Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-45601

QProcess/Win can cause malformed heap

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P1: Critical
    • 5.4.2
    • 5.4.0
    • Core: I/O
    • None
    • Windows 7, MSVC
    • 5ce567c536fde6b7cb93657d14df404f3e270119

    Description

      Consider a short-lived process that produces some output.

      Start this process via QProcess and call waitForFinished.

      Then the following can happen:

      • in QProcessPrivate::waitForFinished WaitForSingleObject returns WAIT_OBJECT_0
      • drainOutputPipes is called and returns.
      • The QWindowsPipeReader objects are still active, because the pipe has not been closed yet.
      • _q_processDied() is called, which calls cleanup(), which calls QWindowsPipeReader::stop()
      • QWindowsPipeReader::stop() sets readSequenceStarted to false, but doesn't cancel the I/O operation (should it rather?)
      • waitForFinished() returns
      • The QProcess object is destroyed with all its children.
      • QWindowsPipeReader with readSequenceStarted==false but an active I/O operation is destroyed.
      • The OVERLAPPED object and the read buffer in QWindowsPipeReader is destroyed.
      • The active I/O operation modifies the (now destroyed) OVERLAPPED object and, potentially, the read buffer. BAM! The heap is a mess.

      This issue originates from QTCREATORBUG-13713.
      We can only reproduce it on Windows 7.

      Attachments

        1. process-crash.zip
          2 kB
          Joerg Bornemann

        Issue Links

          replaces

          Bug - A problem which impairs or prevents the functions of the product. QTCREATORBUG-13713 Crash in ProfileEvaluator::expandEnvVars

          • P1: Critical - Urgent and Important, will STOP the release if matched with set FixVersion field. This includes regressions from the last version that are not edge cases; Data loss; Build issues; All but the most unlikely crashes/lockups/hanging; Serious usability issues and embarrassing bugs & Bugs critical to a deliverable. This is the highest possible priority for requirements.
          • Closed

          Activity

            People

              jbornema Joerg Bornemann
              jbornema Joerg Bornemann
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: