Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-67738

Memory access violation when executing an invalid query within a transaction in Qt 5.10.1

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P1: Critical
    • Resolution: Done
    • Affects Version/s: 5.10.1
    • Fix Version/s: 5.11.0
    • Component/s: SQL Support
    • Labels:
      None
    • Environment:
      Ubuntu 16.04
    • Commits:
      e4e87a2ece1e0c9901514fea094f31863b64b570

      Description

      The following code produces an invalid write of size 4 with Qt 5.10.1 on my machine:

      #include <QSqlDatabase>
      #include <QSqlQuery>
      #include <QSqlError>
      #include <QVariant>
      #include <QtDebug>
      
      int main() {
          QSqlDatabase db = QSqlDatabase::addDatabase("QSQLITE");
          db.setDatabaseName(":memory:");
          Q_ASSERT(db.open());
          QSqlQuery createTableQry("CREATE TABLE Things(name VARCHAR(20) UNIQUE);");
          db.transaction();
          QSqlQuery insertQry;
          insertQry.prepare("INSERT INTO Things (namee) VALUES (:name);");
          insertQry.bindValue(":name", "Qt");
          if (insertQry.exec()) {
              qInfo() << "Success";
              db.commit();
          } else{
              QSqlError err = db.lastError();
              QSqlError::ErrorType type = err.type();
              qDebug() << "Insert query failed! ";
              db.rollback();
          }
      }

      Valgrind:

      build-QSQliteTest > new_valgrind ./QSqliteTest 
      ==25551== Memcheck, a memory error detector
      ==25551== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
      ==25551== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
      ==25551== Command: ./QSqliteTest
      ==25551== 
      ==25551== Invalid read of size 4
      ==25551== at 0x9841B7A: ??? (in /home/users/username/Qt/5.10.1/gcc_64/plugins/sqldrivers/libqsqlite.so)
      ==25551== by 0x4E4C641: QSqlQuery::exec() (in /home/users/username/Qt/5.10.1/gcc_64/lib/libQt5Sql.so.5.10.1)
      ==25551== by 0x401667: main (main.cpp:18)
      ==25551== Address 0x94932c0 is 0 bytes after a block of size 16 alloc'd
      ==25551== at 0x4C2DBF6: malloc (vg_replace_malloc.c:299)
      ==25551== by 0x517D6DB: QListData::detach(int) (in /home/users/username/Qt/5.10.1/gcc_64/lib/libQt5Core.so.5.10.1)
      ==25551== by 0x9841B21: ??? (in /home/users/username/Qt/5.10.1/gcc_64/plugins/sqldrivers/libqsqlite.so)
      ==25551== by 0x4E4C641: QSqlQuery::exec() (in /home/users/username/Qt/5.10.1/gcc_64/lib/libQt5Sql.so.5.10.1)
      ==25551== by 0x401667: main (main.cpp:18)
      ==25551== 
      Insert query failed! 
      ==25551== 
      ==25551== HEAP SUMMARY:
      ==25551== in use at exit: 93,145 bytes in 14 blocks
      ==25551== total heap usage: 764 allocs, 750 frees, 372,327 bytes allocated
      ==25551== 
      ==25551== LEAK SUMMARY:
      ==25551== definitely lost: 0 bytes in 0 blocks
      ==25551== indirectly lost: 0 bytes in 0 blocks
      ==25551== possibly lost: 0 bytes in 0 blocks
      ==25551== still reachable: 93,145 bytes in 14 blocks
      ==25551== suppressed: 0 bytes in 0 blocks
      ==25551== Rerun with --leak-check=full to see details of leaked memory
      ==25551== 
      ==25551== For counts of detected and suppressed errors, rerun with: -v
      ==25551== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
      

      It does not produce invalid memory access when compiled with Qt 5.9. I am aware that I should check the return value of prepare() before executing but Qt should not produce invalid writes in any cases.

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            Assignee:
            andysh Andy Shaw
            Reporter:
            pingu Nils Brünggel
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Gerrit Reviews

                There are no open Gerrit changes