Details
-
Bug
-
Resolution: Out of scope
-
Not Evaluated
-
None
-
5.15.0
-
None
Description
In an app I am developing (source is here: http://gitlab.com/rpdev/opentodolist/) I am currently getting feedback from users that they are seeing crashes in the lastest version. The only change I see that happened that could have introduced this IMAO is that I update the app from Qt 5.14.x to 5.15.
Basically, the crash occurs when I am calling QJsonDocument::fromBinaryData() on a QByteArray that is read from an LMDB cache:
ItemCacheEntry ItemCacheEntry::fromByteArray(const QByteArray& data, const QByteArray& id) { ItemCacheEntry result; auto map = QJsonDocument::fromBinaryData(data).toVariant().toMap(); if (map["type"] == Item::staticMetaObject.className()) { result.valid = true; result.id = QUuid(id); result.data = map["data"]; result.metaData = map["meta"]; result.parentId = map["parent"].toUuid(); } return result; }
This used to work great in the past and also does for the current release of the app in most cases. However, as mentioned, some users report crashes. Here is an except from an adb log on a device where the issue occurs:
20726 F libc : Fatal signal 7 (SIGBUS), code 1, fault addr 0x8a4ffdde in tid 20726 (Thread (pooled)) 08-09 15:42:04.362 20727 20727 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** 08-09 15:42:04.362 20727 20727 F DEBUG : Build fingerprint: 'samsung/j5xnltexx/j5xnlte:7.1.1/NMF26X/J510FNXXS3BSH2:user/release-keys' 08-09 15:42:04.362 20727 20727 F DEBUG : Revision: '4' 08-09 15:42:04.362 20727 20727 F DEBUG : ABI: 'arm' 08-09 15:42:04.362 20727 20727 F DEBUG : pid: 20280, tid: 20726, name: Thread (pooled) >>> net.rpdev.opentodolist <<< 08-09 15:42:04.362 20727 20727 F DEBUG : signal 7 (SIGBUS), code 1 (BUS_ADRALN), fault addr 0x8a4ffdde 08-09 15:42:04.362 20727 20727 F DEBUG : r0 51a739f4 r1 000000f8 r2 000000f8 r3 00000100 08-09 15:42:04.362 20727 20727 F DEBUG : r4 8a4ffdda r5 8a4ffdd2 r6 b245b008 r7 89aeec10 08-09 15:42:04.362 20727 20727 F DEBUG : r8 00000000 r9 b245b008 sl 89faf750 fp 89faf780 08-09 15:42:04.362 20727 20727 F DEBUG : ip b245688c sp 89aeebe8 lr 95cbca19 pc 95cd11a2 cpsr 600f0030 08-09 15:42:04.378 20727 20727 F DEBUG : 08-09 15:42:04.378 20727 20727 F DEBUG : backtrace: 08-09 15:42:04.378 20727 20727 F DEBUG : #00 pc 001c21a2 /data/app/net.rpdev.opentodolist-1/lib/arm/libQt5Core_armeabi-v7a.so 08-09 15:42:04.378 20727 20727 F DEBUG : #01 pc 001ada15 /data/app/net.rpdev.opentodolist-1/lib/arm/libQt5Core_armeabi-v7a.so (_ZN13QJsonDocument14fromBinaryDataERK10QByteArrayNS_14DataValidationE+92) 08-09 15:42:04.378 20727 20727 F DEBUG : #02 pc 00081fff /data/app/net.rpdev.opentodolist-1/lib/arm/libopentodolist-core_armeabi-v7a.so (_ZN14ItemCacheEntry13fromByteArrayERK10QByteArrayS2_+42) 08-09 15:42:04.378 20727 20727 F DEBUG : #03 pc 0008cd45 /data/app/net.rpdev.opentodolist-1/lib/arm/libopentodolist-core_armeabi-v7a.so (_ZN10ItemsQuery13markAsChangedEPN5QLMDB11TransactionE10QByteArray+96) 08-09 15:42:04.378 20727 20727 F DEBUG : #04 pc 0008c015 /data/app/net.rpdev.opentodolist-1/lib/arm/libopentodolist-core_armeabi-v7a.so (_ZN24InsertOrUpdateItemsQuery3runEv+348) 08-09 15:42:04.378 20727 20727 F DEBUG : #05 pc 000880ff /data/app/net.rpdev.opentodolist-1/lib/arm/libopentodolist-core_armeabi-v7a.so (_ZN18ItemsQueryRunnable3runEv+130) 08-09 15:42:04.378 20727 20727 F DEBUG : #06 pc 000a0c0f /data/app/net.rpdev.opentodolist-1/lib/arm/libQt5Core_armeabi-v7a.so 08-09 15:42:04.378 20727 20727 F DEBUG : #07 pc 0009f1d7 /data/app/net.rpdev.opentodolist-1/lib/arm/libQt5Core_armeabi-v7a.so 08-09 15:42:04.379 20727 20727 F DEBUG : #08 pc 00047b93 /system/lib/libc.so (_ZL15__pthread_startPv+22) 08-09 15:42:04.379 20727 20727 F DEBUG : #09 pc 00019fb1 /system/lib/libc.so (__start_thread+6)
I created a disassembly of the Qt Core library. Looking at the faulting address, it seems to be the data validation that fails (i.e. the ldrd instruction):
001c2184 <QBinaryJsonPrivate::Object::isValid(unsigned int) const>: 1c2184: b5f0 push {r4, r5, r6, r7, lr} 1c2186: af03 add r7, sp, #12 1c2188: e92d 07f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl} 1c218c: 4604 mov r4, r0 1c218e: 4834 ldr r0, [pc, #208] ; (1c2260 <QBinaryJsonPrivate::Object::isValid(unsigned i nt) const+0xdc>) 1c2190: 4478 add r0, pc 1c2192: f8d0 9000 ldr.w r9, [r0] 1c2196: f8d9 0000 ldr.w r0, [r9] 1c219a: 9003 str r0, [sp, #12] 1c219c: 6822 ldr r2, [r4, #0] 1c219e: 428a cmp r2, r1 1c21a0: d808 bhi.n 1c21b4 <QBinaryJsonPrivate::Object::isValid(unsigned int) const+0x30> 1c21a2: e9d4 0101 ldrd r0, r1, [r4, #4]
From my humble understanding of the ARM instruction set and the error that is reported, it seems like a badly aligned memory access.
Let me know if you need more details from my side to better understand the issue