Details
-
Bug
-
Resolution: Unresolved
-
P4: Low
-
None
-
6.0.0 Alpha
-
None
-
Linux, clang version 10.0.0
Description
Building today's qtbase dev branch with
-platform linux-clang-libc++ -sanitize address
leads to
/d/qt/5/kdab/qtbase-dev/build-asan/src/gui/qvkgen_wrapper.sh /d/qt/5/kdab/qtbase-dev/src/gui/vulkan/vk.xml /d/qt/5/kdab/qtbase-dev/header.LGPL vulkan/qvulkanfunctions ================================================================= ==11117==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60300000119f at pc 0x7f2f620edc54 bp 0x7ffeade91130 sp 0x7ffeade91128 READ of size 16 at 0x60300000119f thread T0 #0 0x7f2f620edc53 in aeshash(unsigned char const*, unsigned long, unsigned long) /d/qt/5/kdab/qtbase-dev/src/corelib/tools/qhash.cpp:491:20 #1 0x7f2f620ecfb5 in qHashBits(void const*, unsigned long, unsigned long) /d/qt/5/kdab/qtbase-dev/src/corelib/tools/qhash.cpp:527:16 #2 0x7f2f620ef169 in qHash(QStringView, unsigned long) /d/qt/5/kdab/qtbase-dev/src/corelib/tools/qhash.cpp:547:12 #3 0x7f2f62dc306f in QHashPrivate::Data<QHashPrivate::Node<QStringView, QXmlStreamReaderPrivate::Entity> >::find(QStringView const&) const /d/qt/5/kdab/qtbase-dev/build-asan/src/corelib/../../include/QtCore/../../../src/corelib/tools/qhash.h:554:23 #4 0x7f2f62dc442c in QHashPrivate::Data<QHashPrivate::Node<QStringView, QXmlStreamReaderPrivate::Entity> >::findOrInsert(QStringView const&) /d/qt/5/kdab/qtbase-dev/build-asan/src/corelib/../../include/QtCore/../../../src/corelib/tools/qhash.h:595:23 #5 0x7f2f62dc3f7b in QHash<QStringView, QXmlStreamReaderPrivate::Entity>::iterator QHash<QStringView, QXmlStreamReaderPrivate::Entity>::emplace<QXmlStreamReaderPrivate::Entity const&>(QStringView&&, QXmlStreamReaderPrivate::Entity const&) /d/qt/5/kdab/qtbase-dev/build-asan/src/corelib/../../include/QtCore/../../../src/corelib/tools/qhash.h:1134:26 #6 0x7f2f62dc3ca9 in QHash<QStringView, QXmlStreamReaderPrivate::Entity>::iterator QHash<QStringView, QXmlStreamReaderPrivate::Entity>::emplace<QXmlStreamReaderPrivate::Entity const&>(QStringView const&, QXmlStreamReaderPrivate::Entity const&) /d/qt/5/kdab/qtbase-dev/build-asan/src/corelib/../../include/QtCore/../../../src/corelib/tools/qhash.h:1126:16 #7 0x7f2f62dab69e in QHash<QStringView, QXmlStreamReaderPrivate::Entity>::insert(QStringView const&, QXmlStreamReaderPrivate::Entity const&) /d/qt/5/kdab/qtbase-dev/build-asan/src/corelib/../../include/QtCore/../../../src/corelib/tools/qhash.h:1104:16 #8 0x7f2f62d916e4 in QXmlStreamReaderPrivate::QXmlStreamReaderPrivate(QXmlStreamReader*) /d/qt/5/kdab/qtbase-dev/src/corelib/serialization/qxmlstream.cpp:813:5 #9 0x7f2f62d8c1e7 in QXmlStreamReader::QXmlStreamReader() /d/qt/5/kdab/qtbase-dev/src/corelib/serialization/qxmlstream.cpp:401:17 #10 0x4d6f2d in VkSpecParser::VkSpecParser() /d/qt/5/kdab/qtbase-dev/src/tools/qvkgen/qvkgen.cpp:35:7 #11 0x4d2672 in main /d/qt/5/kdab/qtbase-dev/src/tools/qvkgen/qvkgen.cpp:492:18 #12 0x7f2f60d9bf89 in __libc_start_main (/lib64/libc.so.6+0x20f89) #13 0x41f5f9 in _start /home/abuild/rpmbuild/BUILD/glibc-2.26/csu/../sysdeps/x86_64/start.S:1200x60300000119f is located 9 bytes to the right of 22-byte region [0x603000001180,0x603000001196) allocated by thread T0 here: #0 0x497d2d in __interceptor_malloc /home/abuild/rpmbuild/BUILD/llvm-10.0.0.src/build/../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3 #1 0x7f2f61fdbc97 in allocateData(long long, unsigned int) /d/qt/5/kdab/qtbase-dev/src/corelib/tools/qarraydata.cpp:159:52 #2 0x7f2f61fdb780 in QArrayData::allocate(QArrayData**, long long, long long, long long, QFlags<QArrayData::ArrayOption>) /d/qt/5/kdab/qtbase-dev/src/corelib/tools/qarraydata.cpp:193:26 #3 0x7f2f622e2a23 in QTypedArrayData<char16_t>::allocate(long long, QFlags<QArrayData::ArrayOption>) /d/qt/5/kdab/qtbase-dev/build-asan/src/corelib/../../include/QtCore/../../../src/corelib/tools/qarraydata.h:216:24 #4 0x7f2f622a3c38 in QString::fromLatin1_helper(char const*, long long) /d/qt/5/kdab/qtbase-dev/src/corelib/text/qstring.cpp:4987:25 #5 0x7f2f61ee9320 in QString::QString(QLatin1String) /d/qt/5/kdab/qtbase-dev/build-asan/src/corelib/../../include/QtCore/../../../src/corelib/text/qstring.h:992:52 #6 0x7f2f62db0cd0 in QXmlStreamReaderPrivate::Entity::createLiteral(QLatin1String, QLatin1String) /d/qt/5/kdab/qtbase-dev/src/corelib/serialization/qxmlstream_p.h:235:29 #7 0x7f2f62d915ff in QXmlStreamReaderPrivate::QXmlStreamReaderPrivate(QXmlStreamReader*) /d/qt/5/kdab/qtbase-dev/src/corelib/serialization/qxmlstream.cpp:813:5 #8 0x7f2f62d8c1e7 in QXmlStreamReader::QXmlStreamReader() /d/qt/5/kdab/qtbase-dev/src/corelib/serialization/qxmlstream.cpp:401:17 #9 0x4d6f2d in VkSpecParser::VkSpecParser() /d/qt/5/kdab/qtbase-dev/src/tools/qvkgen/qvkgen.cpp:35:7 #10 0x4d2672 in main /d/qt/5/kdab/qtbase-dev/src/tools/qvkgen/qvkgen.cpp:492:18 #11 0x7f2f60d9bf89 in __libc_start_main (/lib64/libc.so.6+0x20f89)SUMMARY: AddressSanitizer: heap-buffer-overflow /d/qt/5/kdab/qtbase-dev/src/corelib/tools/qhash.cpp:491:20 in aeshash(unsigned char const*, unsigned long, unsigned long) Shadow bytes around the buggy address: 0x0c067fff81e0: fa fa 00 00 00 04 fa fa fd fd fd fd fa fa fd fd 0x0c067fff81f0: fd fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa 0x0c067fff8200: fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fd 0x0c067fff8210: fa fa fd fd fd fd fa fa 00 00 00 00 fa fa fd fd 0x0c067fff8220: fd fd fa fa 00 00 00 00 fa fa 00 00 00 00 fa fa =>0x0c067fff8230: 00 00 06[fa]fa fa 00 00 04 fa fa fa fa fa fa fa 0x0c067fff8240: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c067fff8250: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c067fff8260: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c067fff8270: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c067fff8280: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==11117==ABORTING