Loading...

Details

Type: Bug
Resolution: Done
Priority: P1: Critical
Fix Version/s: None
Affects Version/s: 6.0
Component/s: Core: Containers and Algorithms
Labels:
None

Epic Link:
QtCore6
Story Points:
13
Sprint:
Qt6_Foundation_Sprint 19

Description

Building qtbase dev with qmake and clang's asan results in heap-buffer-overflow.
Configure step:

MAKEFLAGS=-j8 ~/work/qt5_qmake/configure -opensource -confirm-license -developer-build -no-optimize-debug -skip qtwebengine -skip qtpim -skip qtsystems -ccache -no-pch -nomake examples -no-headersclean -sanitize address -platform linux-clang

Build step:

make module-qtbase-all

Issue:

make[3]: Entering directory '/home/ag/work/build/qt5_qmake/qtbase/src/gui'
/home/ag/work/build/qt5_qmake/qtbase/src/gui/qvkgen_wrapper.sh /home/ag/work/qt5_qmake/qtbase/src/gui/vulkan/vk.xml /home/ag/work/qt5_qmake/qtbase/header.LGPL vulkan/qvulkanfunctions
=================================================================
==29210==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6030000000ef at pc 0x7fdccb269bbc bp 0x7ffd17639f90 sp 0x7ffd17639f88
READ of size 16 at 0x6030000000ef thread T0
    #0 0x7fdccb269bbb in aeshash(unsigned char const*, unsigned long, unsigned long) /home/ag/work/qt5_qmake/qtbase/src/corelib/tools/qhash.cpp:491:20
    #1 0x7fdccb268ef5 in qHashBits(void const*, unsigned long, unsigned long) /home/ag/work/qt5_qmake/qtbase/src/corelib/tools/qhash.cpp:527:16
    #2 0x7fdccb26b0c9 in qHash(QStringView, unsigned long) /home/ag/work/qt5_qmake/qtbase/src/corelib/tools/qhash.cpp:547:12
    #3 0x7fdccc0ecfe2 in QHashPrivate::Data<QHashPrivate::Node<QStringView, QXmlStreamReaderPrivate::Entity> >::find(QStringView const&) const /home/ag/work/build/qt5_qmake/qtbase/src/corelib/../../include/QtCore/../../../../../qt5_qmake/qtbase/src/corelib/tools/qhash.h:554:23
    #4 0x7fdccc0ee6ec in QHashPrivate::Data<QHashPrivate::Node<QStringView, QXmlStreamReaderPrivate::Entity> >::findOrInsert(QStringView const&) /home/ag/work/build/qt5_qmake/qtbase/src/corelib/../../include/QtCore/../../../../../qt5_qmake/qtbase/src/corelib/tools/qhash.h:595:23
    #5 0x7fdccc0ee23b in QHash<QStringView, QXmlStreamReaderPrivate::Entity>::iterator QHash<QStringView, QXmlStreamReaderPrivate::Entity>::emplace<QXmlStreamReaderPrivate::Entity const&>(QStringView&&, QXmlStreamReaderPrivate::Entity const&) /home/ag/work/build/qt5_qmake/qtbase/src/corelib/../../include/QtCore/../../../../../qt5_qmake/qtbase/src/corelib/tools/qhash.h:1134:26
    #6 0x7fdccc0edf62 in QHash<QStringView, QXmlStreamReaderPrivate::Entity>::iterator QHash<QStringView, QXmlStreamReaderPrivate::Entity>::emplace<QXmlStreamReaderPrivate::Entity const&>(QStringView const&, QXmlStreamReaderPrivate::Entity const&) /home/ag/work/build/qt5_qmake/qtbase/src/corelib/../../include/QtCore/../../../../../qt5_qmake/qtbase/src/corelib/tools/qhash.h:1126:16
    #7 0x7fdccc0d2bde in QHash<QStringView, QXmlStreamReaderPrivate::Entity>::insert(QStringView const&, QXmlStreamReaderPrivate::Entity const&) /home/ag/work/build/qt5_qmake/qtbase/src/corelib/../../include/QtCore/../../../../../qt5_qmake/qtbase/src/corelib/tools/qhash.h:1104:16
    #8 0x7fdccc0b8d4e in QXmlStreamReaderPrivate::QXmlStreamReaderPrivate(QXmlStreamReader*) /home/ag/work/qt5_qmake/qtbase/src/corelib/serialization/qxmlstream.cpp:809:5
    #9 0x7fdccc0b3b57 in QXmlStreamReader::QXmlStreamReader() /home/ag/work/qt5_qmake/qtbase/src/corelib/serialization/qxmlstream.cpp:397:17
    #10 0x4d74dd in VkSpecParser::VkSpecParser() /home/ag/work/qt5_qmake/qtbase/src/tools/qvkgen/qvkgen.cpp:35:7
    #11 0x4d2b72 in main /home/ag/work/qt5_qmake/qtbase/src/tools/qvkgen/qvkgen.cpp:492:18
    #12 0x7fdcc9a56b96 in __libc_start_main /build/glibc-2ORdQG/glibc-2.27/csu/../csu/libc-start.c:310
    #13 0x41d2b9 in _start (/home/ag/work/build/qt5_qmake/qtbase/bin/qvkgen+0x41d2b9)

