Details
-
Bug
-
Resolution: Done
-
P1: Critical
-
6.2
-
Ubuntu 20.04 64 bit
g++ 9.3.0, clang 10.0.0
-
2409e9b2c7ca433ac1183efb763fdb99edf59235 (qt/qtbase/dev)
Description
- Build qtbase and qtsvg configured with "-sanitize address".
- Use this to build the attached project.
- Run the resulting program passing the attached input file:
./report input.svg
You will see output like:
================================================================= ==62328==ERROR: LeakSanitizer: detected memory leaks Direct leak of 120 byte(s) in 1 object(s) allocated from: #0 0x7f99fb065947 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x10f947) #1 0x7f99f9c990a5 in QPainterPath::ensureData_helper() (/tmp/qt-bisect/build/qtbase/lib/libQt6Gui.so.6+0x8f50a5) #2 0x7f99f9c9a4f4 in QPainterPath::setFillRule(Qt::FillRule) (/tmp/qt-bisect/build/qtbase/lib/libQt6Gui.so.6+0x8f64f4) #3 0x7f99efcaa649 in createPathNode(QSvgNode*, QXmlStreamAttributes const&, QSvgHandler*) (/tmp/qt-bisect/build/qtbase/plugins/imageformats/../../lib/libQt6Svg.so.6+0x7f649) #4 0x7f99efcded5a in QSvgHandler::startElement(QString const&, QXmlStreamAttributes const&) (/tmp/qt-bisect/build/qtbase/plugins/imageformats/../../lib/libQt6Svg.so.6+0xb3d5a) #5 0x7f99efcef071 in QSvgHandler::parse() (/tmp/qt-bisect/build/qtbase/plugins/imageformats/../../lib/libQt6Svg.so.6+0xc4071) #6 0x7f99efcef74b in QSvgHandler::init() (/tmp/qt-bisect/build/qtbase/plugins/imageformats/../../lib/libQt6Svg.so.6+0xc474b) #7 0x7f99efcefb98 in QSvgHandler::QSvgHandler(QIODevice*) (/tmp/qt-bisect/build/qtbase/plugins/imageformats/../../lib/libQt6Svg.so.6+0xc4b98) #8 0x7f99efd3d1a2 in QSvgTinyDocument::load(QByteArray const&) (/tmp/qt-bisect/build/qtbase/plugins/imageformats/../../lib/libQt6Svg.so.6+0x1121a2) #9 0x7f99efd12e37 in QSvgRenderer::load(QByteArray const&) (/tmp/qt-bisect/build/qtbase/plugins/imageformats/../../lib/libQt6Svg.so.6+0xe7e37) #10 0x7f99f1d7fefc in QSvgIOHandlerPrivate::load(QIODevice*) [clone .part.0] (/tmp/qt-bisect/build/qtbase/plugins/imageformats/libqsvg.so+0x8efc) #11 0x7f99f1d807ff in QSvgIOHandler::read(QImage*) (/tmp/qt-bisect/build/qtbase/plugins/imageformats/libqsvg.so+0x97ff) #12 0x7f99f971f464 in QImageReader::read(QImage*) (/tmp/qt-bisect/build/qtbase/lib/libQt6Gui.so.6+0x37b464) #13 0x7f99f97228f8 in QImageReader::read() (/tmp/qt-bisect/build/qtbase/lib/libQt6Gui.so.6+0x37e8f8) #14 0x7f99f96e15a8 in QImage::fromData(unsigned char const*, int, char const*) (/tmp/qt-bisect/build/qtbase/lib/libQt6Gui.so.6+0x33d5a8) #15 0x7f99f96e1932 in QImage::loadFromData(unsigned char const*, int, char const*) (/tmp/qt-bisect/build/qtbase/lib/libQt6Gui.so.6+0x33d932) #16 0x56394fd4c758 in main (/tmp/qt-bisect/test/report+0x1758) #17 0x7f99f7eb30b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2) Indirect leak of 402 byte(s) in 1 object(s) allocated from: #0 0x7f99fb063bc8 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8) #1 0x7f99f8b232fd in QArrayData::allocate(QArrayData**, long long, long long, long long, QArrayData::AllocationOption) (/tmp/qt-bisect/build/qtbase/lib/libQt6Core.so.6+0x8a92fd) #2 0x7f99f9b452c0 in QList<QPainterPath::Element>::reserve(long long) (/tmp/qt-bisect/build/qtbase/lib/libQt6Gui.so.6+0x7a12c0) #3 0x7f99f9c99300 in QPainterPath::ensureData_helper() (/tmp/qt-bisect/build/qtbase/lib/libQt6Gui.so.6+0x8f5300) #4 0x7f99f9c9a4f4 in QPainterPath::setFillRule(Qt::FillRule) (/tmp/qt-bisect/build/qtbase/lib/libQt6Gui.so.6+0x8f64f4) #5 0x7f99efcaa649 in createPathNode(QSvgNode*, QXmlStreamAttributes const&, QSvgHandler*) (/tmp/qt-bisect/build/qtbase/plugins/imageformats/../../lib/libQt6Svg.so.6+0x7f649) #6 0x7f99efcded5a in QSvgHandler::startElement(QString const&, QXmlStreamAttributes const&) (/tmp/qt-bisect/build/qtbase/plugins/imageformats/../../lib/libQt6Svg.so.6+0xb3d5a) #7 0x7f99efcef071 in QSvgHandler::parse() (/tmp/qt-bisect/build/qtbase/plugins/imageformats/../../lib/libQt6Svg.so.6+0xc4071) #8 0x7f99efcef74b in QSvgHandler::init() (/tmp/qt-bisect/build/qtbase/plugins/imageformats/../../lib/libQt6Svg.so.6+0xc474b) #9 0x7f99efcefb98 in QSvgHandler::QSvgHandler(QIODevice*) (/tmp/qt-bisect/build/qtbase/plugins/imageformats/../../lib/libQt6Svg.so.6+0xc4b98) #10 0x7f99efd3d1a2 in QSvgTinyDocument::load(QByteArray const&) (/tmp/qt-bisect/build/qtbase/plugins/imageformats/../../lib/libQt6Svg.so.6+0x1121a2) #11 0x7f99efd12e37 in QSvgRenderer::load(QByteArray const&) (/tmp/qt-bisect/build/qtbase/plugins/imageformats/../../lib/libQt6Svg.so.6+0xe7e37) #12 0x7f99f1d7fefc in QSvgIOHandlerPrivate::load(QIODevice*) [clone .part.0] (/tmp/qt-bisect/build/qtbase/plugins/imageformats/libqsvg.so+0x8efc) #13 0x7f99f1d807ff in QSvgIOHandler::read(QImage*) (/tmp/qt-bisect/build/qtbase/plugins/imageformats/libqsvg.so+0x97ff) #14 0x7f99f971f464 in QImageReader::read(QImage*) (/tmp/qt-bisect/build/qtbase/lib/libQt6Gui.so.6+0x37b464) #15 0x7f99f97228f8 in QImageReader::read() (/tmp/qt-bisect/build/qtbase/lib/libQt6Gui.so.6+0x37e8f8) #16 0x7f99f96e15a8 in QImage::fromData(unsigned char const*, int, char const*) (/tmp/qt-bisect/build/qtbase/lib/libQt6Gui.so.6+0x33d5a8) #17 0x7f99f96e1932 in QImage::loadFromData(unsigned char const*, int, char const*) (/tmp/qt-bisect/build/qtbase/lib/libQt6Gui.so.6+0x33d932) #18 0x56394fd4c758 in main (/tmp/qt-bisect/test/report+0x1758) #19 0x7f99f7eb30b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2) SUMMARY: AddressSanitizer: 522 byte(s) leaked in 2 allocation(s).
Google tracks this as oss-fuzz issue 31735. They will publish the details on June 3rd.
Attachments
Issue Links
- mentioned in
-
Page Loading...
| For Gerrit Dashboard: QTBUG-91916 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 339432,2 | QPainterPath: plug memory leak | dev | qt/qtbase | Status: MERGED | +2 | 0 |
| 340101,2 | fuzzing: Add svg files which temporarily triggered a leak | dev | qt/qtqa | Status: MERGED | +2 | 0 |