Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-80497

Crash in QAbstractSocketEngine::createSocketEngine()



    • Type: Bug
    • Status: Closed
    • Priority: P3: Somewhat important
    • Resolution: Cannot Reproduce
    • Affects Version/s: 4.8.7, 5.13.2
    • Fix Version/s: None
    • Component/s: Network: Sockets
    • Labels:
    • Environment:
      openSUSE Leap 15.1
    • Platform/s:


      Crash (SIGSEGV) in multithreaded app after it called .connectToHost() on a QTcpSocket object.

      Frame 12 was the last piece of non-Qt code. There are then twelve stack frames with Qt until the crash. I don't think the calling code in Frame 12 would be aware of the details of QAbstractSocketEngine::createSocketEngine(), since suspect this is a bug with Qt.

      Looking at the code that crashes:

      In qabstractsocketengine.cpp.

      Frame 2:
      102 QAbstractSocketEngine *QAbstractSocketEngine::createSocketEngine(QAbstractSocket::SocketType socketType, const QNetworkProxy &proxy, QObject *parent)
      103 {
      110 QMutexLocker locker(&socketHandlers()->mutex);

      This will attempt to construct a QMutexLocker, passing in the address of the mutex member of the struct/class returned by socketHandlers().

      Earlier in qabstractsocketengine.cpp:
      55 class QSocketEngineHandlerList : public QList<QSocketEngineHandler*>

      { 57 public: 58 QMutex mutex; 59 }

      61 Q_GLOBAL_STATIC(QSocketEngineHandlerList, socketHandlers)

      From the corefile on my system, it seems as though socketHandlers() returned NULL and the mutex member was offset 8 bytes into the structure. Hence on frame 1, we see m=0x8. Then on frame 0, the code crashes as "d" can't be dereferenced.

      185 inline void QMutex::lockInline()
      186 {
      187 if (d->recursive) {

      The crash occurred with Qt 4.8.7, however looking on github, it appears the same code is present in the latest Qt.


      Earlier in the same file, I see examples of socketHandlers() return value being checked for NULL before being used. If such checks are appropriate elsewhere, then perhaps they should also be used in createSocketEngine().

      63 QSocketEngineHandler::QSocketEngineHandler()

      { 65 if (!socketHandlers()) 66 return; 67 QMutexLocker locker(&socketHandlers()->mutex); 68 socketHandlers()->prepend(this); 69 }

      Presumably 4.8.7 will not receive a fix. However since the latest Qt code seems to have the same flaw, it would be useful to see if QAbstractSocketEngine::createSocketEngine() should be made more robust by testing the return value of socketHandlers().

      Updating the app to Qt5.13.2 would not currently fix this crash.

      Note, backtrace from core file extracted with gdb attached (qt_createSocketEngine.txt).


        1. qabstractsocketengine.patch
          0.8 kB
          Paul Fee
        2. qt_createSocketEngine.txt
          9 kB
          Paul Fee
        No reviews matched the request. Check your Options in the drop-down menu of this sections header.



            cnn Qt Core & Network
            pfee Paul Fee
            0 Vote for this issue
            2 Start watching this issue



                Gerrit Reviews

                There are no open Gerrit changes