Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: P1: Critical
Fix Version/s: 5.11.0
Affects Version/s: 5.10.1
Component/s: SQL Support
Labels:
None
Environment:
Ubuntu 16.04

Commits:
e4e87a2ece1e0c9901514fea094f31863b64b570

Description

The following code produces an invalid write of size 4 with Qt 5.10.1 on my machine:

#include <QSqlDatabase>
#include <QSqlQuery>
#include <QSqlError>
#include <QVariant>
#include <QtDebug>

int main() {
    QSqlDatabase db = QSqlDatabase::addDatabase("QSQLITE");
    db.setDatabaseName(":memory:");
    Q_ASSERT(db.open());
    QSqlQuery createTableQry("CREATE TABLE Things(name VARCHAR(20) UNIQUE);");
    db.transaction();
    QSqlQuery insertQry;
    insertQry.prepare("INSERT INTO Things (namee) VALUES (:name);");
    insertQry.bindValue(":name", "Qt");
    if (insertQry.exec()) {
        qInfo() << "Success";
        db.commit();
    } else{
        QSqlError err = db.lastError();
        QSqlError::ErrorType type = err.type();
        qDebug() << "Insert query failed! ";
        db.rollback();
    }
}

Valgrind:

build-QSQliteTest > new_valgrind ./QSqliteTest 
==25551== Memcheck, a memory error detector
==25551== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==25551== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==25551== Command: ./QSqliteTest
==25551== 
==25551== Invalid read of size 4
==25551== at 0x9841B7A: ??? (in /home/users/username/Qt/5.10.1/gcc_64/plugins/sqldrivers/libqsqlite.so)
==25551== by 0x4E4C641: QSqlQuery::exec() (in /home/users/username/Qt/5.10.1/gcc_64/lib/libQt5Sql.so.5.10.1)
==25551== by 0x401667: main (main.cpp:18)
==25551== Address 0x94932c0 is 0 bytes after a block of size 16 alloc'd
==25551== at 0x4C2DBF6: malloc (vg_replace_malloc.c:299)
==25551== by 0x517D6DB: QListData::detach(int) (in /home/users/username/Qt/5.10.1/gcc_64/lib/libQt5Core.so.5.10.1)
==25551== by 0x9841B21: ??? (in /home/users/username/Qt/5.10.1/gcc_64/plugins/sqldrivers/libqsqlite.so)
==25551== by 0x4E4C641: QSqlQuery::exec() (in /home/users/username/Qt/5.10.1/gcc_64/lib/libQt5Sql.so.5.10.1)
==25551== by 0x401667: main (main.cpp:18)
==25551== 
Insert query failed! 
==25551== 
==25551== HEAP SUMMARY:
==25551== in use at exit: 93,145 bytes in 14 blocks
==25551== total heap usage: 764 allocs, 750 frees, 372,327 bytes allocated
==25551== 
==25551== LEAK SUMMARY:
==25551== definitely lost: 0 bytes in 0 blocks
==25551== indirectly lost: 0 bytes in 0 blocks
==25551== possibly lost: 0 bytes in 0 blocks
==25551== still reachable: 93,145 bytes in 14 blocks
==25551== suppressed: 0 bytes in 0 blocks
==25551== Rerun with --leak-check=full to see details of leaked memory
==25551== 
==25551== For counts of detected and suppressed errors, rerun with: -v
==25551== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)

It does not produce invalid memory access when compiled with Qt 5.9. I am aware that I should check the return value of prepare() before executing but Qt should not produce invalid writes in any cases.

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Andy Shaw

Reporter:: Nils Brünggel

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 16 Apr '18 15:15

Updated:: 20 Apr '18 13:38

Resolved:: 20 Apr '18 13:18

Gerrit Reviews

There are no open Gerrit changes