Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: P3: Somewhat important
Fix Version/s: 5.6
Affects Version/s: 5.6.0
Component/s: D-Bus
Labels:
None
Environment:
Arch Linux x86_64

Description

Since upgrading from Qt 5.5 to Qt 5.6, AddressSanitizer (both GCC 5.3.0 and Clang 3.7.1) start complaining. Originally found via the Open dialog of Wireshark (which in turns calls into Solid), I found another way to trigger it.

See the reproducer, it has something to do with the response type. This is the relevant interface method (note the a{sv}):

  <interface name="org.freedesktop.DBus.Debug.Stats">
    <method name="GetStats">
      <arg direction="out" type="a{sv}"/>
    </method>
  </interface>

Steps to reproduce
1. Download the reproducer and compile it with ASAN (see the comment on top of the file).
2. Run the reproducer

Expected results
No errors.

Actual results
ASAN violation:

QDBusMessage(type=MethodCall, service="org.freedesktop.DBus", path="/org/freedesktop/DBus", interface="org.freedesktop.DBus.Debug.Stats", member="GetConnectionStats", signature="", contents=(":1.0") )
=================================================================
==28451==ERROR: AddressSanitizer: new-delete-type-mismatch on 0x60b00000a540 in thread T0:
  object passed to delete has wrong type:
  size of the allocated type:   104 bytes;
  size of the deallocated type: 24 bytes.
    #0 0x4da820 in operator delete(void*, unsigned long) (/tmp/solid/reproducer+0x4da820)
    #1 0x7f7656f475c0 in variantToString /build/src/qtbase-opensource-src-5.6.0/src/dbus/qdbusutil.cpp:118
    #2 0x7f7656f48158 in QDBusUtil::argumentToString(QVariant const&) /build/src/qtbase-opensource-src-5.6.0/src/dbus/qdbusutil.cpp:317
    #3 0x7f7656f334c5 in debugVariantList /build/src/qtbase-opensource-src-5.6.0/src/dbus/qdbusmessage.cpp:809
    #4 0x7f7656f334c5 in operator<<(QDebug, QDBusMessage const&) /build/src/qtbase-opensource-src-5.6.0/src/dbus/qdbusmessage.cpp:829
    #5 0x4dce7c in main /tmp/solid/reproducer.cpp:25:14
    #6 0x7f76555f470f in __libc_start_main (/usr/lib/libc.so.6+0x2070f)
    #7 0x4181f8 in _start (/tmp/solid/reproducer+0x4181f8)

0x60b00000a540 is located 0 bytes inside of 104-byte region [0x60b00000a540,0x60b00000a5a8)
allocated by thread T0 here:
    #0 0x4d9c20 in operator new(unsigned long) (/tmp/solid/reproducer+0x4d9c20)
    #1 0x7f7656f5e966 in QDBusArgumentPrivate::checkReadAndDetach(QDBusArgumentPrivate*&) /build/src/qtbase-opensource-src-5.6.0/src/dbus/qdbusargument.cpp:152
    #2 0x7f7656f616f8 in QDBusArgument::beginMapEntry() const /build/src/qtbase-opensource-src-5.6.0/src/dbus/qdbusargument.cpp:1063
    #3 0x7f7656f4854f in argToString /build/src/qtbase-opensource-src-5.6.0/src/dbus/qdbusutil.cpp:181
    #4 0x7f7656f475b8 in variantToString /build/src/qtbase-opensource-src-5.6.0/src/dbus/qdbusutil.cpp:118
    #5 0x7f7656f48158 in QDBusUtil::argumentToString(QVariant const&) /build/src/qtbase-opensource-src-5.6.0/src/dbus/qdbusutil.cpp:317
    #6 0x7f7656f334c5 in debugVariantList /build/src/qtbase-opensource-src-5.6.0/src/dbus/qdbusmessage.cpp:809
    #7 0x7f7656f334c5 in operator<<(QDebug, QDBusMessage const&) /build/src/qtbase-opensource-src-5.6.0/src/dbus/qdbusmessage.cpp:829
    #8 0x4dce7c in main /tmp/solid/reproducer.cpp:25:14
    #9 0x7f76555f470f in __libc_start_main (/usr/lib/libc.so.6+0x2070f)
    #10 0x4181f8 in _start (/tmp/solid/reproducer+0x4181f8)

SUMMARY: AddressSanitizer: new-delete-type-mismatch (/tmp/solid/reproducer+0x4da820) in operator delete(void*, unsigned long)
==28451==HINT: if you don't care about these warnings you may set ASAN_OPTIONS=new_delete_type_mismatch=0
==28451==ABORTING

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

reproducer.cpp
0.7 kB
28 Mar '16 07:49

Activity

People

Assignee:: Peter Wu

Reporter:: Peter Wu

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 28 Mar '16 07:49

Updated:: 30 Jul '18 06:42

Resolved:: 30 Jul '18 06:42