Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-88512

Use-after-free in QXcbConnection::initializeScreens()

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P1: Critical
    • 5.12.11, 5.15.9, 6.0.0 RC
    • 5.15.1, 6.0.0 Beta4
    • QPA: X11/XCB
    • None
    • Linux/X11
    • 86b8c5c3f32c245795e9eab2a74e4b6982e5a496 (qt/qtbase/dev) a904254e0b710b05d099b273c5c723cf619d7471 (qt/qtbase/5.12) 9b6c9469add587e9ad50a85024eeb8287dad7af5 (qt/tqtc-qtbase/tqtc/lts-5.15)

    Description

      It can be reproduced by running Qt application in Xephyr.
      Here is the valgrind output:

      ==14979== Invalid read of size 4
==14979==    at 0xDDE0F6D: QXcbConnection::initializeScreens() (qxcbconnection_screens.cpp:318)
==14979==    by 0xDDCD0ED: QXcbConnection::QXcbConnection(QXcbNativeInterface*, bool, unsigned int, char const*) (qxcbconnection.cpp:103)
==14979==    by 0xDE11D9F: QXcbIntegration::QXcbIntegration(QList<QString> const&, int&, char**) (qxcbintegration.cpp:199)
==14979==    by 0xDB757BF: QXcbIntegrationPlugin::create(QString const&, QList<QString> const&, int&, char**) (qxcbmain.cpp:56)
==14979==    by 0x5102704: QPlatformIntegration* qLoadPlugin<QPlatformIntegration, QPlatformIntegrationPlugin, QList<QString> const&, int&, char**&>(QFactoryLoader const*, QString const&, QList<QString> const&, int&, char**&) (qfactoryloader_p.h:108)
==14979==    by 0x5102331: QPlatformIntegrationFactory::create(QString const&, QList<QString> const&, int&, char**, QString const&) (qplatformintegrationfactory.cpp:71)
==14979==    by 0x50B9B00: init_platform(QString const&, QString const&, QString const&, int&, char**) (qguiapplication.cpp:1213)
==14979==    by 0x50BCB10: QGuiApplicationPrivate::createPlatformIntegration() (qguiapplication.cpp:1488)
==14979==    by 0x50BCC8D: QGuiApplicationPrivate::createEventDispatcher() (qguiapplication.cpp:1505)
==14979==    by 0x6078D2C: QCoreApplicationPrivate::init() (qcoreapplication.cpp:827)
==14979==    by 0x50BCD75: QGuiApplicationPrivate::init() (qguiapplication.cpp:1534)
==14979==    by 0x50B82F2: QGuiApplication::QGuiApplication(int&, char**, int) (qguiapplication.cpp:656)
==14979==  Address 0xd528524 is 36 bytes inside a block of size 636 free'd
==14979==    at 0x4C2CE1B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==14979==    by 0xDDBC03F: QStdFreeDeleter::operator()(void*) const (qxcbconnection_basic.h:157)
==14979==    by 0xDDE2512: std::unique_ptr<xcb_randr_get_screen_resources_reply_t, QStdFreeDeleter>::~unique_ptr() (unique_ptr.h:263)
==14979==    by 0xDDE0E8F: QXcbConnection::initializeScreens() (qxcbconnection_screens.cpp:301)
==14979==    by 0xDDCD0ED: QXcbConnection::QXcbConnection(QXcbNativeInterface*, bool, unsigned int, char const*) (qxcbconnection.cpp:103)
==14979==    by 0xDE11D9F: QXcbIntegration::QXcbIntegration(QList<QString> const&, int&, char**) (qxcbintegration.cpp:199)
==14979==    by 0xDB757BF: QXcbIntegrationPlugin::create(QString const&, QList<QString> const&, int&, char**) (qxcbmain.cpp:56)
==14979==    by 0x5102704: QPlatformIntegration* qLoadPlugin<QPlatformIntegration, QPlatformIntegrationPlugin, QList<QString> const&, int&, char**&>(QFactoryLoader const*, QString const&, QList<QString> const&, int&, char**&) (qfactoryloader_p.h:108)
==14979==    by 0x5102331: QPlatformIntegrationFactory::create(QString const&, QList<QString> const&, int&, char**, QString const&) (qplatformintegrationfactory.cpp:71)
==14979==    by 0x50B9B00: init_platform(QString const&, QString const&, QString const&, int&, char**) (qguiapplication.cpp:1213)
==14979==    by 0x50BCB10: QGuiApplicationPrivate::createPlatformIntegration() (qguiapplication.cpp:1488)
==14979==    by 0x50BCC8D: QGuiApplicationPrivate::createEventDispatcher() (qguiapplication.cpp:1505)
==14979==  Block was alloc'd at
==14979==    at 0x4C2BBEF: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==14979==    by 0xC9B0AD2: ??? (in /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0)
==14979==    by 0xC9AEA3B: ??? (in /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0)
==14979==    by 0xC9B001E: ??? (in /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0)
==14979==    by 0xC9B0131: xcb_wait_for_reply (in /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0)
==14979==    by 0xDDE0DCC: QXcbConnection::initializeScreens() (qxcbconnection_screens.cpp:301)
==14979==    by 0xDDCD0ED: QXcbConnection::QXcbConnection(QXcbNativeInterface*, bool, unsigned int, char const*) (qxcbconnection.cpp:103)
==14979==    by 0xDE11D9F: QXcbIntegration::QXcbIntegration(QList<QString> const&, int&, char**) (qxcbintegration.cpp:199)
==14979==    by 0xDB757BF: QXcbIntegrationPlugin::create(QString const&, QList<QString> const&, int&, char**) (qxcbmain.cpp:56)
==14979==    by 0x5102704: QPlatformIntegration* qLoadPlugin<QPlatformIntegration, QPlatformIntegrationPlugin, QList<QString> const&, int&, char**&>(QFactoryLoader const*, QString const&, QList<QString> const&, int&, char**&) (qfactoryloader_p.h:108)
==14979==    by 0x5102331: QPlatformIntegrationFactory::create(QString const&, QList<QString> const&, int&, char**, QString const&) (qplatformintegrationfactory.cpp:71)
==14979==    by 0x50B9B00: init_platform(QString const&, QString const&, QString const&, int&, char**) (qguiapplication.cpp:1213)

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            avolkov Alexander Volkov
            avolkov Alexander Volkov
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews