| Summary: | GCC address sanitizer-enabled apps crash with QtCurve | ||
|---|---|---|---|
| Product: | [Frameworks and Libraries] QtCurve | Reporter: | Eugene Shalygin <eugene.shalygin+bugzilla.kde> |
| Component: | qt5 | Assignee: | Yichao Yu <yyc1992> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | hein |
| Priority: | NOR | ||
| Version First Reported In: | unspecified | ||
| Target Milestone: | --- | ||
| Platform: | Other | ||
| OS: | Linux | ||
| Latest Commit: | https://commits.kde.org/qtcurve/f164a4b69e3c9153200c90d383e0b19cb993b78e | Version Fixed/Implemented In: | |
| Sentry Crash Report: | |||
Recompiled QtCurve with address sanitizer:
==25441==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60300003329d at pc 0x7ff558f6219f bp 0x7ffd2db1b1f0 sp 0x7ffd2db1a9a0
READ of size 9 at 0x60300003329d thread T0
#0 0x7ff558f6219e (/usr/lib64/gcc/x86_64-pc-linux-gnu/6.3.0/libasan.so+0x8e19e)
#1 0x7ff53ce6c86d in toInd /home/eugene/develop/KDE/live/qtcurve/qt5/common/config_file.cpp:90
#2 0x7ff53ce71e42 in qtcReadConfig(QString const&, Options*, Options*, bool) /home/eugene/develop/KDE/live/qtcurve/qt5/common/config_file.cpp:1205
#3 0x7ff53ce708c5 in qtcReadConfig(QString const&, Options*, Options*, bool) /home/eugene/develop/KDE/live/qtcurve/qt5/common/config_file.cpp:1084
#4 0x7ff53cdf2188 in QtCurve::Style::init(bool) /home/eugene/develop/KDE/live/qtcurve/qt5/style/qtcurve.cpp:382
#5 0x7ff53cdf2c0c in QtCurve::Style::Style() /home/eugene/develop/KDE/live/qtcurve/qt5/style/qtcurve.cpp:368
#6 0x7ff53ce488b5 in QtCurve::StylePlugin::create(QString const&) /home/eugene/develop/KDE/live/qtcurve/qt5/style/qtcurve_plugin.cpp:162
#7 0x7ff552f2d79a in QStyleFactory::create(QString const&) (/usr/lib64/libQt5Widgets.so.5+0x1c479a)
#8 0x7ff552ec7032 in QApplication::style() (/usr/lib64/libQt5Widgets.so.5+0x15e032)
#9 0x7ff552ec7304 in QApplicationPrivate::initialize() (/usr/lib64/libQt5Widgets.so.5+0x15e304)
#10 0x7ff552ec7353 in QApplicationPrivate::init() (/usr/lib64/libQt5Widgets.so.5+0x15e353)
#11 0x7ff558c5b196 in kdemain (/usr/lib64/libkdeinit5_dolphin.so+0x5a196)
#12 0x7ff55151e740 in __libc_start_main (/lib64/libc.so.6+0x20740)
#13 0x400ab8 in _start (/usr/bin/dolphin+0x400ab8)
Obviously, all memcmp() calls in config_file.cpp have to be replaced with, e.g., strncmp Git commit f164a4b69e3c9153200c90d383e0b19cb993b78e by R.J.V. Bertin. Committed on 03/01/2017 at 19:34. Pushed by rjvbb into branch 'master'. Do not exceed string buffer length while parsing config file REVIEW: 129762 M +97 -97 gtk2/common/config_file.cpp M +108 -108 qt4/common/config_file.cpp M +108 -108 qt5/common/config_file.cpp https://commits.kde.org/qtcurve/f164a4b69e3c9153200c90d383e0b19cb993b78e |
When an application is compiled with -fsanitize=address, it crashes on startup. Below is a part of stacktrace. Unfortunately, the qtcurve part is not decoded. I'm on Gentoo, qtcurve installed with debug CXXFLAGS, splitdebug and installsources features enabled, but no good stacktrace :( ==5849==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60300005387d at pc 0x7f4157f0215f bp 0x7ffc250a1a30 sp 0x7ffc250a11e0 READ of size 9 at 0x60300005387d thread T0 #0 0x7f4157f0215e (/usr/lib/gcc/x86_64-pc-linux-gnu/6.2.0/libasan.so.3+0x8b15e) #1 0x7f4132e1ba5b (/usr/lib64/qt5/plugins/styles/qtcurve.so+0x99a5b) #2 0x7f4132e20184 (/usr/lib64/qt5/plugins/styles/qtcurve.so+0x9e184) #3 0x7f4132e1ec1a (/usr/lib64/qt5/plugins/styles/qtcurve.so+0x9cc1a) #4 0x7f4132da1407 (/usr/lib64/qt5/plugins/styles/qtcurve.so+0x1f407) #5 0x7f4132da1318 (/usr/lib64/qt5/plugins/styles/qtcurve.so+0x1f318) #6 0x7f4132e00707 (/usr/lib64/qt5/plugins/styles/qtcurve.so+0x7e707) #7 0x7f41449f879a in QStyleFactory::create(QString const&) (/usr/lib64/libQt5Widgets.so.5+0x1c479a) #8 0x7f4144992032 in QApplication::style() (/usr/lib64/libQt5Widgets.so.5+0x15e032) #9 0x7f4144992304 in QApplicationPrivate::initialize() (/usr/lib64/libQt5Widgets.so.5+0x15e304) #10 0x7f4144992353 in QApplicationPrivate::init() (/usr/lib64/libQt5Widgets.so.5+0x15e353)