Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-72535

Qt applications crash with SIGBUS if /var/tmp directory is too small or out of space

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • P2: Important
    • None
    • 5.11
    • QPA: X11/XCB
    • None
    • Linux amd64
    • Linux/X11

    Description

      Qt applications running on an X server crash with SIGBUS if /var/tmp is too small.
      We were able to track down the problem to:

      • Package: qtgui
      • File: src/plugins/platforms/xcb/qxcbbackingstore.cpp
      • Function: QXcbBackingStoreImage::createShmSegment(size_t segmentSize)
      • Lines: 337 ff.

      STEPS TO REPRODUCE:

      1) Start X server with fvwm or no window manager.

      2) Create a small test program (as suggested by user "mv")

      File a.cc:
         #include <QApplication>
         #include <qframe.h>

         int main(int argc, char ** argv)

      {    QApplication a(argc,argv);    QFrame *view = new QFrame();    view->show();    a.connect(&a,SIGNAL(lastWindowClosed()),&a,SLOT(quit()));    return a.exec();    }

      File: a.pro
         TARGET = a
         SOURCES = a.cc
         QT += widgets

      3) Compile the program and run it:

         qmake && make

      4) Create a small filesystem (as root): mount -t tmpfs -o size=1M tmpfs /var/tmp

      5) Run program a: ./a

      6) The program will crash with SIGBUS

      7) You can get more details using strace:

         strace -o /tmp/strace-log -f ./a

      8) strace-log will shows:

         24747 mmap(NULL, 1228800, PROT_READ|PROT_WRITE, MAP_SHARED, 9, 0) = 0x7fcfec534000
          24747 close(9) = 0
          24747 — SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x7fcfec62e000}

      EXPLANATION:

      Function QXcbBackingStoreImage::createShmSegment(size_t segmentSize) gets a file descriptor (9 in this case) from Xcb. The corresponding file is located in /var/tmp. Available space in /var/tmp is 1MB only. mmap() wants to map 1.2MB. Unfortunately, mmap() does NOT test space available and for that reason, it succeeds - although there is not enough space. As soon as the program accesses the mmaped memory region, the program crashes with a SIGBUS.

      PROPOSED SOLUTION:

      Please test that enough space is available before mmap(). KDE developers had the same bug (see below) and they do the test with an fallocate(). I don't know if fallocate() will work in your case, but you should find a way to test available space before calling mmap().

      OBSERVED RESULT: SIGBUS

      EXPECTED RESULT: Error message stating that /var/tmp is out of space, followed by a regular abort() or exit().

      SOFTWARE VERSIONS

      • OS: Gentoo Linux
      • Qt Version: 5.11.2

      ADDITIONAL INFORMATION

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-71440 Qt-5.11.1 gui performance regression with MIT-SHM enabled

          • P2: Important - Urgent, should be fixed, but will not stop the release.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              paeglis Gatis Paeglis
              mike155 Michael Hofmann
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes