Details
-
Bug
-
Resolution: Done
-
P1: Critical
-
6.2.0
-
Ubuntu 20.04 LTS
clang 10.0.0
-
aa7a10ce8b062bad4df40afc63d2fea34744a2fb b42953cc207af942f3f2e9948fb83e605fdde000
Description
- Configure Qt with "-sanitize undefined".
- Build Qt.
- Build the attached project using this build of Qt:
#include <QCoreApplication> #include <QJSEngine> int main(int argc, char *argv[]) { QCoreApplication a(argc, argv); QJSEngine().evaluate("function a(){a(a&a+a)}a()"); return 0; }
- Run the resulting program.
You will see output like:qtbase/include/QtQml/../../../../../src/qt-dev-base_declarative_svg-05.20/qtdeclarative/src/qml/common/qjsnumbercoercion.h:52:34: runtime error: nan is outside the range of representable values of type 'int' SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior qtbase/include/QtQml/../../../../../src/qt-dev-base_declarative_svg-05.20/qtdeclarative/src/qml/common/qjsnumbercoercion.h:52:34 in /home/qtrob/dev/src/qt-dev-base_declarative_svg-05.20/qtdeclarative/src/qml/jit/qv4baselineassembler.cpp:310:13: runtime error: load of value 4294967295, which is not a valid value for type 'JSC::MacroAssembler<JSC::MacroAssemblerX86_64>::RegisterID' (aka 'JSC::X86Registers::RegisterID') SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/qtrob/dev/src/qt-dev-base_declarative_svg-05.20/qtdeclarative/src/qml/jit/qv4baselineassembler.cpp:310:13 in qtbase/include/QtQml/../../../../../src/qt-dev-base_declarative_svg-05.20/qtdeclarative/src/qml/common/qjsnumbercoercion.h:52:34: runtime error: nan is outside the range of representable values of type 'int' SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior qtbase/include/QtQml/../../../../../src/qt-dev-base_declarative_svg-05.20/qtdeclarative/src/qml/common/qjsnumbercoercion.h:52:34 in
Attachments
Issue Links
- relates to
-
QTBUG-74058 Invalid memory read in QJSEngine::evaluate
- Closed
For Gerrit Dashboard: QTBUG-94068 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
354487,5 | Avoid UB in qjsnumbercoercion.h | dev | qt/qtdeclarative | Status: MERGED | +2 | 0 |
354837,2 | Avoid UB in qjsnumbercoercion.h | 6.2 | qt/qtdeclarative | Status: MERGED | +2 | 0 |
354847,3 | Avoid undefined behavior in the JIT | dev | qt/qtdeclarative | Status: MERGED | +2 | 0 |
354964,2 | Avoid undefined behavior in the JIT | 6.2 | qt/qtdeclarative | Status: MERGED | +2 | 0 |