-
Bug
-
Resolution: Done
-
Not Evaluated
-
5.4.0
-
None
-
OSX Clang Address Sanitizer 3.6
-
247607a1af0253576b3330075fdcbb3d5c4cca00
When running the qtquickcontrols controls auto tests in 5.4.0 compiled with clang address sanitizer on OSX, I get the following crash:
=================================================================
==4137==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00010a3a4eae at pc 0x00010396713d bp 0x00011f57dfb0 sp 0x00011f57d768
READ of size 17 at 0x00010a3a4eae thread T7
#0 0x10396713c in 0x0002513c (in libclang_rt.asan_osx_dynamic.dylib) + 412
#1 0x10c80402f in match qtranslator.cpp:95
#2 0x10c8080fb in getMessage qtranslator.cpp:914
#3 0x10c8026ca in QTranslatorPrivate::do_translate const qtranslator.cpp:1022
#4 0x10c8093ee in QTranslator::translate const qtranslator.cpp:1105
#5 0x10c482706 in QCoreApplication::translate qcoreapplication.cpp:1896
#6 0x108420b98 in QtFontStyle::Key::Key qfontdatabase.cpp:225
#7 0x108424de9 in QtFontStyle::Key::Key qfontdatabase.cpp:230
#8 0x108435b9f in QFontDatabase::isSmoothlyScalable const qfontdatabase.cpp:1562
#9 0x111f6447e in QQuickTextNode::addGlyphs qquicktextnode.cpp:144
#10 0x111f94428 in QQuickTextNodeEngine::addToSceneGraph qquicktextnodeengine.cpp:737
#11 0x111f6adb1 in QQuickTextNode::addTextLayout qquicktextnode.cpp:305
#12 0x111f380e2 in QQuickText::updatePaintNode qquicktext.cpp:2253
#13 0x111c11b69 in QQuickWindowPrivate::updateDirtyNode qquickwindow.cpp:2822
#14 0x111bc9961 in QQuickWindowPrivate::updateDirtyNodes qquickwindow.cpp:2647
#15 0x111bc7ffd in QQuickWindowPrivate::syncSceneGraph qquickwindow.cpp:338
#16 0x111a099de in QSGRenderThread::sync qsgthreadedrenderloop.cpp:510
#17 0x111a0ae4c in QSGRenderThread::syncAndRender qsgthreadedrenderloop.cpp:553
#18 0x111a0e2d4 in QSGRenderThread::run qsgthreadedrenderloop.cpp:663
#19 0x10af0f513 in QThreadPrivate::start qthread_unix.cpp:337
#20 0x7fff8ca58898 in _pthread_body (in libsystem_pthread.dylib) + 137
#21 0x7fff8ca58729 in _pthread_start (in libsystem_pthread.dylib) + 136
#22 0x7fff8ca5cfc8 in thread_start (in libsystem_pthread.dylib) + 12
0x00010a3a4eae is located 50 bytes to the left of global variable '<string literal>' defined in 'text/qfontdatabase.cpp:227:49' (0x10a3a4ee0) of size 8
'<string literal>' is ascii string 'Oblique'
0x00010a3a4eae is located 0 bytes to the right of global variable '<string literal>' defined in 'text/qfontdatabase.cpp:225:61' (0x10a3a4ea0) of size 14
'<string literal>' is ascii string 'QFontDatabase'
SUMMARY: AddressSanitizer: global-buffer-overflow ??:0 ??
Shadow bytes around the buggy address:
0x100021474980: f9 f9 f9 f9 00 00 00 00 00 00 00 00 f9 f9 f9 f9
0x100021474990: 00 00 00 00 00 00 00 02 f9 f9 f9 f9 00 00 07 f9
0x1000214749a0: f9 f9 f9 f9 00 00 00 00 03 f9 f9 f9 f9 f9 f9 f9
0x1000214749b0: 00 00 00 00 00 01 f9 f9 f9 f9 f9 f9 00 00 00 00
0x1000214749c0: 00 00 00 07 f9 f9 f9 f9 00 00 00 00 07 f9 f9 f9
=>0x1000214749d0: f9 f9 f9 f9 00[06]f9 f9 f9 f9 f9 f9 00 f9 f9 f9
0x1000214749e0: f9 f9 f9 f9 00 00 07 f9 f9 f9 f9 f9 00 02 f9 f9
0x1000214749f0: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
0x100021474a00: 00 00 00 00 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 07
0x100021474a10: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 07 f9 f9
0x100021474a20: f9 f9 f9 f9 03 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
ASan internal: fe
Thread T7 created by T0 here:
#0 0x103966d4f in 0x00024d4f (in libclang_rt.asan_osx_dynamic.dylib) + 63
#1 0x10af13e47 in QThread::start qthread_unix.cpp:616
#2 0x111a1911a in QSGThreadedRenderLoop::handleExposure qsgthreadedrenderloop.cpp:922
#3 0x111a162e1 in QSGThreadedRenderLoop::exposureChanged qsgthreadedrenderloop.cpp:843
#4 0x111bc4f6b in QQuickWindow::exposeEvent qquickwindow.cpp:206
#5 0x107a8a5dc in QWindow::event qwindow.cpp:2021
#6 0x111be8eb6 in QQuickWindow::event qquickwindow.cpp:1392
#7 0x1047d2b37 in QApplicationPrivate::notify_helper qapplication.cpp:3719
#8 0x1047df4d1 in QApplication::notify qapplication.cpp:3161
#9 0x10c47335d in QCoreApplication::notifyInternal qcoreapplication.cpp:932
#10 0x107a218f5 in QCoreApplication::sendSpontaneousEvent qcoreapplication.h:231
#11 0x107a00248 in QGuiApplicationPrivate::processExposeEvent qguiapplication.cpp:2643
#12 0x1079e7b36 in QGuiApplicationPrivate::processWindowSystemEvent qguiapplication.cpp:1671
#13 0x1078d9b65 in QWindowSystemInterface::sendWindowSystemEvents qwindowsysteminterface.cpp:573
#14 0x1078c6ed9 in QWindowSystemInterface::flushWindowSystemEvents qwindowsysteminterface.cpp:557
#15 0x11821d526 in QCocoaWindow::setVisible qcocoawindow.mm:679
#16 0x107a6f115 in QWindow::setVisible qwindow.cpp:499
#17 0x107a6a8c1 in QWindow::showNormal qwindow.cpp:1843
#18 0x107a6a6ff in QWindow::show qwindow.cpp:1771
#19 0x104622ed6 in quick_test_main quicktest.cpp:363
#20 0x10393f8a0 in main tst_controls.cpp:35
#21 0x10393f3b3 in start (in tst_controls) + 51
#22 0x2 (<unknown module>)
==4137==ABORTING
The call from qfontdatabase.cpp:225 is
QCoreApplication::translate("QFontDatabase", "Italic")