Details
-
Bug
-
Resolution: Done
-
P1: Critical
-
6.0.0 Beta2
-
Ubuntu 18.04 LTS 64 bit, Ubuntu 20.04 LTS 64 bit
clang 10.0.0
-
488e72cce841c5caeed2c27052be146baf579c3e (qt/qtbase/dev) 5f935eeed4dadb58282cb8116de8589481a1e4e2 (qt/qtbase/5.15)
Description
- Have a build of Qt configured with "-release -sanitize address".
- Use that to build the attached project.
- Pass the attached markdown file to the resulting program:
./report newinput.md
It will crash with output like:
AddressSanitizer:DEADLYSIGNAL ================================================================= ==49288==ERROR: AddressSanitizer: SEGV on unknown address 0x000402445180 (pc 0x0000013dd71e bp 0x7ffeae983010 sp 0x7ffeae982ba0 T0) ==49288==The signal is caused by a READ memory access. #0 0x13dd71e in md_process_doc (/tmp/build-report/report+0x13dd71e) #1 0x13d842e in md_parse (/tmp/build-report/report+0x13d842e) #2 0xc99dfe in QTextMarkdownImporter::import(QTextDocument*, QString const&) (/tmp/build-report/report+0xc99dfe) #3 0xb34600 in QTextDocument::setMarkdown(QString const&, QFlags<QTextDocument::MarkdownFeature>) (/tmp/build-report/report+0xb34600) #4 0x4e151a in main (/tmp/build-report/report+0x4e151a) #5 0x7fd99ef1f0b2 in __libc_start_main /build/glibc-ZN95T4/glibc-2.31/csu/../csu/libc-start.c:308:16 #6 0x4368dd in _start (/tmp/build-report/report+0x4368dd)
Qt build from 5.15 branch does not seem to crash in this situation.
Attachments
For Gerrit Dashboard: QTBUG-87965 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
319591,1 | QTextMarkdownImporter::import: protect against null-terminators | dev | qt/qtbase | Status: ABANDONED | 0 | 0 |
320114,2 | Update third-party md4c to version 0.4.6 | 5.15 | qt/qtbase | Status: MERGED | +2 | 0 |
320118,2 | fuzzing: Add the first finding from fuzzing Qt6 | master | qt/qtqa | Status: MERGED | +2 | 0 |
320184,2 | Update third-party md4c to version 0.4.6 | dev | qt/qtbase | Status: MERGED | +2 | 0 |
320242,2 | fuzzing: Add the first finding from fuzzing Qt6 | dev | qt/qtqa | Status: MERGED | +2 | 0 |