Details
-
Bug
-
Resolution: Done
-
P1: Critical
-
5.14.2
-
None
-
OS: Debian GNU/Linux experimental
Processor: ARMv8 Processor rev 1 (v8l)
Features: half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt lpae evtstrm
Kernel: 4.19.0-9-arm64
Compiler: gcc (Debian 9.3.0-12) 9.3.0
-
-
b761ff58d6d7b0604d88d6bd332b4470044ffe6a (qt/qtimageformats/dev) 1a790ba6151a3128b49d3dc556d3373dbda9f9d1 (qt/qtimageformats/5.15)
Description
In Debian/Ubuntu, qtimageformats tests fail on armhf (32-bit ARM platform on 64-bit hardware) with the following stacktrace:
#0 QIcc::parseXyzData (data=..., tagEntry=..., colorVector=...) at painting/qicc.cpp:447 #1 0xf7e108c6 in QIcc::fromIccProfile (data=..., colorSpace=0xfffeeaf0) at ../../include/QtCore/../../src/corelib/tools/qhash.h:156 #2 0xf7dd621c in QColorSpace::fromIccProfile (iccProfile=...) at painting/qcolorspace.cpp:657 #3 0xf4e7edaa in QWebpHandler::read (image=0xfffeebf4, this=0x447830) at qwebphandler.cpp:172 #4 QWebpHandler::read (this=0x447830, image=0xfffeebf4) at qwebphandler.cpp:160 #5 0xf7ccaf64 in QImageReader::read (this=this@entry=0xfffeec28, image=image@entry=0xfffeebf4) at image/qimagereader.cpp:1286 #6 0xf7ccb4b4 in QImageReader::read (this=this@entry=0xfffeec28) at image/qimagereader.cpp:1227 #7 0xf7cb2420 in QImage::load (this=this@entry=0xfffeecbc, fileName=..., format=format@entry=0x0) at image/qimage.cpp:3607 #8 0xf7cb24ba in QImage::QImage (this=0xfffeecbc, fileName=..., format=0x0) at image/qimage.cpp:959 #9 0x00404e86 in tst_qwebp::writeImage (this=<optimized out>) at tst_qwebp.cpp:173
xyz is defined as reinterpret_cast<const XYZTagData *> from a QByteArray data, so it is not necessarily aligned.
In my case, it was not aligned:
(gdb) p xyz
$1 = (const QIcc::XYZTagData *) 0x4aef6e
(gdb) p &xyz->fixedX
$2 = (qint32_be *) 0x4aef76
These addresses are divisible by 2, but not by 4.
This can be probably fixed by using qFromUnaligned, e.g. replacing xyz->fixedX with qFromUnaligned<qint32_be>(xyz->fixedX). However this unaligned access happens in a lot of places in parseXyzData and parseTRC, so lots of qFromUnaligned calls would need to be inserted. I don’t know if there is a more elegant way to fix this problem.
Attachments
For Gerrit Dashboard: QTBUG-84267 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
300847,2 | Fix UB in webp decode and memory leak in encoder | 5.15 | qt/qtimageformats | Status: MERGED | +2 | 0 |
300889,3 | Fix UB in webp decode and memory leak in encoder | dev | qt/qtimageformats | Status: MERGED | +2 | 0 |
301036,3 | Add error message on unaligned profile inputs | dev | qt/qtbase | Status: MERGED | +2 | 0 |
301130,2 | Add error message on unaligned profile inputs | 5.15 | qt/qtbase | Status: MERGED | +2 | 0 |
312338,11 | QIcc: fix alignment concerns in ICC profile parsing | dev | qt/qtbase | Status: MERGED | +2 | 0 |
313821,3 | QIcc: fix alignment concerns in ICC profile parsing | 5.15 | qt/qtbase | Status: MERGED | +2 | 0 |