Loading...

Details

Type: Bug
Resolution: Incomplete
Priority: P2: Important
Fix Version/s: None
Affects Version/s: 5.15.1
Component/s: GUI: OpenGL
Labels:
- CandidateForScale
- Reported_by_support_standard
Environment:
Android Note 9

Platform/s:

Android

Description

Creating a QSGTexture * with QQuickWindow::createTextureFromImage on a QImage with format RGBA8888, and then binding this texture can cause the application to crash with "stack corruption detected (-fstack-protector)" depending on Android device, device load, and size of the QImage:

10-22 15:03:49.115 1230 1230 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
10-22 15:03:49.115 1230 1230 F DEBUG : Build fingerprint: 'samsung/crownltexx/crownlte:10/QP1A.190711.020/N960FXXU6ETG3:user/release-keys'
10-22 15:03:49.115 1230 1230 F DEBUG : Revision: '28'
10-22 15:03:49.115 1230 1230 F DEBUG : ABI: 'arm64'
10-22 15:03:49.116 1230 1230 F DEBUG : Timestamp: 2020-10-22 15:03:49+0530
10-22 15:03:49.116 1230 1230 F DEBUG : pid: 656, tid: 854, name: QtThread >>> com.[package name removed] <<<
10-22 15:03:49.116 1230 1230 F DEBUG : uid: 10457
10-22 15:03:49.116 1230 1230 F DEBUG : signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
10-22 15:03:49.116 1230 1230 F DEBUG : Abort message: 'stack corruption detected (-fstack-protector)'
10-22 15:03:49.116 1230 1230 F DEBUG : x0 0000000000000000 x1 0000000000000356 x2 0000000000000006 x3 0000007c74473930
10-22 15:03:49.116 1230 1230 F DEBUG : x4 0000000000000000 x5 0000000000000000 x6 0000000000000000 x7 0000000000000030
10-22 15:03:49.116 1230 1230 F DEBUG : x8 00000000000000f0 x9 0000007dbea2b5e0 x10 0000000000000000 x11 0000000000000001
10-22 15:03:49.116 1230 1230 F DEBUG : x12 0000000000000028 x13 000000005f9151fc x14 000d87b5e7c4ef00 x15 00004e881dd7ac4a
10-22 15:03:49.116 1230 1230 F DEBUG : x16 0000007dbeaf98c0 x17 0000007dbead6880 x18 0000007c6fb22000 x19 00000000000000ac
10-22 15:03:49.116 1230 1230 F DEBUG : x20 0000000000000290 x21 00000000000000b2 x22 0000000000000356 x23 00000000ffffffff
10-22 15:03:49.116 1230 1230 F DEBUG : x24 0000007c9bb6d288 x25 0000000000000400 x26 0000000000000000 x27 0000007c31600780
10-22 15:03:49.116 1230 1230 F DEBUG : x28 0000007c74475020 x29 0000007c744739e0
10-22 15:03:49.116 1230 1230 F DEBUG : sp 0000007c74473910 lr 0000007dbea8a330 pc 0000007dbea8a360
10-22 15:03:49.121 1230 1230 F DEBUG : 
10-22 15:03:49.121 1230 1230 F DEBUG : backtrace:
10-22 15:03:49.121 1230 1230 F DEBUG : #00 pc 0000000000083360 /apex/com.android.runtime/lib64/bionic/libc.so (abort+176) (BuildId: 13817077d0d892b63e2f982cf91d02fa)
10-22 15:03:49.121 1230 1230 F DEBUG : #01 pc 00000000000cec4c /apex/com.android.runtime/lib64/bionic/libc.so (__stack_chk_fail+20) (BuildId: 13817077d0d892b63e2f982cf91d02fa)
10-22 15:03:49.121 1230 1230 F DEBUG : #02 pc 0000000000a6f998 /vendor/lib64/egl/libGLES_mali.so (BuildId: cbd4af4cc98e8f34a81ee28e61acc6bc)
10-22 15:03:49.121 1230 1230 F DEBUG : #03 pc 0000000000a6f760 /vendor/lib64/egl/libGLES_mali.so (BuildId: cbd4af4cc98e8f34a81ee28e61acc6bc)
10-22 15:03:49.122 1230 1230 F DEBUG : #04 pc 0000000000a28bf0 /vendor/lib64/egl/libGLES_mali.so (glTexImage2D+120) (BuildId: cbd4af4cc98e8f34a81ee28e61acc6bc)
10-22 15:03:49.122 1230 1230 F DEBUG : #05 pc 000000000031a9e4 /data/app/com.[package name removed]-cSf9Lr_dR2FlS272OraF7A==/lib/arm64/libQt5Gui_arm64-v8a.so (QOpenGLTextureUploader::textureImage(unsigned int, QImage const&, QFlags<QOpenGLTextureUploader::BindOption>, QSize)+1760) (BuildId: 119f8044fb2b6558ce489e2f730305ed5aa1925b)

As a workaround, changing the QImage format to RGBX8888 resolves the issue and the stack corruption does not happen. This crash is also not observed when using version 5.12.4 of Qt. The actual upload of the texture happens when QOpenGLTextureUploader::textureImage, and since setting the format to RGBX888 resolves the issue, we suspect that the conversion from Format_RGBA8888 to Format_RGBA8888_premultiplied is somehow causing this issue. Might it be related to some of the thread pools recently changed here: https://github.com/qt/qtbase/blob/5.15.1/src/gui/image/qimage_conversions.cpp ?

From the stack trace above it might seem that this issue crashes in the libGLES_mali.so somehow, but after investigating the OpenGL calls, the call to glTexImage2d is identical between the Format_RGBA8888 and Format_RGBX8888 case, so we suspect that the stack corruption happens somewhere else. (But who knows in the case of a stack corruption?)

I've tried to create a minimal reproducible example of this, by just creating a QImage with a big size inside the "updatePaintNode" in "beziercurve.cpp" in the customgeometry example, but have so far been unable to achieve the crash outside our product code. I won't spend more time trying to create a reproducible example of this, since we can resolve our issue with using Format_RGBX8888.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

qtbug_88199scenegraph.zip
47 kB
17 Dec '20 15:25

Issue Links

relates to

QTBUG-90705 qtquick3d dependency update failed on 'dev'

Closed

QTBUG-90629 Deadlock in QImage conversion, convert_generic_inplace hangs on futex

Closed

QTBUG-92188 Stack smashing detected using QImage::scaled

Closed

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Regression: Using QQuickWindow::createTextureFromImage on a QImage with RGBA8888 can cause the application to crash on certain Android devices.

Details

Description

Attachments

Attachments

Issue Links

Gerrit Reviews

Activity

People

Dates

Gerrit Reviews