Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-86114

Crash in QJsonDocument::fromBinaryData

    XMLWordPrintable

Details

    • Bug
    • Resolution: Out of scope
    • Not Evaluated
    • None
    • 5.15.0
    • Core: I/O
    • None
    • Android

    Description

      In an app I am developing (source is here: http://gitlab.com/rpdev/opentodolist/) I am currently getting feedback from users that they are seeing crashes in the lastest version. The only change I see that happened that could have introduced this IMAO is that I update the app from Qt 5.14.x to 5.15.

      Basically, the crash occurs when I am calling QJsonDocument::fromBinaryData() on a QByteArray that is read from an LMDB cache:

       

      ItemCacheEntry ItemCacheEntry::fromByteArray(const QByteArray& data, const QByteArray& id)
{
    ItemCacheEntry result;
    auto map = QJsonDocument::fromBinaryData(data).toVariant().toMap();
    if (map["type"] == Item::staticMetaObject.className()) {
        result.valid = true;
        result.id = QUuid(id);
        result.data = map["data"];
        result.metaData = map["meta"];
        result.parentId = map["parent"].toUuid();
    }
    return result;
}

       

      This used to work great in the past and also does for the current release of the app in most cases. However, as mentioned, some users report crashes. Here is an except from an adb log on a device where the issue occurs:

       

      20726 F libc    : Fatal signal 7 (SIGBUS), code 1, fault addr 0x8a4ffdde in tid 20726 (Thread (pooled))
08-09 15:42:04.362 20727 20727 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
08-09 15:42:04.362 20727 20727 F DEBUG   : Build fingerprint: 'samsung/j5xnltexx/j5xnlte:7.1.1/NMF26X/J510FNXXS3BSH2:user/release-keys'
08-09 15:42:04.362 20727 20727 F DEBUG   : Revision: '4'
08-09 15:42:04.362 20727 20727 F DEBUG   : ABI: 'arm'
08-09 15:42:04.362 20727 20727 F DEBUG   : pid: 20280, tid: 20726, name: Thread (pooled)  >>> net.rpdev.opentodolist <<<
08-09 15:42:04.362 20727 20727 F DEBUG   : signal 7 (SIGBUS), code 1 (BUS_ADRALN), fault addr 0x8a4ffdde
08-09 15:42:04.362 20727 20727 F DEBUG   :     r0 51a739f4  r1 000000f8  r2 000000f8  r3 00000100
08-09 15:42:04.362 20727 20727 F DEBUG   :     r4 8a4ffdda  r5 8a4ffdd2  r6 b245b008  r7 89aeec10
08-09 15:42:04.362 20727 20727 F DEBUG   :     r8 00000000  r9 b245b008  sl 89faf750  fp 89faf780
08-09 15:42:04.362 20727 20727 F DEBUG   :     ip b245688c  sp 89aeebe8  lr 95cbca19  pc 95cd11a2  cpsr 600f0030
08-09 15:42:04.378 20727 20727 F DEBUG   : 
08-09 15:42:04.378 20727 20727 F DEBUG   : backtrace:
08-09 15:42:04.378 20727 20727 F DEBUG   :     #00 pc 001c21a2  /data/app/net.rpdev.opentodolist-1/lib/arm/libQt5Core_armeabi-v7a.so
08-09 15:42:04.378 20727 20727 F DEBUG   :     #01 pc 001ada15  /data/app/net.rpdev.opentodolist-1/lib/arm/libQt5Core_armeabi-v7a.so (_ZN13QJsonDocument14fromBinaryDataERK10QByteArrayNS_14DataValidationE+92)
08-09 15:42:04.378 20727 20727 F DEBUG   :     #02 pc 00081fff  /data/app/net.rpdev.opentodolist-1/lib/arm/libopentodolist-core_armeabi-v7a.so (_ZN14ItemCacheEntry13fromByteArrayERK10QByteArrayS2_+42)
08-09 15:42:04.378 20727 20727 F DEBUG   :     #03 pc 0008cd45  /data/app/net.rpdev.opentodolist-1/lib/arm/libopentodolist-core_armeabi-v7a.so (_ZN10ItemsQuery13markAsChangedEPN5QLMDB11TransactionE10QByteArray+96)
08-09 15:42:04.378 20727 20727 F DEBUG   :     #04 pc 0008c015  /data/app/net.rpdev.opentodolist-1/lib/arm/libopentodolist-core_armeabi-v7a.so (_ZN24InsertOrUpdateItemsQuery3runEv+348)
08-09 15:42:04.378 20727 20727 F DEBUG   :     #05 pc 000880ff  /data/app/net.rpdev.opentodolist-1/lib/arm/libopentodolist-core_armeabi-v7a.so (_ZN18ItemsQueryRunnable3runEv+130)
08-09 15:42:04.378 20727 20727 F DEBUG   :     #06 pc 000a0c0f  /data/app/net.rpdev.opentodolist-1/lib/arm/libQt5Core_armeabi-v7a.so
08-09 15:42:04.378 20727 20727 F DEBUG   :     #07 pc 0009f1d7  /data/app/net.rpdev.opentodolist-1/lib/arm/libQt5Core_armeabi-v7a.so
08-09 15:42:04.379 20727 20727 F DEBUG   :     #08 pc 00047b93  /system/lib/libc.so (_ZL15__pthread_startPv+22)
08-09 15:42:04.379 20727 20727 F DEBUG   :     #09 pc 00019fb1  /system/lib/libc.so (__start_thread+6)

      I created a disassembly of the Qt Core library. Looking at the faulting address, it seems to be the data validation that fails (i.e. the ldrd instruction):

       

       

      001c2184 <QBinaryJsonPrivate::Object::isValid(unsigned int) const>:
  1c2184:       b5f0            push    {r4, r5, r6, r7, lr}
  1c2186:       af03            add     r7, sp, #12
  1c2188:       e92d 07f0       stmdb   sp!, {r4, r5, r6, r7, r8, r9, sl}
  1c218c:       4604            mov     r4, r0
  1c218e:       4834            ldr     r0, [pc, #208]  ; (1c2260 <QBinaryJsonPrivate::Object::isValid(unsigned i
nt) const+0xdc>)
  1c2190:       4478            add     r0, pc
  1c2192:       f8d0 9000       ldr.w   r9, [r0]
  1c2196:       f8d9 0000       ldr.w   r0, [r9]
  1c219a:       9003            str     r0, [sp, #12]
  1c219c:       6822            ldr     r2, [r4, #0]
  1c219e:       428a            cmp     r2, r1
  1c21a0:       d808            bhi.n   1c21b4 <QBinaryJsonPrivate::Object::isValid(unsigned int) const+0x30>
  1c21a2:       e9d4 0101       ldrd    r0, r1, [r4, #4]

      From my humble understanding of the ARM instruction set and the error that is reported, it seems like a badly aligned memory access.

      Let me know if you need more details from my side to better understand the issue

       

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            thiago Thiago Macieira
            mhoeher Martin Höher
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes