Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-85251

heap-use-after-free in tst_default

    XMLWordPrintable

Details

    • e16c2d3919113104a7233810b64aabbaf364f4fa

    Description

      To reproduce, checkout https://codereview.qt-project.org/c/qt/qtquickcontrols2/+/297488/ and cherry-pick https://codereview.qt-project.org/c/qt/qtquickcontrols2/+/305557 on top. Then, run tst_default.

      It occurs just after tst_controls::Default::Action::cleanupTestCase():

      =================================================================
==31163==ERROR: AddressSanitizer: heap-use-after-free on address 0x60400009be9c at pc 0x7f81f7956a44 bp 0x7f81e1564740 sp 0x7f81e1564730
READ of size 4 at 0x60400009be9c thread T9 (QQmlThread)
    #0 0x7f81f7956a43 in QHashedString::compare(QChar const*, QChar const*, int) /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/ftw/qhashedstring.cpp:81
    #1 0x7f81f76fc32d in QHashedStringRef::operator==(QHashedStringRef const&) const /home/mitch/dev/qt-dev2-debug/qtbase/include/QtQml/6.0.0/QtQml/private/../../../../../../../qt-dev2/qtdeclarative/src/qml/qml/ftw/qhashedstring_p.h:295
    #2 0x7f81f770d708 in QHashPrivate::Data<QHashPrivate::MultiNode<QHashedStringRef, QQmlTypePrivate*> >::find(QHashedStringRef const&) const /home/mitch/dev/qt-dev2-debug/qtbase/include/QtCore/../../../../qt-dev2/qtbase/src/corelib/tools/qhash.h:568
    #3 0x7f81f7702024 in QMultiHash<QHashedStringRef, QQmlTypePrivate*>::constFind(QHashedStringRef const&) const (/home/mitch/dev/qt-dev2-debug/qtbase/lib/libQt6Qml.so.6+0x9ff024)
    #4 0x7f81f76f6a16 in QQmlMetaType::qmlType(QHashedStringRef const&, QHashedStringRef const&, QTypeRevision) /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmlmetatype.cpp:1229
    #5 0x7f81f77ef1d2 in QQmlImportInstance::resolveType(QQmlTypeLoader*, QHashedStringRef const&, QTypeRevision*, QQmlType*, QString*, bool*, QQmlType::RegistrationType, QQmlImport::RecursionRestriction, QList<QQmlError>*) const /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmlimport.cpp:726
    #6 0x7f81f77f4475 in QQmlImportNamespace::resolveType(QQmlTypeLoader*, QHashedStringRef const&, QTypeRevision*, QQmlType*, QString*, QList<QQmlError>*, QQmlType::RegistrationType, bool*) /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmlimport.cpp:1019
    #7 0x7f81f77f1497 in operator() /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmlimport.cpp:886
    #8 0x7f81f77f22d7 in QQmlImportsPrivate::resolveType(QHashedStringRef const&, QTypeRevision*, QQmlType*, QList<QQmlError>*, QQmlType::RegistrationType, bool*) /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmlimport.cpp:902
    #9 0x7f81f77ebe79 in QQmlImports::resolveType(QHashedStringRef const&, QQmlType*, QTypeRevision*, QQmlImportNamespace**, QList<QQmlError>*, QQmlType::RegistrationType, bool*) const /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmlimport.cpp:625
    #10 0x7f81f7603245 in QQmlTypeData::resolveType(QString const&, QTypeRevision&, QQmlTypeData::TypeReference&, int, int, bool, QQmlType::RegistrationType, bool*) /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmltypedata.cpp:989
    #11 0x7f81f76005ce in QQmlTypeData::resolveTypes() /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmltypedata.cpp:864
    #12 0x7f81f75fdfd5 in QQmlTypeData::allDependenciesDone() /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmltypedata.cpp:744
    #13 0x7f81f77725f5 in QQmlTypeLoader::setData(QQmlDataBlob*, QQmlDataBlob::SourceCodeData const&) /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmltypeloader.cpp:450
    #14 0x7f81f777234e in QQmlTypeLoader::setData(QQmlDataBlob*, QString const&) /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmltypeloader.cpp:437
    #15 0x7f81f7770be4 in QQmlTypeLoader::loadThread(QQmlDataBlob*) /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmltypeloader.cpp:299
    #16 0x7f81f763b90f in QQmlTypeLoaderThread::loadThread(QQmlDataBlob*) /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmltypeloaderthread.cpp:162
    #17 0x7f81f763c06e in void QQmlThread::callMethodInThread<QQmlDataBlob*, QQmlDataBlob*, QQmlTypeLoaderThread>(void (QQmlTypeLoaderThread::*)(QQmlDataBlob*), QQmlDataBlob* const&)::I::call(QQmlThread*) /home/mitch/dev/qt-dev2-debug/qtbase/include/QtQml/6.0.0/QtQml/private/../../../../../../../qt-dev2/qtdeclarative/src/qml/qml/ftw/qqmlthread_p.h:164
    #18 0x7f81f795a9f5 in QQmlThreadPrivate::threadEvent() /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/ftw/qqmlthread.cpp:198
    #19 0x7f81f795a4cb in QQmlThreadPrivate::event(QEvent*) /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/ftw/qqmlthread.cpp:142
    #20 0x7f81fbe0bc93 in QCoreApplicationPrivate::notify_helper(QObject*, QEvent*) /home/mitch/dev/qt-dev2/qtbase/src/corelib/kernel/qcoreapplication.cpp:1238
    #21 0x7f81fbe0b430 in doNotify /home/mitch/dev/qt-dev2/qtbase/src/corelib/kernel/qcoreapplication.cpp:1167
    #22 0x7f81fbe0b307 in QCoreApplication::notify(QObject*, QEvent*) /home/mitch/dev/qt-dev2/qtbase/src/corelib/kernel/qcoreapplication.cpp:1153
    #23 0x7f81fd56f548 in QGuiApplication::notify(QObject*, QEvent*) /home/mitch/dev/qt-dev2/qtbase/src/gui/kernel/qguiapplication.cpp:1890
    #24 0x7f81fbe0b12f in QCoreApplication::notifyInternal2(QObject*, QEvent*) /home/mitch/dev/qt-dev2/qtbase/src/corelib/kernel/qcoreapplication.cpp:1077
    #25 0x7f81fbe0c788 in QCoreApplication::sendEvent(QObject*, QEvent*) /home/mitch/dev/qt-dev2/qtbase/src/corelib/kernel/qcoreapplication.cpp:1472
    #26 0x7f81fbe0ec85 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) /home/mitch/dev/qt-dev2/qtbase/src/corelib/kernel/qcoreapplication.cpp:1831
    #27 0x7f81fbe0d7e9 in QCoreApplication::sendPostedEvents(QObject*, int) /home/mitch/dev/qt-dev2/qtbase/src/corelib/kernel/qcoreapplication.cpp:1690
    #28 0x7f81fbf7e62c in postEventSourceDispatch /home/mitch/dev/qt-dev2/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:277
    #29 0x7f81f60f0416 in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4c416)
    #30 0x7f81f60f064f  (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4c64f)
    #31 0x7f81f60f06db in g_main_context_iteration (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4c6db)
    #32 0x7f81fbf7fb5f in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) /home/mitch/dev/qt-dev2/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:423
    #33 0x7f81fbe01675 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) /home/mitch/dev/qt-dev2/qtbase/src/corelib/kernel/qeventloop.cpp:139
    #34 0x7f81fbe0200a in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) /home/mitch/dev/qt-dev2/qtbase/src/corelib/kernel/qeventloop.cpp:232
    #35 0x7f81fb8097ea in QThread::exec() /home/mitch/dev/qt-dev2/qtbase/src/corelib/thread/qthread.cpp:538
    #36 0x7f81f795a5a3 in QQmlThreadPrivate::run() /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/ftw/qqmlthread.cpp:155
    #37 0x7f81fb80fc16 in QThreadPrivate::start(void*) /home/mitch/dev/qt-dev2/qtbase/src/corelib/thread/qthread_unix.cpp:342
    #38 0x7f81fa6126da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)
    #39 0x7f81fad5788e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x12188e)

0x60400009be9c is located 12 bytes inside of 36-byte region [0x60400009be90,0x60400009beb4)
freed by thread T0 here:
    #0 0x7f82017877a8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7a8)
    #1 0x7f81fb84da6e in QArrayData::deallocate(QArrayData*, unsigned long, unsigned long) /home/mitch/dev/qt-dev2/qtbase/src/corelib/tools/qarraydata.cpp:281
    #2 0x7f81f6f09fb4 in QTypedArrayData<char16_t>::deallocate(QArrayData*) /home/mitch/dev/qt-dev2-debug/qtbase/include/QtCore/../../../../qt-dev2/qtbase/src/corelib/tools/qarraydata.h:231
    #3 0x7f81f6f0975c in QArrayDataPointer<char16_t>::~QArrayDataPointer() /home/mitch/dev/qt-dev2-debug/qtbase/include/QtCore/../../../../qt-dev2/qtbase/src/corelib/tools/qarraydatapointer.h:140
    #4 0x7f81f6f08af7 in QString::~QString() /home/mitch/dev/qt-dev2-debug/qtbase/include/QtCore/../../../../qt-dev2/qtbase/src/corelib/text/qstring.h:1113
    #5 0x7f81f7752c49 in QQmlTypePrivate::~QQmlTypePrivate() /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmltype.cpp:94
    #6 0x7f81f7752c85 in QQmlTypePrivate::~QQmlTypePrivate() /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmltype.cpp:118
    #7 0x7f81f70ee642 in QQmlRefCount::release() const /home/mitch/dev/qt-dev2-debug/qtbase/include/QtQml/6.0.0/QtQml/private/../../../../../../../qt-dev2/qtdeclarative/src/qml/qml/ftw/qqmlrefcount_p.h:129
    #8 0x7f81f775d7fd in QQmlRefPointer<QQmlTypePrivate const>::~QQmlRefPointer() /home/mitch/dev/qt-dev2-debug/qtbase/include/QtQml/6.0.0/QtQml/private/../../../../../../../qt-dev2/qtdeclarative/src/qml/qml/ftw/qqmlrefcount_p.h:167
    #9 0x7f81f775da98 in QQmlRefPointer<QQmlTypePrivate const>::operator=(QQmlRefPointer<QQmlTypePrivate const>&&) /home/mitch/dev/qt-dev2-debug/qtbase/include/QtQml/6.0.0/QtQml/private/../../../../../../../qt-dev2/qtdeclarative/src/qml/qml/ftw/qqmlrefcount_p.h:182
    #10 0x7f81f7752d4e in QQmlType::operator=(QQmlType&&) /home/mitch/dev/qt-dev2-debug/qtbase/include/QtQml/6.0.0/QtQml/private/../../../../../../../qt-dev2/qtdeclarative/src/qml/qml/qqmltype_p.h:80
    #11 0x7f81f76f87f1 in QQmlMetaType::freeUnusedTypesAndCaches() /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmlmetatype.cpp:1374
    #12 0x7f81f777e367 in QQmlTypeLoader::clearCache() /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmltypeloader.cpp:1217
    #13 0x7f81f7778217 in QQmlTypeLoader::~QQmlTypeLoader() /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmltypeloader.cpp:822
    #14 0x7f81f765dd5b in QQmlEnginePrivate::~QQmlEnginePrivate() /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmlengine.cpp:631
    #15 0x7f81f765ded3 in QQmlEnginePrivate::~QQmlEnginePrivate() /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmlengine.cpp:659
    #16 0x7f81fbecd55b in QScopedPointerDeleter<QObjectData>::cleanup(QObjectData*) ../../include/QtCore/../../../../qt-dev2/qtbase/src/corelib/tools/qscopedpointer.h:60
    #17 0x7f81fbec877b in QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> >::~QScopedPointer() ../../include/QtCore/../../../../qt-dev2/qtbase/src/corelib/tools/qscopedpointer.h:107
    #18 0x7f81fbeac5eb in QObject::~QObject() /home/mitch/dev/qt-dev2/qtbase/src/corelib/kernel/qobject.cpp:966
    #19 0x7f81f70e9300 in QJSEngine::~QJSEngine() /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/jsapi/qjsengine.cpp:367
    #20 0x7f81f766008c in QQmlEngine::~QQmlEngine() /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmlengine.cpp:966
    #21 0x7f8201412164 in quick_test_main_with_setup(int, char**, char const*, char const*, QObject*) /home/mitch/dev/qt-dev2/qtdeclarative/src/qmltest/quicktest.cpp:543
    #22 0x7f820140d4cd in quick_test_main(int, char**, char const*, char const*) /home/mitch/dev/qt-dev2/qtdeclarative/src/qmltest/quicktest.cpp:367
    #23 0x5601a3f85eeb in main /home/mitch/dev/qt-dev2/qtquickcontrols2/tests/auto/controls/default/tst_default.cpp:43
    #24 0x7f81fac57b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

previously allocated by thread T4 (QQmlThread) here:
    #0 0x7f8201787b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    #1 0x7f81fb84d172 in allocateData /home/mitch/dev/qt-dev2/qtbase/src/corelib/tools/qarraydata.cpp:184
    #2 0x7f81fb84d400 in QArrayData::allocate(QArrayData**, unsigned long, unsigned long, unsigned long, QFlags<QArrayData::ArrayOption>) /home/mitch/dev/qt-dev2/qtbase/src/corelib/tools/qarraydata.cpp:230
    #3 0x7f81fba17a9b in QTypedArrayData<char16_t>::allocate(unsigned long, QFlags<QArrayData::ArrayOption>) ../../include/QtCore/../../../../qt-dev2/qtbase/src/corelib/tools/qarraydata.h:211
    #4 0x7f81fb9dcddc in QString::QString(QChar const*, int) /home/mitch/dev/qt-dev2/qtbase/src/corelib/text/qstring.cpp:2133
    #5 0x7f81f795780e in QHashedStringRef::toString() const /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/ftw/qhashedstring.cpp:161
    #6 0x7f81f76f2b21 in QQmlMetaType::typeForUrl(QString const&, QHashedStringRef const&, bool, QList<QQmlError>*, QTypeRevision) /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmlmetatype.cpp:860
    #7 0x7f81f77f0781 in QQmlImportInstance::resolveType(QQmlTypeLoader*, QHashedStringRef const&, QTypeRevision*, QQmlType*, QString*, bool*, QQmlType::RegistrationType, QQmlImport::RecursionRestriction, QList<QQmlError>*) const /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmlimport.cpp:825
    #8 0x7f81f77f4475 in QQmlImportNamespace::resolveType(QQmlTypeLoader*, QHashedStringRef const&, QTypeRevision*, QQmlType*, QString*, QList<QQmlError>*, QQmlType::RegistrationType, bool*) /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmlimport.cpp:1019
    #9 0x7f81f77f1497 in operator() /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmlimport.cpp:886
    #10 0x7f81f77f22d7 in QQmlImportsPrivate::resolveType(QHashedStringRef const&, QTypeRevision*, QQmlType*, QList<QQmlError>*, QQmlType::RegistrationType, bool*) /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmlimport.cpp:902
    #11 0x7f81f77ebe79 in QQmlImports::resolveType(QHashedStringRef const&, QQmlType*, QTypeRevision*, QQmlImportNamespace**, QList<QQmlError>*, QQmlType::RegistrationType, bool*) const /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmlimport.cpp:625
    #12 0x7f81f7603245 in QQmlTypeData::resolveType(QString const&, QTypeRevision&, QQmlTypeData::TypeReference&, int, int, bool, QQmlType::RegistrationType, bool*) /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmltypedata.cpp:989
    #13 0x7f81f76005ce in QQmlTypeData::resolveTypes() /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmltypedata.cpp:864
    #14 0x7f81f75fdfd5 in QQmlTypeData::allDependenciesDone() /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmltypedata.cpp:744
    #15 0x7f81f77725f5 in QQmlTypeLoader::setData(QQmlDataBlob*, QQmlDataBlob::SourceCodeData const&) /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmltypeloader.cpp:450
    #16 0x7f81f777234e in QQmlTypeLoader::setData(QQmlDataBlob*, QString const&) /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmltypeloader.cpp:437
    #17 0x7f81f7770be4 in QQmlTypeLoader::loadThread(QQmlDataBlob*) /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmltypeloader.cpp:299
    #18 0x7f81f763b90f in QQmlTypeLoaderThread::loadThread(QQmlDataBlob*) /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmltypeloaderthread.cpp:162
    #19 0x7f81f763c06e in void QQmlThread::callMethodInThread<QQmlDataBlob*, QQmlDataBlob*, QQmlTypeLoaderThread>(void (QQmlTypeLoaderThread::*)(QQmlDataBlob*), QQmlDataBlob* const&)::I::call(QQmlThread*) /home/mitch/dev/qt-dev2-debug/qtbase/include/QtQml/6.0.0/QtQml/private/../../../../../../../qt-dev2/qtdeclarative/src/qml/qml/ftw/qqmlthread_p.h:164
    #20 0x7f81f795a9f5 in QQmlThreadPrivate::threadEvent() /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/ftw/qqmlthread.cpp:198
    #21 0x7f81f795a4cb in QQmlThreadPrivate::event(QEvent*) /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/ftw/qqmlthread.cpp:142
    #22 0x7f81fbe0bc93 in QCoreApplicationPrivate::notify_helper(QObject*, QEvent*) /home/mitch/dev/qt-dev2/qtbase/src/corelib/kernel/qcoreapplication.cpp:1238
    #23 0x7f81fbe0b430 in doNotify /home/mitch/dev/qt-dev2/qtbase/src/corelib/kernel/qcoreapplication.cpp:1167
    #24 0x7f81fbe0b307 in QCoreApplication::notify(QObject*, QEvent*) /home/mitch/dev/qt-dev2/qtbase/src/corelib/kernel/qcoreapplication.cpp:1153
    #25 0x7f81fd56f548 in QGuiApplication::notify(QObject*, QEvent*) /home/mitch/dev/qt-dev2/qtbase/src/gui/kernel/qguiapplication.cpp:1890
    #26 0x7f81fbe0b12f in QCoreApplication::notifyInternal2(QObject*, QEvent*) /home/mitch/dev/qt-dev2/qtbase/src/corelib/kernel/qcoreapplication.cpp:1077
    #27 0x7f81fbe0c788 in QCoreApplication::sendEvent(QObject*, QEvent*) /home/mitch/dev/qt-dev2/qtbase/src/corelib/kernel/qcoreapplication.cpp:1472
    #28 0x7f81fbe0ec85 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) /home/mitch/dev/qt-dev2/qtbase/src/corelib/kernel/qcoreapplication.cpp:1831
    #29 0x7f81fbe0d7e9 in QCoreApplication::sendPostedEvents(QObject*, int) /home/mitch/dev/qt-dev2/qtbase/src/corelib/kernel/qcoreapplication.cpp:1690

Thread T9 (QQmlThread) created by T0 here:
    #0 0x7f82016e0d2f in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x37d2f)
    #1 0x7f81fb811453 in QThread::start(QThread::Priority) /home/mitch/dev/qt-dev2/qtbase/src/corelib/thread/qthread_unix.cpp:727
    #2 0x7f81f795ad3a in QQmlThread::startup() /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/ftw/qqmlthread.cpp:234
    #3 0x7f81f763b11f in QQmlTypeLoaderThread::QQmlTypeLoaderThread(QQmlTypeLoader*) /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmltypeloaderthread.cpp:57
    #4 0x7f81f77780c4 in QQmlTypeLoader::QQmlTypeLoader(QQmlEngine*) /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmltypeloader.cpp:809
    #5 0x7f81f765d0fc in QQmlEnginePrivate::QQmlEnginePrivate(QQmlEngine*) /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmlengine.cpp:627
    #6 0x7f81f765fc6e in QQmlEngine::QQmlEngine(QObject*) /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmlengine.cpp:940
    #7 0x7f8201410440 in quick_test_main_with_setup(int, char**, char const*, char const*, QObject*) /home/mitch/dev/qt-dev2/qtdeclarative/src/qmltest/quicktest.cpp:525
    #8 0x7f820140d4cd in quick_test_main(int, char**, char const*, char const*) /home/mitch/dev/qt-dev2/qtdeclarative/src/qmltest/quicktest.cpp:367
    #9 0x5601a3f85eeb in main /home/mitch/dev/qt-dev2/qtquickcontrols2/tests/auto/controls/default/tst_default.cpp:43
    #10 0x7f81fac57b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

Thread T4 (QQmlThread) created by T0 here:
    #0 0x7f82016e0d2f in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x37d2f)
    #1 0x7f81fb811453 in QThread::start(QThread::Priority) /home/mitch/dev/qt-dev2/qtbase/src/corelib/thread/qthread_unix.cpp:727
    #2 0x7f81f795ad3a in QQmlThread::startup() /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/ftw/qqmlthread.cpp:234
    #3 0x7f81f763b11f in QQmlTypeLoaderThread::QQmlTypeLoaderThread(QQmlTypeLoader*) /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmltypeloaderthread.cpp:57
    #4 0x7f81f77780c4 in QQmlTypeLoader::QQmlTypeLoader(QQmlEngine*) /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmltypeloader.cpp:809
    #5 0x7f81f765d0fc in QQmlEnginePrivate::QQmlEnginePrivate(QQmlEngine*) /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmlengine.cpp:627
    #6 0x7f81f765fc6e in QQmlEngine::QQmlEngine(QObject*) /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/qqmlengine.cpp:940
    #7 0x7f8201410440 in quick_test_main_with_setup(int, char**, char const*, char const*, QObject*) /home/mitch/dev/qt-dev2/qtdeclarative/src/qmltest/quicktest.cpp:525
    #8 0x7f820140d4cd in quick_test_main(int, char**, char const*, char const*) /home/mitch/dev/qt-dev2/qtdeclarative/src/qmltest/quicktest.cpp:367
    #9 0x5601a3f85eeb in main /home/mitch/dev/qt-dev2/qtquickcontrols2/tests/auto/controls/default/tst_default.cpp:43
    #10 0x7f81fac57b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

SUMMARY: AddressSanitizer: heap-use-after-free /home/mitch/dev/qt-dev2/qtdeclarative/src/qml/qml/ftw/qhashedstring.cpp:81 in QHashedString::compare(QChar const*, QChar const*, int)
Shadow bytes around the buggy address:
  0x0c088000b780: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
  0x0c088000b790: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fd
  0x0c088000b7a0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
  0x0c088000b7b0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fd
  0x0c088000b7c0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
=>0x0c088000b7d0: fa fa fd[fd]fd fd fd fa fa fa 00 00 00 00 00 fa
  0x0c088000b7e0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
  0x0c088000b7f0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fd
  0x0c088000b800: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
  0x0c088000b810: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fa
  0x0c088000b820: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==31163==ABORTING

      Attachments

        Issue Links

          is required for

          Task - A task that needs to be done. QTBUG-82922 Register types declaratively

          • P2: Important - Urgent, should be fixed, but will not stop the release.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              mitch_curtis Mitch Curtis
              mitch_curtis Mitch Curtis
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes