Details
-
Bug
-
Resolution: Cannot Reproduce
-
P3: Somewhat important
-
None
-
4.8.7, 5.13.2
-
None
-
openSUSE Leap 15.1
Description
Crash (SIGSEGV) in multithreaded app after it called .connectToHost() on a QTcpSocket object.
Frame 12 was the last piece of non-Qt code. There are then twelve stack frames with Qt until the crash. I don't think the calling code in Frame 12 would be aware of the details of QAbstractSocketEngine::createSocketEngine(), since suspect this is a bug with Qt.
Looking at the code that crashes:
In qabstractsocketengine.cpp.
Frame 2:
102 QAbstractSocketEngine *QAbstractSocketEngine::createSocketEngine(QAbstractSocket::SocketType socketType, const QNetworkProxy &proxy, QObject *parent)
103 {
<snip>
110 QMutexLocker locker(&socketHandlers()->mutex);
This will attempt to construct a QMutexLocker, passing in the address of the mutex member of the struct/class returned by socketHandlers().
Earlier in qabstractsocketengine.cpp:
55 class QSocketEngineHandlerList : public QList<QSocketEngineHandler*>
56
;
60
61 Q_GLOBAL_STATIC(QSocketEngineHandlerList, socketHandlers)
From the corefile on my system, it seems as though socketHandlers() returned NULL and the mutex member was offset 8 bytes into the structure. Hence on frame 1, we see m=0x8. Then on frame 0, the code crashes as "d" can't be dereferenced.
185 inline void QMutex::lockInline()
186 {
187 if (d->recursive) {
The crash occurred with Qt 4.8.7, however looking on github, it appears the same code is present in the latest Qt.
https://github.com/qt/qtbase/blob/dev/src/network/socket/qabstractsocketengine.cpp
Earlier in the same file, I see examples of socketHandlers() return value being checked for NULL before being used. If such checks are appropriate elsewhere, then perhaps they should also be used in createSocketEngine().
63 QSocketEngineHandler::QSocketEngineHandler()
64
Presumably 4.8.7 will not receive a fix. However since the latest Qt code seems to have the same flaw, it would be useful to see if QAbstractSocketEngine::createSocketEngine() should be made more robust by testing the return value of socketHandlers().
Updating the app to Qt5.13.2 would not currently fix this crash.
Note, backtrace from core file extracted with gdb attached (qt_createSocketEngine.txt).