Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-84267

QIcc::fromIccProfile crashes with SIGBUS (unaligned access) on ARM

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P1: Critical
    • 5.15.1, 5.15.2, 6.1.0 RC
    • 5.14.2
    • GUI: Painting
    • None
    • OS: Debian GNU/Linux experimental
      Processor: ARMv8 Processor rev 1 (v8l)
      Features: half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt lpae evtstrm
      Kernel: 4.19.0-9-arm64
      Compiler: gcc (Debian 9.3.0-12) 9.3.0
    • Linux/X11
    • b761ff58d6d7b0604d88d6bd332b4470044ffe6a (qt/qtimageformats/dev) 1a790ba6151a3128b49d3dc556d3373dbda9f9d1 (qt/qtimageformats/5.15)

    Description

      In Debian/Ubuntu, qtimageformats tests fail on armhf (32-bit ARM platform on 64-bit hardware) with the following stacktrace:

      #0  QIcc::parseXyzData (data=..., tagEntry=..., colorVector=...) at painting/qicc.cpp:447
#1  0xf7e108c6 in QIcc::fromIccProfile (data=..., colorSpace=0xfffeeaf0) at ../../include/QtCore/../../src/corelib/tools/qhash.h:156
#2  0xf7dd621c in QColorSpace::fromIccProfile (iccProfile=...) at painting/qcolorspace.cpp:657
#3  0xf4e7edaa in QWebpHandler::read (image=0xfffeebf4, this=0x447830) at qwebphandler.cpp:172
#4  QWebpHandler::read (this=0x447830, image=0xfffeebf4) at qwebphandler.cpp:160
#5  0xf7ccaf64 in QImageReader::read (this=this@entry=0xfffeec28, image=image@entry=0xfffeebf4) at image/qimagereader.cpp:1286
#6  0xf7ccb4b4 in QImageReader::read (this=this@entry=0xfffeec28) at image/qimagereader.cpp:1227
#7  0xf7cb2420 in QImage::load (this=this@entry=0xfffeecbc, fileName=..., format=format@entry=0x0) at image/qimage.cpp:3607
#8  0xf7cb24ba in QImage::QImage (this=0xfffeecbc, fileName=..., format=0x0) at image/qimage.cpp:959
#9  0x00404e86 in tst_qwebp::writeImage (this=<optimized out>) at tst_qwebp.cpp:173

      xyz is defined as reinterpret_cast<const XYZTagData *> from a QByteArray data, so it is not necessarily aligned.

      In my case, it was not aligned:

      (gdb) p xyz
$1 = (const QIcc::XYZTagData *) 0x4aef6e
(gdb) p &xyz->fixedX
$2 = (qint32_be *) 0x4aef76

      These addresses are divisible by 2, but not by 4.

      This can be probably fixed by using qFromUnaligned, e.g. replacing xyz->fixedX with qFromUnaligned<qint32_be>(xyz->fixedX). However this unaligned access happens in a lot of places in parseXyzData and parseTRC, so lots of qFromUnaligned calls would need to be inserted. I don’t know if there is a more elegant way to fix this problem.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            allan.jensen Allan Sandfeld Jensen
            mandriver Dmitry Shachnev
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes