Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-75410

Invalid memory write in QJSEngine::evaluate

    XMLWordPrintable

Details

    • eb363c3a0b7f96015d7b8f2551dbeaa86f5acf16 (qt/qtdeclarative/5.12)

    Description

      1. Have a release build of Qt with enabled address sanitizer.
        I configured it with: 
        -opensource -confirm-license -no-use-gold-linker -prefix $(pwd)/qtbase -platform linux-clang -sanitize address -nomake examples -nomake tests
      2. Build the attached project on this build of Qt: 
        #include <QCoreApplication>
#include <QFile>
#include <QJSEngine>

int main(int argc, char *argv[])
{
    QCoreApplication a(argc, argv);
    if (argc < 2)
        return -1;
    QFile inFile(argv[1]);
    inFile.open(QFile::ReadOnly);
    QJSEngine().evaluate(inFile.readAll());
    return 0;
}
      3. Run the program passing the attached input file as parameter.
        It will crash with output like the following: 
        QML debugging is enabled. Only use this in a safe environment.
AddressSanitizer:DEADLYSIGNAL
=================================================================
==6375==ERROR: AddressSanitizer: SEGV on unknown address 0x7f0a75d87000 (pc 0x7f0a7d88e84a bp 0x7ffe58788350 sp 0x7ffe58788220 T0)
==6375==The signal is caused by a WRITE memory access.
    #0 0x7f0a7d88e849 in QV4::MemoryManager::collectRoots(QV4::MarkStack*) (/home/qtrob/dev/clang-8.0.0/qt-5.12_base_declarative-asan/qtbase/lib/libQt5Qml.so.5+0x194849)
    #1 0x7f0a7d8978b0 in QV4::MemoryManager::runGC() (/home/qtrob/dev/clang-8.0.0/qt-5.12_base_declarative-asan/qtbase/lib/libQt5Qml.so.5+0x19d8b0)
    #2 0x7f0a7d8a1d28 in QV4::MemoryManager::allocate(QV4::BlockAllocator*, unsigned long) (/home/qtrob/dev/clang-8.0.0/qt-5.12_base_declarative-asan/qtbase/lib/libQt5Qml.so.5+0x1a7d28)
    #3 0x7f0a7d88e0e5 in QV4::MemoryManager::allocData(unsigned long) (/home/qtrob/dev/clang-8.0.0/qt-5.12_base_declarative-asan/qtbase/lib/libQt5Qml.so.5+0x1940e5)
    #4 0x7f0a7de23ebe in QV4::RuntimeHelpers::addHelper(QV4::ExecutionEngine*, QV4::Value const&, QV4::Value const&) (/home/qtrob/dev/clang-8.0.0/qt-5.12_base_declarative-asan/qtbase/lib/libQt5Qml.so.5+0x729ebe)
LLVMSymbolizer: error reading file: No such file or directory
    #5 0x7f0a76f99b6e  (/memfd:JITCode:/home/qtrob/dev/clang-8.0.0/qt-5.12_base_declarative-asan/qtbase/lib/libQt5Qml.so.5 (deleted)+0x6b6e)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/home/qtrob/dev/clang-8.0.0/qt-5.12_base_declarative-asan/qtbase/lib/libQt5Qml.so.5+0x194849) in QV4::MemoryManager::collectRoots(QV4::MarkStack*)
==6375==ABORTING

        Trying to debug this will give you this backtrace (full backtrace attached):

        1   QV4::MemoryManager::collectRoots(QV4::MarkStack *)                                                          0x7ffff70df84a 
2   QV4::MemoryManager::runGC()                                                                                 0x7ffff70e88b1 
3   QV4::MemoryManager::allocate(QV4::BlockAllocator *, unsigned long)                                          0x7ffff70f2d29 
4   QV4::MemoryManager::allocData(unsigned long)                                                                0x7ffff70df0e6 
5   QV4::RuntimeHelpers::addHelper(QV4::ExecutionEngine *, QV4::Value const&, QV4::Value const&)                0x7ffff7674ebf 
6   QV4::Moth::VME::interpret(QV4::CppStackFrame *, QV4::ExecutionEngine *, const char *)                       0x7ffff74c43c1 
7   QV4::Moth::VME::exec(QV4::CppStackFrame *, QV4::ExecutionEngine *)                                          0x7ffff74bf416 
8   QV4::ArrowFunction::virtualCall(QV4::FunctionObject const *, QV4::Value const *, QV4::Value const *, int)   0x7ffff738828d 
9   QV4::Moth::VME::interpret(QV4::CppStackFrame *, QV4::ExecutionEngine *, const char *)                       0x7ffff74ca3d1 
10  QV4::Moth::VME::exec(QV4::CppStackFrame *, QV4::ExecutionEngine *)                                          0x7ffff74bf416 
11  QV4::ArrowFunction::virtualCall(QV4::FunctionObject const *, QV4::Value const *, QV4::Value const *, int)   0x7ffff738828d 
12  QV4::Moth::VME::interpret(QV4::CppStackFrame *, QV4::ExecutionEngine *, const char *)                       0x7ffff74ca3d1 
13  QV4::Moth::VME::exec(QV4::CppStackFrame *, QV4::ExecutionEngine *)                                          0x7ffff74bf416 
14  QV4::ArrowFunction::virtualCall(QV4::FunctionObject const *, QV4::Value const *, QV4::Value const *, int)   0x7ffff738828d 
15  QV4::Moth::VME::interpret(QV4::CppStackFrame *, QV4::ExecutionEngine *, const char *)                       0x7ffff74ca3d1 
16  QV4::Moth::VME::exec(QV4::CppStackFrame *, QV4::ExecutionEngine *)                                          0x7ffff74bf416 
17  QV4::ArrowFunction::virtualCall(QV4::FunctionObject const *, QV4::Value const *, QV4::Value const *, int)   0x7ffff738828d 
18  QV4::Moth::VME::interpret(QV4::CppStackFrame *, QV4::ExecutionEngine *, const char *)                       0x7ffff74ca3d1 
19  QV4::Moth::VME::exec(QV4::CppStackFrame *, QV4::ExecutionEngine *)                                          0x7ffff74bf416 
20  QV4::ArrowFunction::virtualCall(QV4::FunctionObject const *, QV4::Value const *, QV4::Value const *, int)   0x7ffff738828d 
... <Mehr>

      Attachments

        1. backtrace.txt
          62 kB
        2. evaluate-cli.zip
          0.6 kB
        3. QTBUG-75410.js
          0.7 kB
        4. QTBUG-75410a.js
          0.4 kB
        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            shausman Simon Hausmann
            rlohning Robert Löhning
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes