Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-80283

Crash when calling QQuickPixmapReader::processJob with invalid data

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • P1: Critical
    • 5.14.0
    • 5.14.0 Beta3
    • Quick: Core Declarative QML
    • None
    • Linux x86_64
    • Linux/X11
    • 290251541e615358dcc7a289ff2adb30f309c132

    Description

      The KDE music player Elisa crashes at startup with Qt 5.14 with the following backtrace:

      #0  0x00007ffff52691f2 in QQuickPixmapReader::processJob (this=this@entry=0x555556e91500, runningJob=<optimized out>, runningJob@entry=0x555558d34730, 
    url=..., localFile=..., imageType=imageType@entry=QQmlImageProviderBase::Invalid, provider=...)
    at /build/qt5-declarative/src/qtdeclarative-everywhere-src-5.14.0-beta3/src/quick/util/qquickpixmapcache.cpp:885
#1  0x00007ffff526a28e in QQuickPixmapReader::processJobs (this=0x555556e91500)
    at /build/qt5-declarative/src/qtdeclarative-everywhere-src-5.14.0-beta3/src/quick/util/qquickpixmapcache.cpp:724
#2  0x00007ffff526a867 in QQuickPixmapReaderThreadObject::event (this=<optimized out>, e=<optimized out>)
    at /build/qt5-declarative/src/qtdeclarative-everywhere-src-5.14.0-beta3/src/quick/util/qquickpixmapcache.cpp:628
#3  0x00007ffff782c15c in QApplicationPrivate::notify_helper (this=this@entry=0x55555565edc0, receiver=receiver@entry=0x7fffd0004e10, 
    e=e@entry=0x555558d2e570) at kernel/qapplication.cpp:3693
#4  0x00007ffff78358ce in QApplication::notify (this=0x7fffffffe420, receiver=0x7fffd0004e10, e=0x555558d2e570) at kernel/qapplication.cpp:3033
#5  0x00007ffff66b7daf in QCoreApplication::notifyInternal2 (receiver=0x7fffd0004e10, event=0x555558d2e570) at kernel/qcoreapplication.cpp:1092
#6  0x00007ffff66b8010 in QCoreApplication::sendEvent (receiver=receiver@entry=0x7fffd0004e10, event=event@entry=0x555558d2e570)
    at kernel/qcoreapplication.cpp:1487
#7  0x00007ffff66bb8bd in QCoreApplicationPrivate::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=0, data=0x555556e91660)
    at kernel/qcoreapplication.cpp:1832
#8  0x00007ffff66bbf72 in QCoreApplication::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=0)
    at kernel/qcoreapplication.cpp:1691
#9  0x00007ffff67235cb in postEventSourceDispatch (s=0x7fffd0004bb0) at kernel/qeventdispatcher_glib.cpp:277
#10 0x00007ffff25b939e in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#11 0x00007ffff25bb1b1 in ?? () from /usr/lib/libglib-2.0.so.0
#12 0x00007ffff25bb1f1 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#13 0x00007ffff6722ee8 in QEventDispatcherGlib::processEvents (this=0x7fffd0000b60, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#14 0x00007ffff66b594d in QEventLoop::processEvents (this=this@entry=0x7fffdcb38d30, flags=..., flags@entry=...)
    at /usr/include/c++/9.2.0/bits/atomic_base.h:734
#15 0x00007ffff66b5da5 in QEventLoop::exec (this=this@entry=0x7fffdcb38d30, flags=flags@entry=...)
    at ../../include/QtCore/../../src/corelib/global/qflags.h:120
#16 0x00007ffff64bd0a4 in QThread::exec (this=this@entry=0x555556e91500) at ../../include/QtCore/../../src/corelib/global/qflags.h:118
#17 0x00007ffff526a8d2 in QQuickPixmapReader::run (this=0x555556e91500)
    at /build/qt5-declarative/src/qtdeclarative-everywhere-src-5.14.0-beta3/src/quick/util/qquickpixmapcache.cpp:985
#18 0x00007ffff64be88e in QThreadPrivate::start (arg=0x555556e91500) at thread/qthread_unix.cpp:342
#19 0x00007ffff4d714cf in start_thread () from /usr/lib/libpthread.so.0
#20 0x00007ffff61572d3 in clone () from /usr/lib/libc.so.6

      The following patch fixes the issue for me:

      diff --git a/src/quick/util/qquickpixmapcache.cpp b/src/quick/util/qquickpixmapcache.cpp
index 56ad8ebf0b..6c972fa5cf 100644
--- a/src/quick/util/qquickpixmapcache.cpp
+++ b/src/quick/util/qquickpixmapcache.cpp
@@ -882,7 +882,7 @@ void QQuickPixmapReader::processJob(QQuickPixmapReply *runningJob, const QUrl &u
                     return;
                 } else {
                     int frameCount;
-                    if (!readImage(url, &f, &image, &errorStr, &readSize, &frameCount, runningJob->requestSize, runningJob->providerOptions, nullptr, run
ningJob->data->frame)) {
+                    if (runningJob->data && !readImage(url, &f, &image, &errorStr, &readSize, &frameCount, runningJob->requestSize, runningJob->providerO
ptions, nullptr, runningJob->data->frame)) {
                         errorCode = QQuickPixmapReply::Loading;
                         if (f.fileName() != localFile)
                             errorStr += QString::fromLatin1(" (%1)").arg(f.fileName());

      Attachments

        Activity

          People

            qt.team.quick.subscriptions Qt Quick and Widgets Team
            arojas Antonio Rojas
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: