Details
-
Bug
-
Resolution: Done
-
P2: Important
-
6.4.0 Beta1, 6.5
-
3d73aa660b (qt/qtbase/dev) 3d73aa660b (qt/tqtc-qtbase/dev) a3cdb8632f (qt/qtbase/6.4) a3cdb8632f (qt/tqtc-qtbase/6.4)
Description
tests/auto/corelib/global/qxp/function_ref/tst_qxp_function_ref voidReturning
********* Start testing of tst_qxp_function_ref ********* Config: Using QtTest library 6.5.0, Qt 6.5.0 (x86_64-little_endian-lp64 shared (dynamic) debug build; by GCC 9.3.1 20200406 [revision 6db837a5288ee3ca5ec504fbd5a765817e556ac2]), opensuse-leap 15.3 INFO : tst_qxp_function_ref::initTestCase() entering PASS : tst_qxp_function_ref::initTestCase() INFO : tst_qxp_function_ref::voidReturning() entering =================================================================
==22846==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7fff3067a5e0 at pc 0x000000403bfc bp 0x7fff3067a370 sp 0x7fff3067a368
READ of size 8 at 0x7fff3067a5e0 thread T0
#0 0x403bfb in operator() /home/qt/work/qt/qtbase/tests/auto/corelib/global/qxp/function_ref/tst_qxp_function_ref.cpp:224 #1 0x4066b2 in __invoke_impl<int, tst_qxp_function_ref::voidReturning()::<lambda(int)>&, int> /usr/include/c++/9/bits/invoke.h:60 #2 0x4063c3 in __invoke<tst_qxp_function_ref::voidReturning()::<lambda(int)>&, int> /usr/include/c++/9/bits/invoke.h:95 #3 0x40617a in invoke<tst_qxp_function_ref::voidReturning()::<lambda(int)>&, int> /usr/include/c++/9/functional:81 #4 0x405f03 in invoke_r<void, tst_qxp_function_ref::voidReturning()::<lambda(int)>&, int> /home/qt/work/install/include/QtCore/q23functional.h:40 #5 0x403d33 in operator() /home/qt/work/install/include/QtCore/qxpfunctional.h:119 #6 0x403d92 in _FUN /home/qt/work/install/include/QtCore/qxpfunctional.h:117 #7 0x40868d in qxp::detail::function_ref_base<false, void, void, int>::operator()(int) const /home/qt/work/install/include/QtCore/qxpfunctional.h:137 #8 0x404be2 in tst_qxp_function_ref::voidReturning() /home/qt/work/qt/qtbase/tests/auto/corelib/global/qxp/function_ref/tst_qxp_function_ref.cpp:225 #9 0x4053bd in tst_qxp_function_ref::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) tests/auto/corelib/global/qxp/function_ref/tst_qxp_function_ref_autogen/include/tst_qxp_function_ref.moc:86 #10 0x7f2000b817e8 in QMetaMethod::invoke(QObject*, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) const (/home/qt/work/install/lib/libQt6Core.so.6+0x3fa7e8) #11 0x7f2001d080be (/home/qt/work/install/lib/libQt6Test.so.6+0xaa0be) #12 0x7f2001cec7ba (/home/qt/work/install/lib/libQt6Test.so.6+0x8e7ba) #13 0x7f2001ceee29 (/home/qt/work/install/lib/libQt6Test.so.6+0x90e29) #14 0x7f2001cf2324 (/home/qt/work/install/lib/libQt6Test.so.6+0x94324) #15 0x7f2001cf52f3 in QTest::qRun() (/home/qt/work/install/lib/libQt6Test.so.6+0x972f3) #16 0x7f2001cf40bd in QTest::qExec(QObject*, int, char**) (/home/qt/work/install/lib/libQt6Test.so.6+0x960bd) #17 0x405294 in main /home/qt/work/qt/qtbase/tests/auto/corelib/global/qxp/function_ref/tst_qxp_function_ref.cpp:272 #18 0x7f1fff84a34c in __libc_start_main (/lib64/libc.so.6+0x2534c) #19 0x4015b9 in _start (/home/qt/work/qt/qtbase_standalone_tests/tests/auto/corelib/global/qxp/function_ref/tst_qxp_function_ref+0x4015b9)
Address 0x7fff3067a5e0 is located in stack of thread T0 at offset 64 in frame
#0 0x4048d7 in tst_qxp_function_ref::voidReturning() /home/qt/work/qt/qtbase/tests/auto/corelib/global/qxp/function_ref/tst_qxp_function_ref.cpp:200
This frame has 13 object(s): [48, 49) 'ok' (line 222) [64, 72) '<unknown>' <== Memory access at offset 64 is inside this variable [96, 104) '<unknown>' [128, 136) '<unknown>' [160, 168) '<unknown>' [192, 208) 'fi' (line 207) [224, 240) 'fv' (line 209) [256, 272) 'fi' (line 214) [288, 304) 'fv' (line 216) [320, 336) 'fi' (line 224) [352, 368) 'fv' (line 226) [384, 400) 'fi' (line 231) [416, 432) 'fv' (line 233)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions are supported)
SUMMARY: AddressSanitizer: stack-use-after-scope /home/qt/work/qt/qtbase/tests/auto/corelib/global/qxp/function_ref/tst_qxp_function_ref.cpp:224 in operator()
Shadow bytes around the buggy address:
0x1000660c7460: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000660c7470: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000660c7480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000660c7490: f1 f1 f1 f1 00 f3 f3 f3 00 00 00 00 00 00 00 00 0x1000660c74a0: 00 00 00 00 f1 f1 f1 f1 04 f3 f3 f3 00 00 00 00 =>0x1000660c74b0: 00 00 00 00 f1 f1 f1 f1 f1 f1 01 f2[f8]f2 f2 f2 0x1000660c74c0: 00 f2 f2 f2 00 f2 f2 f2 00 f2 f2 f2 f8 f8 f2 f2 0x1000660c74d0: f8 f8 f2 f2 f8 f8 f2 f2 f8 f8 f2 f2 00 00 f2 f2 0x1000660c74e0: 00 00 f2 f2 00 00 f2 f2 00 00 f3 f3 00 00 00 00 0x1000660c74f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000660c7500: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==22846==ABORTING