Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-75014

SegFault in QRegularExpression::match under QtConcurrent on macOS under debug malloc

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • P2: Important
    • None
    • 5.12.2
    • Core: Other
    • None
    • macOS

    Description

      Using Apple's debug malloc reports an incorrect access in QRegularExpression::match when run under QtConcurrent. A standalone test case is provided:

      On macOS 10.13.6

      export PATH=/Users/kbhend/Qt512/bin:${PATH}

      which qmake
      /Users/kbhend/Qt512/bin/qmake

      unzip qtrebug.zip
      cd qtrebug

      qmake
      make

      lldb ./qtrebug.app

(lldb) target create "./qtrebug.app"
Current executable set to './qtrebug.app' (x86_64).

(lldb) process launch

Process 4989 launched: '/Users/kbhend/Desktop/qtrebug/qtrebug.app/Contents/MacOS/qtrebug' (x86_64)

2019-04-06 16:17:38.938400-0400 qtrebug[4989:104465] replacing  "Style0001.css" "Style0001a.css"
2019-04-06 16:17:38.938491-0400 qtrebug[4989:104394] done
Process 4989 exited with status = 0 (0x00000000) 

# The above shows the correct operation of the program

# now relaunch the process using Apple's debug malloc library to prevent
# use of previously freed memory, and etc.

(lldb) env DYLD_INSERT_LIBRARIES=/usr/lib/libgmalloc.dylib
(lldb) process launch

Process 4992 launched: '/Users/kbhend/Desktop/qtrebug/qtrebug.app/Contents/MacOS/qtrebug' (x86_64)

GuardMalloc[qtrebug-4992]: Allocations will be placed on 16 byte boundaries.
GuardMalloc[qtrebug-4992]:  - Some buffer overruns may not be noticed.
GuardMalloc[qtrebug-4992]:  - Applications using vector instructions (e.g., SSE) should work.
GuardMalloc[qtrebug-4992]: version 109
Process 4992 stopped

* thread #2, name = 'Thread (pooled)', stop reason = EXC_BAD_ACCESS (code=1, address=0x105d2afa8)
    frame #0: 0x000000010091107f QtCore`___lldb_unnamed_symbol3724$$QtCore + 64351
QtCore`___lldb_unnamed_symbol3724$$QtCore:
->  0x10091107f <+64351>: movq   (%rax), %r14
    0x100911082 <+64354>: nopw   %cs:(%rax,%rax)
    0x100911090 <+64368>: movq   (%rdi), %rbx
    0x100911093 <+64371>: movq   0x10(%r14), %rsi
Target 0: (qtrebug) stopped.


{{(lldb) bt
error: main.o DWARF DW_TAG_array_type DIE at 0x00011e19 has a class/union/struct element type DIE 0x00011e25 that is a forward declaration, not a complete definition.
Try compiling the source file with -fstandalone-debug or disable -gmodules

* thread #2, name = 'Thread (pooled)', stop reason = EXC_BAD_ACCESS (code=1, address=0x105d2afa8)

  * frame #0: 0x000000010091107f QtCore`___lldb_unnamed_symbol3724$$QtCore + 64351

    frame #1: 0x00000001009014e1 QtCore`___lldb_unnamed_symbol3723$$QtCore + 113

    frame #2: 0x00000001006fff4f QtCore`___lldb_unnamed_symbol852$$QtCore + 47

    frame #3: 0x00000001006ffecf QtCore`___lldb_unnamed_symbol851$$QtCore + 255

    frame #4: 0x00000001007013f9 QtCore`QRegularExpression::match(QString const&, int, QRegularExpression::MatchType, QFlags<QRegularExpression::MatchOption>) const + 41

    frame #5: 0x0000000100003832 qtrebug`PerformCSSUpdates::operator(this=0x0000000105a55a20)() at main.cpp:64

    frame #6: 0x00000001000049b6 qtrebug`LoadAndUpdateOneCSSFile(css_resource=QString @ 0x0000000105a55af8, css_updates=0x00000001055fbfc0) at main.cpp:134
   
   frame #7: 0x000000010000862c qtrebug`QtConcurrent::MapKernel<QList<QString>::iterator, std::__1::__bind<void (&)(QString, QHash<QString, QString> const&), std::__1::placeholders::__ph<1> const&, QHash<QString, QString>&> >::runIteration(QList<QString>::iterator, int, void*) [inlined] decltype(__f=(0x00000001055fbfb8), __args=0x00000001055dffc0, __args=0x00000001055fbfc0)(QString, QHash<QString, QString> const&)>(fp)(std::__1::forward<QString&, QHash<QString, QString>&>(fp0))) std::__1::__invoke<void (*&)(QString, QHash<QString, QString> const&), QString&, QHash<QString, QString>&>(void (*&&&)(QString, QHash<QString, QString> const&), QString&&&, QHash<QString, QString>&&&) at type_traits:4428
    
  frame #8: 0x00000001000085bd qtrebug`QtConcurrent::MapKernel<QList<QString>::iterator, std::__1::__bind<void (&)(QString, QHash<QString, QString> const&), std::__1::placeholders::__ph<1> const&, QHash<QString, QString>&> >::runIteration(QList<QString>::iterator, int, void*) [inlined] std::__1::__bind_return<void (*)(QString, QHash<QString, QString> const&), std::__1::tuple<std::__1::placeholders::__ph<1>, QHash<QString, QString> >, std::__1::tuple<QString&>, __is_valid_bind_return<void (*)(QString, QHash<QString, QString> const&), std::__1::tuple<std::__1::placeholders::__ph<1>, QHash<QString, QString> >, std::__1::tuple<QString&> >::value>::type std::__1::__apply_functor<void (__f=(0x00000001055fbfb8), __bound_args=size=2, __args=size=1)(QString, QHash<QString, QString> const&), std::__1::tuple<std::__1::placeholders::__ph<1>, QHash<QString, QString> >, 0ul, 1ul, std::__1::tuple<QString&> >(void (*&)(QString, QHash<QString, QString> const&), std::__1::tuple<std::__1::placeholders::__ph<1>, QHash<QString, QString> >&, std::__1::__tuple_indices<0ul, 1ul>, std::__1::tuple<QString&>&&) at functional:2216
    
  frame #9: 0x0000000100008500 qtrebug`QtConcurrent::MapKernel<QList<QString>::iterator, std::__1::__bind<void (&)(QString, QHash<QString, QString> const&), std::__1::placeholders::__ph<1> const&, QHash<QString, QString>&> >::runIteration(QList<QString>::iterator, int, void*) [inlined] std::__1::__bind_return<void (*)(QString, QHash<QString, QString> const&), std::__1::tuple<std::__1::placeholders::__ph<1>, QHash<QString, QString> >, std::__1::tuple<QString&&&>, __is_valid_bind_return<void (*)(QString, QHash<QString, QString> const&), std::__1::tuple<std::__1::placeholders::__ph<1>, QHash<QString, QString> >, std::__1::tuple<QString&&&> >::value>::type std::__1::__bind<void (this=0x00000001055fbfb8, __args=0x00000001055dffc0)(QString, QHash<QString, QString> const&), std::__1::placeholders::__ph<1> const&, QHash<QString, QString>&>::operator()<QString&>(QString&&&) at functional:2249
    
  frame #10: 0x0000000100008465 qtrebug`QtConcurrent::MapKernel<QList<QString>::iterator, std::__1::__bind<void (&)(QString, QHash<QString, QString> const&), std::__1::placeholders::__ph<1> const&, QHash<QString, QString>&> >::runIteration(this=0x00000001055fbf80, it=<unavailable>, (null)=6, (null)=0x0000000000000000) at qtconcurrentmapkernel.h:68
    
  frame #11: 0x0000000100008733 qtrebug`QtConcurrent::MapKernel<QList<QString>::iterator, std::__1::__bind<void (&)(QString, QHash<QString, QString> const&), std::__1::placeholders::__ph<1> const&, QHash<QString, QString>&> >::runIterations(this=0x00000001055fbf80, sequenceBeginIterator=<unavailable>, beginIndex=6, endIndex=7, (null)=0x0000000000000000) at qtconcurrentmapkernel.h:77
    
  frame #12: 0x0000000100008b6f qtrebug`QtConcurrent::IterateKernel<QList<QString>::iterator, void>::forThreadFunction(this=0x00000001055fbf80) at qtconcurrentiteratekernel.h:255
    
  frame #13: 0x0000000100008157 qtrebug`QtConcurrent::IterateKernel<QList<QString>::iterator, void>::threadFunction(this=0x00000001055fbf80) at qtconcurrentiteratekernel.h:217
    
  frame #14: 0x00000001006195b9 QtConcurrent`QtConcurrent::ThreadEngineBase::run() + 185
    
  frame #15: 0x000000010064541d QtCore`___lldb_unnamed_symbol264$$QtCore + 125
    
  frame #16: 0x0000000100640483 QtCore`___lldb_unnamed_symbol229$$QtCore + 323
   
   frame #17: 0x00007fff79f41661 libsystem_pthread.dylib`_pthread_body + 340
   
   frame #18: 0x00007fff79f4150d libsystem_pthread.dylib`_pthread_start + 377
    
  frame #19: 0x00007fff79f40bf9 libsystem_pthread.dylib`thread_start + 13}}

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            peppe Giuseppe D'Angelo
            kevinhendricks Kevin B. Hendricks
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:

              Gerrit Reviews

                There are no open Gerrit changes