0x6030000000ef is located 9 bytes to the right of 22-byte region [0x6030000000d0,0x6030000000e6)
allocated by thread T0 here:
    #0 0x4959fd in malloc (/home/ag/work/build/qt5_qmake/qtbase/bin/qvkgen+0x4959fd)
    #1 0x7fdccb157357 in allocateData(long long, unsigned int) /home/ag/work/qt5_qmake/qtbase/src/corelib/tools/qarraydata.cpp:178:52
    #2 0x7fdccb156b4e in QArrayData::allocate(QArrayData**, long long, long long, long long, QFlags<QArrayData::ArrayOption>) /home/ag/work/qt5_qmake/qtbase/src/corelib/tools/qarraydata.cpp:218:26
    #3 0x7fdccb4aca23 in QTypedArrayData<char16_t>::allocate(long long, QFlags<QArrayData::ArrayOption>) /home/ag/work/build/qt5_qmake/qtbase/src/corelib/../../include/QtCore/../../../../../qt5_qmake/qtbase/src/corelib/tools/qarraydata.h:216:24
    #4 0x7fdccb46a0e2 in QString::fromLatin1_helper(char const*, long long) /home/ag/work/qt5_qmake/qtbase/src/corelib/text/qstring.cpp:5146:25
    #5 0x7fdccb0332a0 in QString::QString(QLatin1String) /home/ag/work/build/qt5_qmake/qtbase/src/corelib/../../include/QtCore/../../../../../qt5_qmake/qtbase/src/corelib/text/qstring.h:1061:52
    #6 0x7fdccc0d892f in QXmlStreamReaderPrivate::Entity::createLiteral(QLatin1String, QLatin1String) /home/ag/work/qt5_qmake/qtbase/src/corelib/serialization/qxmlstream_p.h:263:29
    #7 0x7fdccc0b8c6f in QXmlStreamReaderPrivate::QXmlStreamReaderPrivate(QXmlStreamReader*) /home/ag/work/qt5_qmake/qtbase/src/corelib/serialization/qxmlstream.cpp:809:5
    #8 0x7fdccc0b3b57 in QXmlStreamReader::QXmlStreamReader() /home/ag/work/qt5_qmake/qtbase/src/corelib/serialization/qxmlstream.cpp:397:17
    #9 0x4d74dd in VkSpecParser::VkSpecParser() /home/ag/work/qt5_qmake/qtbase/src/tools/qvkgen/qvkgen.cpp:35:7
    #10 0x4d2b72 in main /home/ag/work/qt5_qmake/qtbase/src/tools/qvkgen/qvkgen.cpp:492:18
    #11 0x7fdcc9a56b96 in __libc_start_main /build/glibc-2ORdQG/glibc-2.27/csu/../csu/libc-start.c:310

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/ag/work/qt5_qmake/qtbase/src/corelib/tools/qhash.cpp:491:20 in aeshash(unsigned char const*, unsigned long, unsigned long)
Shadow bytes around the buggy address:
  0x0c067fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c067fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c067fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c067fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c067fff8000: fa fa 00 00 00 00 fa fa 00 00 00 00 fa fa fd fd
=>0x0c067fff8010: fd fd fa fa 00 00 00 00 fa fa 00 00 06[fa]fa fa
  0x0c067fff8020: 00 00 04 fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c067fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c067fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c067fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c067fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==29210==ABORTING
Makefile:1708: recipe for target 'vulkan/qvulkanfunctions.h' failed
make[3]: *** [vulkan/qvulkanfunctions.h] Error 1

Attachments

Issue Links

relates to

QTBUG-86051 heap-buffer-overflow in QXmlStreamReader

Closed

Clang ASan reports heap buffer overflow in QHash

Details

Description

Attachments

Issue Links

Activity

People

Dates