllistmodel.cpp:345
      #42 0x00007fffec3664e3 in QQuickXmlQueryThreadObject::event (this=<optimized out>, e=<optimized out>) at qqmlxmllistmodel.cpp:243
      #43 0x00007ffff73b6acc in QApplicationPrivate::notify_helper (this=this@entry=0x428150, receiver=receiver@entry=0x7fffd80013a0,
      e=e@entry=0x461090) at kernel/qapplication.cpp:3717
      #44 0x00007ffff73be6dc in QApplication::notify (this=0x7fffffffd580, receiver=0x7fffd80013a0, e=0x461090) at kernel/qapplication.cpp:3089
      #45 0x00007ffff64d7b68 in QCoreApplication::notifyInternal2 (receiver=receiver@entry=0x7fffd80013a0, event=event@entry=0x461090)
      at kernel/qcoreapplication.cpp:1018
      #46 0x00007ffff64dcfc5 in QCoreApplication::sendEvent (event=0x461090, receiver=0x7fffd80013a0)
      at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:233
      #47 QCoreApplicationPrivate::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=0, data=0x7e57c0)
      at kernel/qcoreapplication.cpp:1678
      #48 0x00007ffff64dd3ae in QCoreApplication::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=0)
      at kernel/qcoreapplication.cpp:1532
      #49 0x00007ffff653310a in postEventSourceDispatch (s=0x7fffd80012d0) at kernel/qeventdispatcher_glib.cpp:276
      #50 0x00007ffff4851197 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
      #51 0x00007ffff48513f0 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
      #52 0x00007ffff485149c in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
      #53 0x00007ffff6532a33 in QEventDispatcherGlib::processEvents (this=0x7fffd80008c0, flags=...) at kernel/qeventdispatcher_glib.cpp:425
      #54 0x00007ffff64d58d5 in QEventLoop::processEvents (this=this@entry=0x7fffdefb0e60, flags=..., flags@entry=...) at kernel/qeventloop.cpp:134
      #55 0x00007ffff64d5d4e in QEventLoop::exec (this=this@entry=0x7fffdefb0e60, flags=flags@entry=...) at kernel/qeventloop.cpp:212
      #56 0x00007ffff62ff806 in QThread::exec (this=this@entry=0x7e5650) at thread/qthread.cpp:515
      #57 0x00007fffec36653b in QQuickXmlQueryEngine::run (this=0x7e5650) at qqmlxmllistmodel.cpp:323
      #58 0x00007ffff630580d in QThreadPrivate::start (arg=0x7e5650) at thread/qthread_unix.cpp:368
      #59 0x00007ffff55ec6ba in start_thread (arg=0x7fffdefb1700) at pthread_create.c:333
      #60 0x00007ffff59093dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

      Note that this appears to be a regression – Qt 5.7 is not affected.

        Attachments

        1. DataRole.qml
          0.6 kB
        2. test.xml
          0.1 kB
        3. XPathBug.qml
          0.6 kB

          Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            Activity

              People

              • Assignee:
                allan.jensen Allan Sandfeld Jensen
                Reporter:
                forest Forest Bond
              • Votes:
                1 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Gerrit Reviews

                  There are no open Gerrit changes