Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-82184

Segmentation fault for QNetworkReply with null pointer reply()

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P1: Critical
    • Resolution: Invalid
    • Affects Version/s: 5.14.1
    • Fix Version/s: None
    • Component/s: Network
    • Labels:
      None
    • Environment:
      I am using QT 5.14.1 on Gentoo Linux.
    • Platform/s:
      Linux/X11

      Description

      I am observing a crash in the Trojita mail client. I have reported this issues as https://bugs.kde.org/show_bug.cgi?id=417697 while debugging using gdb I noticed that in a core QT component a potential issue has not been checked for, specifically an empty reply() result. While not experienced with QT development I don't know if this is a QT issue, or trojita issue.

       

      #2 0x00007ffff4239d48 in QNetworkAccessManagerPrivate::_q_replyFinished (this=0x9cf270) at access/qnetworkaccessmanager.cpp:1723
      1723 if (reply->request().attribute(QNetworkRequest::AutoDeleteReplyOnFinishAttribute, false).toBool())
      (gdb) list
      1718 Q_Q(QNetworkAccessManager);
      1719 
      1720 QNetworkReply *reply = qobject_cast<QNetworkReply *>(q->sender());
      1721 if (reply) {
      1722 emit q->finished(reply);
      1723 if (reply->request().attribute(QNetworkRequest::AutoDeleteReplyOnFinishAttribute, false).toBool())
      1724 QMetaObject::invokeMethod(reply, [reply] { reply->deleteLater(); }, Qt::QueuedConnection);
      1725 }
      1726 
      1727 #ifndef QT_NO_BEARERMANAGEMENT
      (gdb) print reply
      $5 = (QNetworkReply *) 0x1475770
      (gdb) print reply->request()
      [Thread 0x7fff45ffb700 (LWP 553683) exited]
      $6 = {d = {d = 0x0}} 
      

       

      From trojita perspective:

      Thread 1 "trojita" received signal SIGSEGV, Segmentation fault.
      0x00007ffff425915c in QHash<QNetworkRequest::Attribute, QVariant>::value (this=0x18, akey=@0x7fffffffce8c: QNetworkRequest::AutoDeleteReplyOnFinishAttribute, adefaultValue=...) at ../../include/QtCore/../../src/corelib/tools/qhash.h:651
      651 if (d->size == 0 || (node = *findNode(akey)) == e) {
      (gdb) bt
      #0 0x00007ffff425915c in QHash<QNetworkRequest::Attribute, QVariant>::value(QNetworkRequest::Attribute const&, QVariant const&) const
       (this=0x18, akey=@0x7fffffffce8c: QNetworkRequest::AutoDeleteReplyOnFinishAttribute, adefaultValue=...) at ../../include/QtCore/../../src/corelib/tools/qhash.h:651
      #1 0x00007ffff42559c8 in QNetworkRequest::attribute(QNetworkRequest::Attribute, QVariant const&) const (this=0x7fffffffced8, code=QNetworkRequest::AutoDeleteReplyOnFinishAttribute, defaultValue=...) at access/qnetworkrequest.cpp:689
      #2 0x00007ffff4239d48 in QNetworkAccessManagerPrivate::_q_replyFinished() (this=0x9cf270) at access/qnetworkaccessmanager.cpp:1723
      #3 0x00007ffff423c130 in QNetworkAccessManager::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (_o=0xa39cf0, _c=QMetaObject::InvokeMetaMethod, _id=9, _a=0x7fffffffd0b0) at .moc/moc_qnetworkaccessmanager.cpp:192
      #4 0x00007ffff37f43c0 in () at /usr/lib64/libQt5Core.so.5
      #5 0x00007ffff4378213 in QNetworkReply::finished() (this=0x1475770) at .moc/moc_qnetworkreply.cpp:385
      #6 0x000000000062078d in Imap::Network::MsgPartNetworkReply::slotMyDataChanged() (this=0x1475770) at /var/tmp/portage/mail-client/trojita-9999/work/trojita-9999/src/Imap/Network/MsgPartNetworkReply.cpp:112
      #7 0x00000000005d1fed in Imap::Network::MsgPartNetworkReply::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (_o=0x1475770, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0xb5dd08)
       at Imap_autogen/PC4PHZCFTR/moc_MsgPartNetworkReply.cpp:81
      #8 0x00007ffff37eb746 in QObject::event(QEvent*) () at /usr/lib64/libQt5Core.so.5
      #9 0x00007ffff7b79295 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () at /usr/lib64/libQt5Widgets.so.5
      #10 0x00007ffff7b6e8d0 in QApplication::notify(QObject*, QEvent*) () at /usr/lib64/libQt5Widgets.so.5
      #11 0x00007ffff3813118 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () at /usr/lib64/libQt5Core.so.5
      #12 0x00007ffff38132b0 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () at /usr/lib64/libQt5Core.so.5
      #13 0x00007ffff37cfcc0 in () at /usr/lib64/libQt5Core.so.5
      #14 0x00007ffff12fa7ad in g_main_context_dispatch () at /usr/lib64/libglib-2.0.so.0
      #15 0x00007ffff12fb4e8 in () at /usr/lib64/libglib-2.0.so.0
      #16 0x00007ffff12fef29 in g_main_context_iteration () at /usr/lib64/libglib-2.0.so.0
      #17 0x00007ffff37c9c0e in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib64/libQt5Core.so.5
      #18 0x00007ffff374dfd6 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib64/libQt5Core.so.5
      #19 0x00007ffff3819106 in QCoreApplication::exec() () at /usr/lib64/libQt5Core.so.5
      #20 0x000000000047a357 in main(int, char**) (argc=1, argv=0x7fffffffdd98) at /var/tmp/portage/mail-client/trojita-9999/work/trojita-9999/src/Gui/main.cpp:218
      (gdb) up
      #1 0x00007ffff42559c8 in QNetworkRequest::attribute (this=0x7fffffffced8, code=QNetworkRequest::AutoDeleteReplyOnFinishAttribute, defaultValue=...) at access/qnetworkrequest.cpp:689
      689 return d->attributes.value(code, defaultValue);
      (gdb) up
      #2 0x00007ffff4239d48 in QNetworkAccessManagerPrivate::_q_replyFinished (this=0x9cf270) at access/qnetworkaccessmanager.cpp:1723
      1723 if (reply->request().attribute(QNetworkRequest::AutoDeleteReplyOnFinishAttribute, false).toBool())
      (gdb) up
      #3 0x00007ffff423c130 in QNetworkAccessManager::qt_static_metacall (_o=0xa39cf0, _c=QMetaObject::InvokeMetaMethod, _id=9, _a=0x7fffffffd0b0) at .moc/moc_qnetworkaccessmanager.cpp:192
      192 case 9: _t->d_func()->_q_replyFinished(); break;
      (gdb) up
      #4 0x00007ffff37f43c0 in ?? () from /usr/lib64/libQt5Core.so.5
      (gdb) up
      #5 0x00007ffff4378213 in QNetworkReply::finished (this=0x1475770) at .moc/moc_qnetworkreply.cpp:385
      385 QMetaObject::activate(this, &staticMetaObject, 1, nullptr);
      (gdb) up
      #6 0x000000000062078d in Imap::Network::MsgPartNetworkReply::slotMyDataChanged (this=0x1475770) at /var/tmp/portage/mail-client/trojita-9999/work/trojita-9999/src/Imap/Network/MsgPartNetworkReply.cpp:112
      112 emit finished();
      (gdb) down 1
      #5 0x00007ffff4378213 in QNetworkReply::finished (this=0x1475770) at .moc/moc_qnetworkreply.cpp:385
      385 QMetaObject::activate(this, &staticMetaObject, 1, nullptr);
      (gdb) down
      #4 0x00007ffff37f43c0 in ?? () from /usr/lib64/libQt5Core.so.5
      (gdb) down
      #3 0x00007ffff423c130 in QNetworkAccessManager::qt_static_metacall (_o=0xa39cf0, _c=QMetaObject::InvokeMetaMethod, _id=9, _a=0x7fffffffd0b0) at .moc/moc_qnetworkaccessmanager.cpp:192
      192 case 9: _t->d_func()->_q_replyFinished(); break;
      (gdb) down
      #2 0x00007ffff4239d48 in QNetworkAccessManagerPrivate::_q_replyFinished (this=0x9cf270) at access/qnetworkaccessmanager.cpp:1723
      1723 if (reply->request().attribute(QNetworkRequest::AutoDeleteReplyOnFinishAttribute, false).toBool())
      (gdb) down
      #1 0x00007ffff42559c8 in QNetworkRequest::attribute (this=0x7fffffffced8, code=QNetworkRequest::AutoDeleteReplyOnFinishAttribute, defaultValue=...) at access/qnetworkrequest.cpp:689
      689 return d->attributes.value(code, defaultValue);
      (gdb) down
      #0 0x00007ffff425915c in QHash<QNetworkRequest::Attribute, QVariant>::value (this=0x18, akey=@0x7fffffffce8c: QNetworkRequest::AutoDeleteReplyOnFinishAttribute, adefaultValue=...)
       at ../../include/QtCore/../../src/corelib/tools/qhash.h:651
      651 if (d->size == 0 || (node = *findNode(akey)) == e) {

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            Assignee:
            tpochep Timur Pocheptsov
            Reporter:
            skinkie Stefan de Konink
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Gerrit Reviews

                There are no open Gerrit changes