Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-94554

[ASAN] Heap-use-after-free

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P2: Important
    • Resolution: Incomplete
    • Affects Version/s: 5.12.9
    • Fix Version/s: 6.x
    • Environment:
      Linux Z390-UD 4.15.0-142-generic #146~16.04.1-Ubuntu SMP Tue Apr 13 09:27:15 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
    • Platform/s:
      Linux/Wayland

      Description

      ==51==ERROR: AddressSanitizer: heap-use-after-free on address 0x610000c524f0 at pc 0x7ffa13259832 bp 0x7fff3816e7a0 sp 0x7fff3816e798                                                                          
      WRITE of size 8 at 0x610000c524f0 thread T0                                                                                                                                                                        
          #0 0x7ffa13259831 in QQmlComponentAttached::~QQmlComponentAttached() /qt/qtdeclarative/src/qml/qml/qqmlcomponent.cpp:98
      3:21                                                                                                                                                                                                               
          #1 0x7ffa132599bb in QQmlComponentAttached::~QQmlComponentAttached() /qt/qtdeclarative/src/qml/qml/qqmlcomponent.cpp:98
      2:1                                                                                                                                                                                                                
          #2 0x7ffa0df760b4 in QObjectPrivate::deleteChildren() /qt/qtbase/src/corelib/kernel/qobject.cpp:2017:9                 
          #3 0x7ffa0df75a3c in QObject::~QObject() /qt/qtbase/src/corelib/kernel/qobject.cpp:1033:12             
          #4 0x7ffa1425fe6a in QQuickItem::~QQuickItem() /qt/qtdeclarative/src/quick/items/qquickitem.cpp:2444:1                 
          #5 0x7ff97061e2d9 in QQuickControl::~QQuickControl() /qt/qtquickcontrols2/src/quicktemplates2/qquickcontrol.cpp:937:1  
          #6 0x7ff970733711 in QQuickStackView::~QQuickStackView() /qt/qtquickcontrols2/src/quicktemplates2/qquickstackview.cpp:3
      95:1                                                                                                                                                                                                               
          #7 0x7ff9703d5a22 in QQmlPrivate::QQmlElement<QQuickStackView>::~QQmlElement() /qt/build/qtdeclarative/include/QtQml/../../../../
      ../Downloads/qt/qtdeclarative/src/qml/qml/qqmlprivate.h:108:9                                                                                                                                                      
          #8 0x7ff9703d5a4b in QQmlPrivate::QQmlElement<QQuickStackView>::~QQmlElement() /qt/build/qtdeclarative/include/QtQml/../../../../
      ../Downloads/qt/qtdeclarative/src/qml/qml/qqmlprivate.h:106:33                                                                                                                                                     
          #9 0x7ffa0df760b4 in QObjectPrivate::deleteChildren() /qt/qtbase/src/corelib/kernel/qobject.cpp:2017:9                 
          #10 0x7ffa0df75a3c in QObject::~QObject() /qt/qtbase/src/corelib/kernel/qobject.cpp:1033:12                            
          #11 0x7ffa1425fe6a in QQuickItem::~QQuickItem() /qt/qtdeclarative/src/quick/items/qquickitem.cpp:2444:1                
          #12 0x7ff9e821f17e in QmlUiElement::~QmlUiElement() /work/uielement.cpp.cpp:67:1                                                          
          #13 0x7ff9e9cea398 in InputHandler::~InputHandler() /work/inputhandler.cpp.cpp:142:1                                                  
          #14 0x7ff9e9cfb738 in InputScope::~InputScope() /work/inputscope.cpp:66:1                                                         
          #15 0x7ff9a508b954 in QQmlPrivate::QQmlElement<InputScope>::~QQmlElement() /asan-qt/include/QtQml/qqmlprivate.h:108:
      9
          #16 0x7ff9a508b9ab in QQmlPrivate::QQmlElement<InputScope>::~QQmlElement() /asan-qt/include/QtQml/qqmlprivate.h:106:
      33                                                                                                                                                                                                                 
          #17 0x7ffa0df760b4 in QObjectPrivate::deleteChildren() /qt/qtbase/src/corelib/kernel/qobject.cpp:2017:9                
          #18 0x7ffa0df75a3c in QObject::~QObject() /qt/qtbase/src/corelib/kernel/qobject.cpp:1033:12                            
          #19 0x7ffa1425fe6a in QQuickItem::~QQuickItem() /qt/qtdeclarative/src/quick/items/qquickitem.cpp:2444:1                
          #20 0x7ff9e821f17e in QmlUiElement::~QmlUiElement() /work/uielement.cpp.cpp:67:1  
                                                                         
          ...
                                                                                                                                                                         
          #80 0x7ffa0de9b0fa in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) /qt/qtbase/src/corelib/kernel/qe
      ventloop.cpp:138:51                                                                                                                                                                                                
          #81 0x7ffa0de9b7a6 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) /qt/qtbase/src/corelib/kernel/qeventloop.
      cpp:225:9                                                                                                                                                                                                          
          #82 0x7ffa0dea9e8f in QCoreApplication::exec() /qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1389:32              
          #83 0x7ffa10d2fbd5 in QGuiApplication::exec() /qt/qtbase/src/gui/kernel/qguiapplication.cpp:1784:12                    
          #84 0x42ac1c in main /qt/qtapplicationmanager/src/tools/appman/appman.cpp:120:16                                                             
          #85 0x7ffa0ba96bf6 in __libc_start_main /build/glibc-S9d2JN/glibc-2.27/csu/../csu/libc-start.c:310                                                                                                             
          #86 0x42a488 in _start (/asan-qt/bin/appman+0x42a488)                                                                 
                                                                                                                                                                                                                         
      0x610000c524f0 is located 176 bytes inside of 184-byte region [0x610000c52440,0x610000c524f8)                                                                                                                      
      freed by thread T0 here:                                                                                                                                                                                           
          #0 0x7ffa15b7390d in operator delete(void*) (/usr/lib/llvm-10/lib/clang/10.0.1/lib/linux/libclang_rt.asan-x86_64.so+0xcb90d)                                                                                   
          #1 0x7ffa1326dbea in QQmlContextData::destroy() /qt/qtdeclarative/src/qml/qml/qqmlcontext.cpp:677:5                    
          #2 0x7ffa12d7810c in QQmlContextDataRef::clear() /qt/build/qtdeclarative/src/qml/../../include/QtQml/5.12.9/QtQml/private/../../.
      ./../../../../../Downloads/qt/qtdeclarative/src/qml/qml/qqmlcontext_p.h:342:24                                                                                                                                     
          #3 0x7ffa12e184c3 in QQmlContextDataRef::setContextData(QQmlContextData*) /qt/build/qtdeclarative/src/qml/../../include/QtQml/5.1
      2.9/QtQml/private/../../../../../../../../Downloads/qt/qtdeclarative/src/qml/qml/qqmlcontext_p.h:326:5                                                                                                             
          #4 0x7ffa12e10ef3 in QQmlContextDataRef::operator=(QQmlContextData*) /qt/build/qtdeclarative/src/qml/../../include/QtQml/5.12.9/Q
      tQml/private/../../../../../../../../Downloads/qt/qtdeclarative/src/qml/qml/qqmlcontext_p.h:349:5                                                                                                                  
          #5 0x7ffa131f1bdd in QQmlData::setQueuedForDeletion(QObject*) /qt/qtdeclarative/src/qml/qml/qqmlengine.cpp:936:35      
          #6 0x7ffa131ee24a in QQmlData::markAsDeleted(QObject*) /qt/qtdeclarative/src/qml/qml/qqmlengine.cpp:919:5              
          #7 0x7ffa131ee2fa in QQmlData::markAsDeleted(QObject*) /qt/qtdeclarative/src/qml/qml/qqmlengine.cpp:923:9              
          #8 0x7ffa131ee2fa in QQmlData::markAsDeleted(QObject*) /qt/qtdeclarative/src/qml/qml/qqmlengine.cpp:923:9              
          #9 0x7ffa131ee138 in QQmlPrivate::qdeclarativeelement_destructor(QObject*) /qt/qtdeclarative/src/qml/qml/qqmlengine.cpp
      :763:9                                                                                                                                                                                                             
          #10 0x7ff9a508b943 in QQmlPrivate::QQmlElement<InputScope>::~QQmlElement() /asan-qt/include/QtQml/qqmlprivate.h:107:
      13                                                                                                                                                                                                                 
          #11 0x7ff9a508b9ab in QQmlPrivate::QQmlElement<InputScope>::~QQmlElement() /asan-qt/include/QtQml/qqmlprivate.h:106:
      33                                                                                                                                                                                                                 
          #12 0x7ffa135e1ef5 in QQmlDelegateModel::~QQmlDelegateModel() /qt/qtdeclarative/src/qml/types/qqmldelegatemodel.cpp:261
      :13                                                                                                                                                                                                                
          #13 0x7ffa135e259b in QQmlDelegateModel::~QQmlDelegateModel() /qt/qtdeclarative/src/qml/types/qqmldelegatemodel.cpp:254
      :1                                                                                                                                                                                                                 
          #14 0x7ffa1469d90e in QQuickItemView::~QQuickItemView() /qt/qtdeclarative/src/quick/items/qquickitemview.cpp:167:9     
          #15 0x7ffa14703de7 in QQuickListView::~QQuickListView() /qt/qtdeclarative/src/quick/items/qquicklistview.cpp:2049:1    
          #16 0x7ffa143d9cf2 in QQmlPrivate::QQmlElement<QQuickListView>::~QQmlElement() /qt/build/qtdeclarative/src/quick/../../include/Qt
      Qml/../../../../../Downloads/qt/qtdeclarative/src/qml/qml/qqmlprivate.h:108:9                                                                                                                                      
          #17 0x7ffa143d9d1b in QQmlPrivate::QQmlElement<QQuickListView>::~QQmlElement() /qt/build/qtdeclarative/src/quick/../../include/Qt
      Qml/../../../../../Downloads/qt/qtdeclarative/src/qml/qml/qqmlprivate.h:106:33                                                                                                                                     
          #18 0x7ffa0df760b4 in QObjectPrivate::deleteChildren() /qt/qtbase/src/corelib/kernel/qobject.cpp:2017:9                
          #19 0x7ffa0df75a3c in QObject::~QObject() /qt/qtbase/src/corelib/kernel/qobject.cpp:1033:12                            
          #20 0x7ffa1425fe6a in QQuickItem::~QQuickItem() /qt/qtdeclarative/src/quick/items/qquickitem.cpp:2444:1
              #21 0x7ff9e821f17e in QmlUiElement::~QmlUiElement() /work/uielement.cpp.cpp:67:1                                                                     
          #22 0x7ff9e9cea398 in InputHandler::~InputHandler() /work/inputhandler.cpp.cpp:142:1                                                  
          #23 0x7ff9e9cfb738 in InputScope::~InputScope() /work/inputscope.cpp:66:1                                                         
          #24 0x7ff9a508b954 in QQmlPrivate::QQmlElement<InputScope>::~QQmlElement() /asan-qt/include/QtQml/qqmlprivate.h:108:
      9                                                                                                                                                                                                                  
          #25 0x7ff9a508b9ab in QQmlPrivate::QQmlElement<InputScope>::~QQmlElement() /asan-qt/include/QtQml/qqmlprivate.h:106:
      33                                                                                                                                                                                                                 
          #26 0x7ffa0df760b4 in QObjectPrivate::deleteChildren() /qt/qtbase/src/corelib/kernel/qobject.cpp:2017:9                
          #27 0x7ffa0df75a3c in QObject::~QObject() /qt/qtbase/src/corelib/kernel/qobject.cpp:1033:12                            
          #28 0x7ffa1425fe6a in QQuickItem::~QQuickItem() /qt/qtdeclarative/src/quick/items/qquickitem.cpp:2444:1                
          #29 0x7ffa143d89c2 in QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() /qt/build/qtdeclarative/src/quick/../../include/QtQml/
      ../../../../../Downloads/qt/qtdeclarative/src/qml/qml/qqmlprivate.h:108:9                                                                                                                                          
                                                                                                                                                                                                                         
      previously allocated by thread T0 here:                                                                                                                                                                            
          #0 0x7ffa15b730ad in operator new(unsigned long) (/usr/lib/llvm-10/lib/clang/10.0.1/lib/linux/libclang_rt.asan-x86_64.so+0xcb0ad)                                                                              
          #1 0x7ffa1344cb00 in QQmlObjectCreator::create(int, QObject*, QQmlInstantiationInterrupt*) /qt/qtdeclarative/src/qml/qm
      l/qqmlobjectcreator.cpp:173:15                                                                                                                                                                                     
          #2 0x7ffa1344f236 in QQmlObjectCreator::createInstance(int, QObject*, bool) /qt/qtdeclarative/src/qml/qml/qqmlobjectcre
      ator.cpp:1202:35                                                                                                                                                                                                   
          #3 0x7ffa1344d6c7 in QQmlObjectCreator::create(int, QObject*, QQmlInstantiationInterrupt*) /qt/qtdeclarative/src/qml/qm
      l/qqmlobjectcreator.cpp:203:25                                                                                                                                                                                     
          #4 0x7ffa1344f236 in QQmlObjectCreator::createInstance(int, QObject*, bool) /qt/qtdeclarative/src/qml/qml/qqmlobjectcre
      ator.cpp:1202:35                                                                                                                                                                                                   
          #5 0x7ffa1345568e in QQmlObjectCreator::setPropertyBinding(QQmlPropertyData const*, QV4::CompiledData::Binding const*) /qt/qtdeclarative/src/qml/qml/qqmlobjectcreator.cpp:825:28                                                                                                                                                         
          #6 0x7ffa13452d89 in QQmlObjectCreator::setupBindings(bool) /qt/qtdeclarative/src/qml/qml/qqmlobjectcreator.cpp:777:14 
          #7 0x7ffa1346229f in QQmlObjectCreator::populateInstance(int, QObject*, QObject*, QQmlPropertyData const*) /qt/qtdeclar
      ative/src/qml/qml/qqmlobjectcreator.cpp:1473:5                                                                                                                                                                     
          #8 0x7ffa13450a6a in QQmlObjectCreator::createInstance(int, QObject*, bool) /qt/qtdeclarative/src/qml/qml/qqmlobjectcre
      ator.cpp:1306:15                                                                                                                                                                                                   
          #9 0x7ffa1344d6c7 in QQmlObjectCreator::create(int, QObject*, QQmlInstantiationInterrupt*) /qt/qtdeclarative/src/qml/qm
      l/qqmlobjectcreator.cpp:203:25                                                                                                                                                                                     
          #10 0x7ffa1344f236 in QQmlObjectCreator::createInstance(int, QObject*, bool) /qt/qtdeclarative/src/qml/qml/qqmlobjectcr
      eator.cpp:1202:35                                                                                                                                                                                                  
          #11 0x7ffa1345568e in QQmlObjectCreator::setPropertyBinding(QQmlPropertyData const*, QV4::CompiledData::Binding const*) /qt/qtdeclarative/src/qml/qml/qqmlobjectcreator.cpp:825:28                                                                                                                                                        
          #12 0x7ffa13452d89 in QQmlObjectCreator::setupBindings(bool) /qt/qtdeclarative/src/qml/qml/qqmlobjectcreator.cpp:777:14
          #13 0x7ffa1346229f in QQmlObjectCreator::populateInstance(int, QObject*, QObject*, QQmlPropertyData const*) /qt/qtdecla
      rative/src/qml/qml/qqmlobjectcreator.cpp:1473:5                                                                                                                                                                    
          #14 0x7ffa13450a6a in QQmlObjectCreator::createInstance(int, QObject*, bool) /qt/qtdeclarative/src/qml/qml/qqmlobjectcr
      eator.cpp:1306:15                                                                                                                                                                                                  
          #15 0x7ffa1344d6c7 in QQmlObjectCreator::create(int, QObject*, QQmlInstantiationInterrupt*) /qt/qtdeclarative/src/qml/q
      ml/qqmlobjectcreator.cpp:203:25                                                                                                                                                                                    
          #16 0x7ffa132674be in QQmlIncubatorPrivate::incubate(QQmlInstantiationInterrupt&) /qt/qtdeclarative/src/qml/qml/qqmlinc
      ubator.cpp:299:28                                                                                                                                                                                                  
          #17 0x7ffa13269cd5 in QQmlIncubationController::incubateFor(int) /qt/qtdeclarative/src/qml/qml/qqmlincubator.cpp:390:71
          #18 0x7ffa1432750a in QQuickWindowIncubationController::incubate() /qt/qtdeclarative/src/quick/items/qquickwindow.cpp:1
      64:17
          #19 0x7ffa142ec5e4 in QQuickWindowIncubationController::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /qt/build/qt
      declarative/src/quick/.moc/qquickwindow.moc:74:21                                                                                                                                                                  
          #20 0x7ffa0df8cbe9 in QMetaObject::activate(QObject*, int, int, void**) /qt/qtbase/src/corelib/kernel/qobject.cpp:3804:
      21                                                                                                                                                                                                                 
          #21 0x7ffa0df8b31c in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) /qt/qtbase/src/corelib/kernel/qo
      bject.cpp:3657:5                                                                                                                                                                                                   
          #22 0x7ffa140ff121 in QSGRenderLoop::timeToIncubate() /qt/build/qtdeclarative/src/quick/.moc/moc_qsgrenderloop_p.cpp:130:5       
          #23 0x7ffa1418a436 in QSGThreadedRenderLoop::event(QEvent*) /qt/qtdeclarative/src/quick/scenegraph/qsgthreadedrenderloo
      p.cpp:1259:18                                                                                                                                                                                                      
          #24 0x7ffa0dea936b in QCoreApplicationPrivate::notify_helper(QObject*, QEvent*) /qt/qtbase/src/corelib/kernel/qcoreappl
      ication.cpp:1249:26                                                                                                                                                                                                
          #25 0x7ffa0dea85f3 in doNotify(QObject*, QEvent*) /qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1178:47           
          #26 0x7ffa0dea87b9 in QCoreApplication::notify(QObject*, QEvent*) /qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:11
      64:12                                                                                                                                                                                                              
          #27 0x7ffa10d2fc50 in QGuiApplication::notify(QObject*, QEvent*) /qt/qtbase/src/gui/kernel/qguiapplication.cpp:1796:30 
          #28 0x7ffa0dea831c in QCoreApplication::notifyInternal2(QObject*, QEvent*) /qt/qtbase/src/corelib/kernel/qcoreapplicati
      on.cpp:1088:18                                                                                                                                                                                                     
          #29 0x7ffa0deaa670 in QCoreApplication::sendEvent(QObject*, QEvent*) /qt/qtbase/src/corelib/kernel/qcoreapplication.cpp
      :1476:12                                                                                                                                                                                                           
                                                                                                                                                                                                                         
      SUMMARY: AddressSanitizer: heap-use-after-free /qt/qtdeclarative/src/qml/qml/qqmlcomponent.cpp:983:21 in QQmlComponentAttac
      hed::~QQmlComponentAttached()                                                                                                                  
      

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            Assignee:
            qt.team.quick.subscriptions Qt Quick and Widgets Team
            Reporter:
            diredko diredko
            Votes:
            5 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Gerrit Reviews

                There are no open Gerrit changes