-
Bug
-
Resolution: Done
-
P0: Blocker
-
5.12.1
-
None
-
Linux/X11,
Windows
-
c401ae278b4bb91c70c6d7df974a241d7c68855b (qt/qtdeclarative/5.12)
https://codereview.qt-project.org/#/c/248105/ Merge remote-tracking branch 'origin/5.11' into 5.12 +
https://codereview.qt-project.org/#/c/248106/ Update submodules on '5.12' in qt5
https://testresults.qt.io/coin/integration/qt/qt5/tasks/1546877088
agent:2018/12/13 06:46:38 build.go:193: PASS : tst_controls::Imagine::ToolTip::test_warning() agent:2018/12/13 06:46:38 build.go:193: PASS : tst_controls::Imagine::ToolTip::cleanupTestCase() agent:2018/12/13 06:46:38 build.go:193: Makefile:332: recipe for target 'check' failed agent:2018/12/13 06:46:38 build.go:193: make: *** [check] Segmentation fault agent:2018/12/13 06:46:38 build.go:237: Process finished with error: exit status 2 agent:2018/12/13 06:46:38 build.go:196: Error reading from stdout/err: exit status 2
PASS : tst_controls::Imagine::ToolTip::cleanupTestCase()
=================================================================
==7117==ERROR: AddressSanitizer: heap-use-after-free on address 0x6100002de848 at pc 0x7f5dd62f9113 bp 0x7ffd6a601a10 sp 0x7ffd6a601a00
READ of size 8 at 0x6100002de848 thread T0
#0 0x7f5dd62f9112 in QtQml::qmlEngine(QObject const*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlengine.cpp:1649
#1 0x7f5ddc0e3cd7 in findAttachedParent /home/mitch/dev/qt5.12/qtquickcontrols2/src/quickcontrols2/qquickattachedobject.cpp:97
#2 0x7f5ddc0e5ebc in QQuickAttachedObjectPrivate::itemParentChanged(QQuickItem*, QQuickItem*) /home/mitch/dev/qt5.12/qtquickcontrols2/src/quickcontrols2/qquickattachedobject.cpp:213
#3 0x7f5dd71bbd9b in QQuickItemPrivate::itemChange(QQuickItem::ItemChange, QQuickItem::ItemChangeData const&) /home/mitch/dev/qt5.12/qtdeclarative/src/quick/items/qquickitem.cpp:6286
#4 0x7f5dd71cf7c9 in QQuickItem::setParentItem(QQuickItem*) /home/mitch/dev/qt5.12/qtdeclarative/src/quick/items/qquickitem.cpp:2806
#5 0x7f5dd71d2cc7 in QQuickItem::~QQuickItem() /home/mitch/dev/qt5.12/qtdeclarative/src/quick/items/qquickitem.cpp:2396
#6 0x7f5dd54aa161 in QQuickControl::~QQuickControl() /home/mitch/dev/qt5.12/qtquickcontrols2/src/quicktemplates2/qquickcontrol.cpp:922
#7 0x7f5dd5513e92 in QQuickPane::~QQuickPane() /home/mitch/dev/qt5.12/qtquickcontrols2/src/quicktemplates2/qquickpane.cpp:234
#8 0x7f5dd550c9f5 in QQuickPage::~QQuickPage() /home/mitch/dev/qt5.12/qtquickcontrols2/src/quicktemplates2/qquickpage.cpp:218
#9 0x7f5dd55d9592 in QQuickPopupItem::~QQuickPopupItem() .moc/../../../../../qt5.12/qtquickcontrols2/src/quicktemplates2/qquickpopupitem_p_p.h:57
#10 0x7f5dd55d95b7 in QQuickPopupItem::~QQuickPopupItem() .moc/../../../../../qt5.12/qtquickcontrols2/src/quicktemplates2/qquickpopupitem_p_p.h:57
#11 0x7f5dd551e184 in QQuickPopup::~QQuickPopup() /home/mitch/dev/qt5.12/qtquickcontrols2/src/quicktemplates2/qquickpopup.cpp:815
#12 0x7f5dbd4e90e8 in QQuickToolTip::~QQuickToolTip() /home/mitch/dev/qt5.12-debug/qtbase/include/QtQuickTemplates2/5.12.0/QtQuickTemplates2/private/../../../../../../../qt5.12/qtquickcontrols2/src/quicktemplates2/qquicktooltip_p.h:59
#13 0x7f5dbd4e90e8 in QQmlPrivate::QQmlElement<QQuickToolTip>::~QQmlElement() /home/mitch/dev/qt5.12-debug/qtbase/include/QtQml/../../../../qt5.12/qtdeclarative/src/qml/qml/qqmlprivate.h:103
#14 0x7f5dbd4e90e8 in QQmlPrivate::QQmlElement<QQuickToolTip>::~QQmlElement() /home/mitch/dev/qt5.12-debug/qtbase/include/QtQml/../../../../qt5.12/qtdeclarative/src/qml/qml/qqmlprivate.h:103
#15 0x7f5dd9645474 in QObjectPrivate::deleteChildren() /home/mitch/dev/qt5.12/qtbase/src/corelib/kernel/qobject.cpp:2006
#16 0x7f5dd964a033 in QObject::~QObject() /home/mitch/dev/qt5.12/qtbase/src/corelib/kernel/qobject.cpp:1032
#17 0x7f5dd5bb05f3 in QJSEngine::~QJSEngine() /home/mitch/dev/qt5.12/qtdeclarative/src/qml/jsapi/qjsengine.cpp:375
#18 0x7f5dd630a97e in QQmlEngine::~QQmlEngine() /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlengine.cpp:1072
#19 0x7f5ddc02b3fe in quick_test_main_with_setup(int, char**, char const*, char const*, QObject*) /home/mitch/dev/qt5.12/qtdeclarative/src/qmltest/quicktest.cpp:494
#20 0x7f5ddc02c8f4 in quick_test_main(int, char**, char const*, char const*) /home/mitch/dev/qt5.12/qtdeclarative/src/qmltest/quicktest.cpp:334
#21 0x55c54616d49a in main /home/mitch/dev/qt5.12/qtquickcontrols2/tests/auto/controls/imagine/tst_imagine.cpp:46
#22 0x7f5dd846cb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
#23 0x55c54616d1f9 in _start (/home/mitch/dev/qt5.12-debug/qtquickcontrols2/tests/auto/controls/imagine/tst_imagine+0x11f9)
0x6100002de848 is located 8 bytes inside of 184-byte region [0x6100002de840,0x6100002de8f8)
freed by thread T0 here:
#0 0x7f5ddb05c9d8 in operator delete(void*, unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe19d8)
#1 0x7f5dd6372cc1 in QQmlContextData::destroy() /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlcontext.cpp:674
#2 0x7f5dd62f9b27 in QQmlContextDataRef::clear() /home/mitch/dev/qt5.12-debug/qtbase/include/QtQml/5.12.0/QtQml/private/../../../../../../../qt5.12/qtdeclarative/src/qml/qml/qqmlcontext_p.h:342
#3 0x7f5dd62f9b27 in QQmlContextDataRef::setContextData(QQmlContextData*) /home/mitch/dev/qt5.12-debug/qtbase/include/QtQml/5.12.0/QtQml/private/../../../../../../../qt5.12/qtdeclarative/src/qml/qml/qqmlcontext_p.h:326
#4 0x7f5dd62f9b27 in QQmlContextDataRef::operator=(QQmlContextData*) /home/mitch/dev/qt5.12-debug/qtbase/include/QtQml/5.12.0/QtQml/private/../../../../../../../qt5.12/qtdeclarative/src/qml/qml/qqmlcontext_p.h:349
#5 0x7f5dd62f9b27 in QQmlPrivate::qdeclarativeelement_destructor(QObject*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlengine.cpp:754
#6 0x7f5dbd4e909c in QQmlPrivate::QQmlElement<QQuickToolTip>::~QQmlElement() /home/mitch/dev/qt5.12-debug/qtbase/include/QtQml/../../../../qt5.12/qtdeclarative/src/qml/qml/qqmlprivate.h:102
#7 0x7f5dbd4e909c in QQmlPrivate::QQmlElement<QQuickToolTip>::~QQmlElement() /home/mitch/dev/qt5.12-debug/qtbase/include/QtQml/../../../../qt5.12/qtdeclarative/src/qml/qml/qqmlprivate.h:103
#8 0x7f5dd9645474 in QObjectPrivate::deleteChildren() /home/mitch/dev/qt5.12/qtbase/src/corelib/kernel/qobject.cpp:2006
#9 0x7f5dd964a033 in QObject::~QObject() /home/mitch/dev/qt5.12/qtbase/src/corelib/kernel/qobject.cpp:1032
#10 0x7f5dd5bb05f3 in QJSEngine::~QJSEngine() /home/mitch/dev/qt5.12/qtdeclarative/src/qml/jsapi/qjsengine.cpp:375
#11 0x7f5dd630a97e in QQmlEngine::~QQmlEngine() /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlengine.cpp:1072
#12 0x7f5ddc02b3fe in quick_test_main_with_setup(int, char**, char const*, char const*, QObject*) /home/mitch/dev/qt5.12/qtdeclarative/src/qmltest/quicktest.cpp:494
#13 0x7f5ddc02c8f4 in quick_test_main(int, char**, char const*, char const*) /home/mitch/dev/qt5.12/qtdeclarative/src/qmltest/quicktest.cpp:334
#14 0x55c54616d49a in main /home/mitch/dev/qt5.12/qtquickcontrols2/tests/auto/controls/imagine/tst_imagine.cpp:46
#15 0x7f5dd846cb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
previously allocated by thread T0 here:
#0 0x7f5ddb05b458 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe0458)
#1 0x7f5dd65943ba in QQmlObjectCreator::create(int, QObject*, QQmlInstantiationInterrupt*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlobjectcreator.cpp:173
#2 0x7f5dd6584973 in QQmlObjectCreator::createInstance(int, QObject*, bool) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlobjectcreator.cpp:1202
#3 0x7f5dd6594a00 in QQmlObjectCreator::create(int, QObject*, QQmlInstantiationInterrupt*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlobjectcreator.cpp:203
#4 0x7f5dd635bc6a in QQmlComponentPrivate::beginCreate(QQmlContextData*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlcomponent.cpp:871
#5 0x7f5dd635c8d3 in QQmlComponent::beginCreate(QQmlContext*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlcomponent.cpp:823
#6 0x7f5dd6351fc9 in QQmlComponent::create(QQmlContext*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlcomponent.cpp:783
#7 0x7f5dd55a9cbb in QQuickToolTipAttachedPrivate::instance(bool) const /home/mitch/dev/qt5.12/qtquickcontrols2/src/quicktemplates2/qquicktooltip.cpp:378
#8 0x7f5dd55aa428 in QQuickToolTipAttached::toolTip() const /home/mitch/dev/qt5.12/qtquickcontrols2/src/quicktemplates2/qquicktooltip.cpp:515
#9 0x7f5dd55ff39f in QQuickToolTipAttached::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) .moc/moc_qquicktooltip_p.cpp:397
#10 0x7f5dd5ef4368 in QQmlPropertyData::readPropertyWithArgs(QObject*, void**) const /home/mitch/dev/qt5.12-debug/qtbase/include/QtQml/5.12.0/QtQml/private/../../../../../../../qt5.12/qtdeclarative/src/qml/qml/qqmlpropertycache_p.h:334
#11 0x7f5dd5ed6ff9 in QQmlPropertyData::readProperty(QObject*, void*) const /home/mitch/dev/qt5.12-debug/qtbase/include/QtQml/5.12.0/QtQml/private/../../../../../../../qt5.12/qtdeclarative/src/qml/qml/qqmlpropertycache_p.h:328
#12 0x7f5dd5ed6ff9 in loadProperty /home/mitch/dev/qt5.12/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:134
#13 0x7f5dd5ee4d88 in QV4::QObjectWrapper::getProperty(QV4::ExecutionEngine*, QObject*, QQmlPropertyData*, bool) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:268
#14 0x7f5dd5eead86 in QV4::QObjectWrapper::getQmlProperty(QV4::ExecutionEngine*, QQmlContextData*, QObject*, QV4::String*, QV4::QObjectWrapper::RevisionMode, bool*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:388
#15 0x7f5dd656f90f in QV4::QQmlTypeWrapper::virtualGet(QV4::Managed const*, QV4::PropertyKey, QV4::Value const*, bool*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmltypewrapper.cpp:265
#16 0x7f5dd5e29148 in QV4::Object::get(QV4::StringOrSymbol*, bool*, QV4::Value const*) const /home/mitch/dev/qt5.12/qtdeclarative/src/qml/jsruntime/qv4object_p.h:308
#17 0x7f5dd623e34b in QV4::Runtime::method_loadProperty(QV4::ExecutionEngine*, QV4::Value const&, int) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/jsruntime/qv4runtime.cpp:974
#18 0x7f5dd5f6e126 in QV4::Moth::VME::interpret(QV4::CppStackFrame*, QV4::ExecutionEngine*, char const*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:590
#19 0x7f5dd5f8f9c8 in QV4::Moth::VME::exec(QV4::CppStackFrame*, QV4::ExecutionEngine*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:441
#20 0x7f5dd5ca8ab3 in QV4::Function::call(QV4::Value const*, QV4::Value const*, int, QV4::ExecutionContext const*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/jsruntime/qv4function.cpp:68
#21 0x7f5dd6513871 in QQmlJavaScriptExpression::evaluate(QV4::CallData*, bool*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmljavascriptexpression.cpp:216
#22 0x7f5dd6528f69 in QQmlBinding::evaluate(bool*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlbinding.cpp:209
#23 0x7f5dd65401b1 in QQmlNonbindingBinding::doUpdate(QQmlJavaScriptExpression::DeleteWatcher const&, QFlags<QQmlPropertyData::WriteFlag>, QV4::Scope&) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlbinding.cpp:245
#24 0x7f5dd6533673 in QQmlBinding::update(QFlags<QQmlPropertyData::WriteFlag>) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlbinding.cpp:185
#25 0x7f5dd6536682 in QQmlBinding::setEnabled(bool, QFlags<QQmlPropertyData::WriteFlag>) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlbinding.cpp:550
#26 0x7f5dd657efe6 in QQmlObjectCreator::finalize(QQmlInstantiationInterrupt&) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlobjectcreator.cpp:1347
#27 0x7f5dd63526d7 in QQmlComponentPrivate::complete(QQmlEnginePrivate*, QQmlComponentPrivate::ConstructionState*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlcomponent.cpp:923
#28 0x7f5dd6352ac8 in QQmlComponentPrivate::completeCreate() /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlcomponent.cpp:959
#29 0x7f5dd6352c1c in QQmlComponent::completeCreate() /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlcomponent.cpp:951
#30 0x7f5dd6352007 in QQmlComponent::create(QQmlContext*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlcomponent.cpp:785
SUMMARY: AddressSanitizer: heap-use-after-free /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlengine.cpp:1649 in QtQml::qmlEngine(QObject const*)
Shadow bytes around the buggy address:
0x0c2080053cb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2080053cc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2080053cd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2080053ce0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c2080053cf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa
=>0x0c2080053d00: fa fa fa fa fa fa fa fa fd[fd]fd fd fd fd fd fd
0x0c2080053d10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa
0x0c2080053d20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2080053d30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2080053d40: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c2080053d50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==7117==ABORTING