Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: P1: Critical
Fix Version/s: 5.12.11, 5.15.9, 6.0.0 RC
Affects Version/s: 5.15.1, 6.0.0 Beta4
Component/s: QPA: X11/XCB
Labels:
None

Platform/s:

Linux/X11
Commits:
86b8c5c3f32c245795e9eab2a74e4b6982e5a496 (qt/qtbase/dev) a904254e0b710b05d099b273c5c723cf619d7471 (qt/qtbase/5.12) 9b6c9469add587e9ad50a85024eeb8287dad7af5 (qt/tqtc-qtbase/tqtc/lts-5.15)

Description

It can be reproduced by running Qt application in Xephyr.
Here is the valgrind output:

==14979== Invalid read of size 4
==14979==    at 0xDDE0F6D: QXcbConnection::initializeScreens() (qxcbconnection_screens.cpp:318)
==14979==    by 0xDDCD0ED: QXcbConnection::QXcbConnection(QXcbNativeInterface*, bool, unsigned int, char const*) (qxcbconnection.cpp:103)
==14979==    by 0xDE11D9F: QXcbIntegration::QXcbIntegration(QList<QString> const&, int&, char**) (qxcbintegration.cpp:199)
==14979==    by 0xDB757BF: QXcbIntegrationPlugin::create(QString const&, QList<QString> const&, int&, char**) (qxcbmain.cpp:56)
==14979==    by 0x5102704: QPlatformIntegration* qLoadPlugin<QPlatformIntegration, QPlatformIntegrationPlugin, QList<QString> const&, int&, char**&>(QFactoryLoader const*, QString const&, QList<QString> const&, int&, char**&) (qfactoryloader_p.h:108)
==14979==    by 0x5102331: QPlatformIntegrationFactory::create(QString const&, QList<QString> const&, int&, char**, QString const&) (qplatformintegrationfactory.cpp:71)
==14979==    by 0x50B9B00: init_platform(QString const&, QString const&, QString const&, int&, char**) (qguiapplication.cpp:1213)
==14979==    by 0x50BCB10: QGuiApplicationPrivate::createPlatformIntegration() (qguiapplication.cpp:1488)
==14979==    by 0x50BCC8D: QGuiApplicationPrivate::createEventDispatcher() (qguiapplication.cpp:1505)
==14979==    by 0x6078D2C: QCoreApplicationPrivate::init() (qcoreapplication.cpp:827)
==14979==    by 0x50BCD75: QGuiApplicationPrivate::init() (qguiapplication.cpp:1534)
==14979==    by 0x50B82F2: QGuiApplication::QGuiApplication(int&, char**, int) (qguiapplication.cpp:656)
==14979==  Address 0xd528524 is 36 bytes inside a block of size 636 free'd
==14979==    at 0x4C2CE1B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==14979==    by 0xDDBC03F: QStdFreeDeleter::operator()(void*) const (qxcbconnection_basic.h:157)
==14979==    by 0xDDE2512: std::unique_ptr<xcb_randr_get_screen_resources_reply_t, QStdFreeDeleter>::~unique_ptr() (unique_ptr.h:263)
==14979==    by 0xDDE0E8F: QXcbConnection::initializeScreens() (qxcbconnection_screens.cpp:301)
==14979==    by 0xDDCD0ED: QXcbConnection::QXcbConnection(QXcbNativeInterface*, bool, unsigned int, char const*) (qxcbconnection.cpp:103)
==14979==    by 0xDE11D9F: QXcbIntegration::QXcbIntegration(QList<QString> const&, int&, char**) (qxcbintegration.cpp:199)
==14979==    by 0xDB757BF: QXcbIntegrationPlugin::create(QString const&, QList<QString> const&, int&, char**) (qxcbmain.cpp:56)
==14979==    by 0x5102704: QPlatformIntegration* qLoadPlugin<QPlatformIntegration, QPlatformIntegrationPlugin, QList<QString> const&, int&, char**&>(QFactoryLoader const*, QString const&, QList<QString> const&, int&, char**&) (qfactoryloader_p.h:108)
==14979==    by 0x5102331: QPlatformIntegrationFactory::create(QString const&, QList<QString> const&, int&, char**, QString const&) (qplatformintegrationfactory.cpp:71)
==14979==    by 0x50B9B00: init_platform(QString const&, QString const&, QString const&, int&, char**) (qguiapplication.cpp:1213)
==14979==    by 0x50BCB10: QGuiApplicationPrivate::createPlatformIntegration() (qguiapplication.cpp:1488)
==14979==    by 0x50BCC8D: QGuiApplicationPrivate::createEventDispatcher() (qguiapplication.cpp:1505)
==14979==  Block was alloc'd at
==14979==    at 0x4C2BBEF: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==14979==    by 0xC9B0AD2: ??? (in /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0)
==14979==    by 0xC9AEA3B: ??? (in /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0)
==14979==    by 0xC9B001E: ??? (in /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0)
==14979==    by 0xC9B0131: xcb_wait_for_reply (in /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0)
==14979==    by 0xDDE0DCC: QXcbConnection::initializeScreens() (qxcbconnection_screens.cpp:301)
==14979==    by 0xDDCD0ED: QXcbConnection::QXcbConnection(QXcbNativeInterface*, bool, unsigned int, char const*) (qxcbconnection.cpp:103)
==14979==    by 0xDE11D9F: QXcbIntegration::QXcbIntegration(QList<QString> const&, int&, char**) (qxcbintegration.cpp:199)
==14979==    by 0xDB757BF: QXcbIntegrationPlugin::create(QString const&, QList<QString> const&, int&, char**) (qxcbmain.cpp:56)
==14979==    by 0x5102704: QPlatformIntegration* qLoadPlugin<QPlatformIntegration, QPlatformIntegrationPlugin, QList<QString> const&, int&, char**&>(QFactoryLoader const*, QString const&, QList<QString> const&, int&, char**&) (qfactoryloader_p.h:108)
==14979==    by 0x5102331: QPlatformIntegrationFactory::create(QString const&, QList<QString> const&, int&, char**, QString const&) (qplatformintegrationfactory.cpp:71)
==14979==    by 0x50B9B00: init_platform(QString const&, QString const&, QString const&, int&, char**) (qguiapplication.cpp:1213)

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

For Gerrit Dashboard: QTBUG-88512
#	Subject	Branch	Project	Status	CR	V
321868,4	xcb: Avoid use-after-free in QXcbConnection::initializeScreens()	dev	qt/qtbase	Status: MERGED	+2	0
322156,2	xcb: Avoid use-after-free in QXcbConnection::initializeScreens()	5.15	qt/qtbase	Status: MERGED	+2	0
322157,2	xcb: Avoid use-after-free in QXcbConnection::initializeScreens()	5.12	qt/qtbase	Status: MERGED	+2	0
333837,2	xcb: Avoid use-after-free in QXcbConnection::initializeScreens()	tqtc/lts-5.15	qt/tqtc-qtbase	Status: MERGED	+2	0