Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-71325

V4 string to number conversion segfaults on 32-bit platforms

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P1: Critical
    • 5.12.1
    • 5.12.0 Beta 2
    • QML: Declarative and Javascript Engine
    • OpenSUSE Tumbleweed (x64)
      g++ (SUSE Linux) 8.2.1 20181108 [gcc-8-branch revision 265914]
      Qt configured with -platform linux-g++-32
    • Linux/X11
    • 3795904e3831722e222fa32a1e52aeb6b3e6ba87

    Description

      JIT code generated for string to number conversion leads segfaults on 32-bit platforms (at least x86-32). For example, evaluating "1" & 1 results in

      Program received signal SIGSEGV, Segmentation fault.
0xf4ddf782 in qt_to_latin1_internal<true> (dst=<optimized out>, src=src@entry=0xf0d073d0, length=length@entry=1) at /usr/lib/gcc/x86_64-pc-linux-gnu/8.2.1/include/emmintrin.h:649
649	  return _mm_set_epi16 (__A, __A, __A, __A, __A, __A, __A, __A);
(gdb) bt
#0  0xf4ddf782 in qt_to_latin1_internal<true> (dst=<optimized out>, src=src@entry=0xf0d073d0, length=length@entry=1) at /usr/lib/gcc/x86_64-pc-linux-gnu/8.2.1/include/emmintrin.h:649
#1  0xf4ddfed1 in qt_to_latin1 (dst=<optimized out>, src=src@entry=0xf0d073d0, length=length@entry=1) at /mnt/src/qtbase/src/corelib/tools/qstring.cpp:771
#2  0xf4de40ea in qt_convert_to_latin1 (string=...) at ../../include/QtCore/../../../../src/qtbase/src/corelib/tools/qarraydata.h:61
#3  0xf4e16eaa in QStringRef::toLatin1 (this=<optimized out>) at ../../include/QtCore/../../../../src/qtbase/src/corelib/tools/qstringview.h:166
#4  0xf6f67759 in QV4::RuntimeHelpers::stringToNumber (string=...) at /mnt/src/qtdeclarative/src/qml/jsruntime/qv4runtime.cpp:404
#5  0xf6f8e93d in QV4::Value::toNumberImpl (val=...) at /mnt/obj/qtbase/include/QtCore/../../../../src/qtbase/src/corelib/tools/qstring.h:829
#6  0xf6fb16e6 in QV4::Value::toNumberImpl (this=0xffffb868) at /mnt/src/qtdeclarative/src/qml/jsruntime/qv4value_p.h:737
#7  QV4::Value::toInt32 (this=0xffffb868) at /mnt/src/qtdeclarative/src/qml/jsruntime/qv4value_p.h:737
#8  QV4::JIT::toInt32Helper (v=<optimized out>) at /mnt/src/qtdeclarative/src/qml/jit/qv4baselineassembler.cpp:77
#9  0xf166e03c in ?? ()
#10 0xf6c21b9c in QV4::Moth::VME::exec (frame=<optimized out>, engine=<optimized out>) at /mnt/src/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:433
#11 0xf688fb80 in QV4::Function::call (this=<optimized out>, thisObject=<optimized out>, argv=<optimized out>, argc=<optimized out>, context=<optimized out>) at /mnt/src/qtdeclarative/src/qml/jsruntime/qv4function.cpp:68
#12 0xf6ae27d9 in QV4::Script::run (this=<optimized out>, thisObject=<optimized out>) at /mnt/src/qtdeclarative/src/qml/jsruntime/qv4script.cpp:160
#13 0x5655ac68 in main (argc=<optimized out>, argv=<optimized out>) at /mnt/obj/qtbase/include/QtCore/../../../../src/qtbase/src/corelib/tools/qscopedpointer.h:116

      Attachments

        1. disass.out
          16 kB
        2. info-reg.out
          0.8 kB
        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            erikv Erik Verbruggen
            juri.valdmann Jüri Valdmann (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes