Loading...

Details

Type: Bug
Resolution: Done
Priority: P1: Critical
Fix Version/s: 5.12.0 Beta 3
Affects Version/s: 5.11.1, 5.11.2
Component/s: QML: Compiler
Labels:
None
Environment:
Debian GNU/Linux sid

Platform/s:

Linux/X11

Description

I get the following segfault on Debian's big endian systems (powerpc/ppc64, s390x, mips).

Stack trace top:

Thread 1 "tst_layoutfiles" received signal SIGSEGV, Segmentation fault.
0x000003fffd0f1956 in QV4::Function::Function (this=0x1002ce940, engine=0x100042090, unit=<optimized out>, function=<optimized out>, codePtr=<optimized out>)
    at /usr/include/s390x-linux-gnu/qt5/QtCore/qendian.h:232
232	    operator T() const { return S::fromSpecial(val); }
(gdb) bt
#0  0x000003fffd0f1956 in QV4::Function::Function (this=0x1002ce940, engine=0x100042090, unit=<optimized out>, function=<optimized out>, codePtr=<optimized out>)
    at /usr/include/s390x-linux-gnu/qt5/QtCore/qendian.h:232
#1  0x000003fffd06a5c2 in QV4::CompiledData::CompilationUnit::linkBackendToEngine (this=this@entry=0x3ffe8052150, engine=0x100042090, 
    engine@entry=<error reading variable: value has been optimized out>) at compiler/qv4compileddata.cpp:370
#2  0x000003fffd06a9de in QV4::CompiledData::CompilationUnit::linkToEngine (this=0x3ffe8052150, engine=<optimized out>) at compiler/qv4compileddata.cpp:182
#3  0x000003fffd25e192 in QQmlObjectCreator::init (this=0x3ffffffc9e8, providedParentContext=<optimized out>) at qml/qqmlobjectcreator.cpp:121
#4  0x000003fffd2617f2 in QQmlObjectCreator::createInstance (this=this@entry=0x3ffffffd348, index=<optimized out>, parent=<optimized out>, isContextObject=isContextObject@entry=false)
    at qml/qqmlobjectcreator.cpp:1201
#5  0x000003fffd26380c in QQmlObjectCreator::setPropertyBinding (this=this@entry=0x3ffffffd348, bindingProperty=bindingProperty@entry=0x3ffe80553a8, binding=binding@entry=0x3ffe80ec21c)
    at /usr/include/s390x-linux-gnu/qt5/QtCore/qendian.h:109
#6  0x000003fffd264164 in QQmlObjectCreator::setupBindings (this=this@entry=0x3ffffffd348, applyDeferredBindings=applyDeferredBindings@entry=false) at qml/qqmlobjectcreator.cpp:777
#7  0x000003fffd260ed8 in QQmlObjectCreator::populateInstance (this=this@entry=0x3ffffffd348, index=-1, index@entry=0, instance=0x0, bindingTarget=0x0, 
    valueTypeProperty=valueTypeProperty@entry=0x0) at qml/qqmlobjectcreator.cpp:1456
#8  0x000003fffd261b30 in QQmlObjectCreator::createInstance (this=this@entry=0x3ffffffd348, index=index@entry=0, parent=parent@entry=0x0, isContextObject=isContextObject@entry=true)
    at qml/qqmlobjectcreator.cpp:1299
#9  0x000003fffd264e2e in QQmlObjectCreator::create (this=0x3ffffffd348, this@entry=<error reading variable: value has been optimized out>, subComponentIndex=subComponentIndex@entry=-1, 
    parent=parent@entry=0x0, interrupt=interrupt@entry=0x0) at qml/qqmlobjectcreator.cpp:203
#10 0x000003fffd261808 in QQmlObjectCreator::createInstance (this=this@entry=0x100071900, index=<optimized out>, parent=<optimized out>, isContextObject=isContextObject@entry=false)
    at qml/qqmlobjectcreator.cpp:1202
#11 0x000003fffd26380c in QQmlObjectCreator::setPropertyBinding (this=this@entry=0x100071900, bindingProperty=bindingProperty@entry=0x3ffe8044e08, binding=binding@entry=0x3ffe806b800)
    at /usr/include/s390x-linux-gnu/qt5/QtCore/qendian.h:109
#12 0x000003fffd264164 in QQmlObjectCreator::setupBindings (this=this@entry=0x100071900, applyDeferredBindings=applyDeferredBindings@entry=false) at qml/qqmlobjectcreator.cpp:777
#13 0x000003fffd260ed8 in QQmlObjectCreator::populateInstance (this=this@entry=0x100071900, index=-1, index@entry=0, instance=0x0, bindingTarget=0x0, 
    valueTypeProperty=valueTypeProperty@entry=0x0) at qml/qqmlobjectcreator.cpp:1456
#14 0x000003fffd261b30 in QQmlObjectCreator::createInstance (this=this@entry=0x100071900, index=index@entry=0, parent=parent@entry=0x0, isContextObject=isContextObject@entry=true)
    at qml/qqmlobjectcreator.cpp:1299
#15 0x000003fffd264e2e in QQmlObjectCreator::create (this=this@entry=0x100071900, subComponentIndex=<optimized out>, parent=parent@entry=0x0, interrupt=interrupt@entry=0x0)
    at qml/qqmlobjectcreator.cpp:203
#16 0x000003fffd1c2362 in QQmlComponentPrivate::beginCreate (this=0x1000c83a0, context=<optimized out>) at qml/qqmlcomponent.cpp:868
#17 0x000003fffd1c030a in QQmlComponent::create (this=0x1000c8380, context=0x1000c8360) at qml/qqmlcomponent.cpp:777
#18 0x0000000100002f7a in LayoutTestHelper::LayoutTestHelper (this=0x3ffffffdf48) at /usr/include/s390x-linux-gnu/qt5/QtCore/qscopedpointer.h:116
#19 0x00000001000034aa in tst_layoutfilesystem::layouts (this=<error reading variable: value has been optimized out>) at tst_layoutfilesystem.cpp:52
#20 0x000003fffcc65444 in QMetaMethod::invoke (this=0x100078c10, object=<optimized out>, connectionType=connectionType@entry=Qt::DirectConnection, 
    returnValue=<error reading variable: value has been optimized out>, val0=..., val1=..., val2=..., val3=..., val4=..., val5=..., val6=..., val7=..., val8=..., val9=...)
    at kernel/qmetaobject.cpp:2287

Actually the crash happens in line 75 of qv4function.cpp. Some analysis:

(gdb) p compiledFunction->formalsOffset
$18 = {val = 2148925440}   # 0x80160000, reversing the bytes we get 0x1680
(gdb) p *(quint32_le *)((void *)(compiledFunction) + 0x1680)
$24 = {val = 46}

We are on a big endian system, so the bytes of an integer stored in quint32_le should be reversed. However 46 looks suspiciously like an integer stored without reversing bytes.

I will test 5.11.2 shortly.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

test.log
37 kB
30 Sep '18 11:32

Issue Links

relates to

QTBUG-71516 Crash in QV4::Function::Function on ppc64

Closed

tst_layoutfilesystem (from qtvirtualkeyboard) segfaults on big endian

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates