Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-92188

Stack smashing detected using QImage::scaled

    XMLWordPrintable

Details

    • Linux/X11
    • 2d9cc639a4a7a5e97979a6034364bd67dfa10c23 (qt/qtbase/dev) 7b3635e013e94880decb58d49bed2caec8ad5f38 (qt/qtbase/6.1) 1d1e994df5f2bedd549227d42d21a0958a5e8d7a (qt/tqtc-qtbase/5.15)

    Description

      A while ago I experienced crashes using QImage::scaled when compiling with -fsanitize=address
      I could only reproduce the crash with Qt 6, not with Qt 5.15.2. I no longer can reproduce the crash, but now a user is experiencing the same crash frequently with Qt 6.0.2 on Arch Linux.

      Core was generated by `/usr/bin/strawberry'.
Program terminated with signal SIGABRT, Aborted.
#0  0x00007f9843bdcef5 in raise () from /usr/lib/libc.so.6
[Current thread is 1 (Thread 0x7f983bf9dcc0 (LWP 7407))]
(gdb) bt
#0  0x00007f9843bdcef5 in raise () at /usr/lib/libc.so.6
#1  0x00007f9843bc6862 in abort () at /usr/lib/libc.so.6
#2  0x00007f9843c1ef38 in __libc_message () at /usr/lib/libc.so.6
#3  0x00007f9843cae8ba in __fortify_fail () at /usr/lib/libc.so.6
#4  0x00007f9843cae884 in  () at /usr/lib/libc.so.6
#5  0x00007f9843c28638 in _int_free () at /usr/lib/libc.so.6
#6  0x00007f9843c2bca8 in free () at /usr/lib/libc.so.6
#7  0x00007f98459aac62 in  () at /usr/lib/libQt6Gui.so.6
#8  0x00007f9845872cd8 in QImage::smoothScaled(int, int) const () at /usr/lib/libQt6Gui.so.6
#9  0x00007f9845878023 in QImage::transformed(QTransform const&, Qt::TransformationMode) const () at /usr/lib/libQt6Gui.so.6
#10 0x00007f9845878697 in QImage::scaled(QSize const&, Qt::AspectRatioMode, Qt::TransformationMode) const () at /usr/lib/libQt6Gui.so.6
#11 0x00005634b04000ad in ImageUtils::ScaleAndPad(QImage const&, bool, bool, int) ()
#12 0x00005634b025e5c2 in PlayingWidget::ScaleCover() ()
#13 0x00005634b025f533 in PlayingWidget::SetImage(QImage const&) ()
#14 0x00007f9844ded711 in  () at /usr/lib/libQt6Core.so.6
#15 0x00005634b03ad4b8 in MainWindow::AlbumCoverReady(Song, QImage) ()
#16 0x00005634affbda2b in MainWindow::AlbumCoverLoaded(Song const&, AlbumCoverLoaderResult const&) ()
#17 0x00007f9844ded711 in  () at /usr/lib/libQt6Core.so.6
#18 0x00005634b03c7d28 in CurrentAlbumCoverLoader::AlbumCoverLoaded(Song, AlbumCoverLoaderResult) ()
#19 0x00005634b018f55e in CurrentAlbumCoverLoader::TempAlbumCoverLoaded(unsigned long long, AlbumCoverLoaderResult) ()
#20 0x00005634b01901df in QtPrivate::QSlotObject<void (CurrentAlbumCoverLoader::*)(unsigned long long, AlbumCoverLoaderResult), QtPrivate::List<unsigned long long, AlbumCoverLoaderResult>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) ()
#21 0x00007f9844dddb10 in QObject::event(QEvent*) () at /usr/lib/libQt6Core.so.6
#22 0x00007f984609e6a5 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () at /usr/lib/libQt6Widgets.so.6
#23 0x00007f9844b6aaca in QCoreApplication::notifyInternal2(QObject*, QEvent*) () at /usr/lib/libQt6Core.so.6
#24 0x00007f9844b6dafd in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () at /usr/lib/libQt6Core.so.6
#25 0x00007f9844db02f4 in  () at /usr/lib/libQt6Core.so.6
#26 0x00007f9843fa0044 in g_main_context_dispatch () at /usr/lib/libglib-2.0.so.0
#27 0x00007f9843ff5e61 in  () at /usr/lib/libglib-2.0.so.0
#28 0x00007f9843f9d6d1 in g_main_context_iteration () at /usr/lib/libglib-2.0.so.0
#29 0x00007f9844dafbfb in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/libQt6Core.so.6
#30 0x00007f9844b7702c in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/libQt6Core.so.6
#31 0x00007f9844b72f73 in QCoreApplication::exec() () at /usr/lib/libQt6Core.so.6
#32 0x00005634affb0df2 in main ()

       

      Code:

      QImage ImageUtils::ScaleAndPad(const QImage &image, const bool scale, const bool pad, const int desired_height) {

  if (image.isNull()) return image;

  // Scale the image down
  QImage image_scaled;
  if (scale) {
    image_scaled = image.scaled(QSize(desired_height, desired_height), Qt::KeepAspectRatio, Qt::SmoothTransformation);
  }
  else {
    image_scaled = image;
  }

  // Pad the image to height x height
  if (pad) {
    QImage image_padded(desired_height, desired_height, QImage::Format_ARGB32);
    image_padded.fill(0);

    QPainter p(&image_padded);
    p.drawImage((desired_height - image_scaled.width()) / 2, (desired_height - image_scaled.height()) / 2, image_scaled);
    p.end();

    image_scaled = image_padded;
  }

  return image_scaled;

}

       

       

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-90629 Deadlock in QImage conversion, convert_generic_inplace hangs on futex

          • P1: Critical - Urgent and Important, will STOP the release if matched with set FixVersion field. This includes regressions from the last version that are not edge cases; Data loss; Build issues; All but the most unlikely crashes/lockups/hanging; Serious usability issues and embarrassing bugs & Bugs critical to a deliverable. This is the highest possible priority for requirements.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-88199 Regression: Using QQuickWindow::createTextureFromImage on a QImage with RGBA8888 can cause the application to crash on certain Android devices.

          • P2: Important - Urgent, should be fixed, but will not stop the release.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              allan.jensen Allan Sandfeld Jensen
              jonaski Jonas Kvinge
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes