Details
-
Bug
-
Resolution: Done
-
P2: Important
-
5.0.0 RC 1
-
None
-
Linux, Clang trunk/3.3, -sanitize-address
https://codereview.qt-project.org/#change,41476
-
a3a4114f5377597a4641f1c21cac37453afdda9c
Description
heap-buffer-overflow: not sure if only the unit test is buggy.
==23824== ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7fbded216fc0 at pc 0x7fbdeaf215cd bp 0x7ffffeeb1510 sp 0x7ffffeeb1508
READ of size 1 at 0x7fbded216fc0 thread T0
#0 0x7fbdeaf215cc in swap_bit_order(QImageData*, QImageData const*, QFlags<Qt::ImageConversionFlag>) qimage.cpp:2114
#1 0x7fbdeaed1da2 in QImage::convertToFormat(QImage::Format, QFlags<Qt::ImageConversionFlag>) const qimage.cpp:3370
#2 0x43c5a6 in ?? ??:0
#3 0x47f31a in ?? ??:0
#4 0x7fbde9a4c9ba in QMetaMethod::invoke(QObject*, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) const qmetaobject.cpp:2146
#5 0x7fbde9a4a533 in QMetaObject::invokeMethod(QObject*, char const*, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) qmetaobject.cpp:1462
#6 0x7fbdece883e6 in QMetaObject::invokeMethod(QObject*, char const*, Qt::ConnectionType, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) qobjectdefs.h:396
#7 0x7fbdece61ccc in QTest::qInvokeTestMethodDataEntry(char*) qtestcase.cpp:1651
#8 0x7fbdece60187 in QTest::qInvokeTestMethod(char const*, char const*) qtestcase.cpp:1769
#9 0x7fbdece51392 in QTest::qInvokeTestMethods(QObject*) qtestcase.cpp:1923
#10 0x7fbdece4f52c in QTest::qExec(QObject*, int, char**) qtestcase.cpp:2136
#11 0x47e8d6 in ?? ??:0
#12 0x7fbde778676c in ?? ??:0
0x7fbded216fc0 is located 0 bytes to the right of 128-byte region [0x7fbded216f40,0x7fbded216fc0)
allocated by thread T0 here:
#0 0x4dc24a in ?? ??:0
#1 0x7fbdeaeb4d46 in QImageData::create(QSize const&, QImage::Format, int) qimage.cpp:169
#2 0x7fbdeaeb7f18 in QImage qimage.cpp:743
#3 0x43ab78 in ?? ??:0
#4 0x47f31a in ?? ??:0
#5 0x7fbde9a4c9ba in QMetaMethod::invoke(QObject*, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) const qmetaobject.cpp:2146
#6 0x7fbde9a4a533 in QMetaObject::invokeMethod(QObject*, char const*, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) qmetaobject.cpp:1462
Shadow byte and word:
0x1ff7bda42df8: fa
0x1ff7bda42df8: fa fa fa fa fa fa fa fa
More shadow bytes:
0x1ff7bda42dd8: fa fa fa fa fa fa fa fa
0x1ff7bda42de0: fa fa fa fa fa fa fa fa
0x1ff7bda42de8: 00 00 00 00 00 00 00 00
0x1ff7bda42df0: 00 00 00 00 00 00 00 00
=>0x1ff7bda42df8: fa fa fa fa fa fa fa fa
0x1ff7bda42e00: fa fa fa fa fa fa fa fa
0x1ff7bda42e08: fd fd fd fd fd fd fd fd
0x1ff7bda42e10: fd fd fd fd fd fd fd fd
0x1ff7bda42e18: fa fa fa fa fa fa fa fa
Stats: 113M malloced (120M for red zones) by 135402 calls
Stats: 104M realloced by 10992 calls
Stats: 113M freed by 132727 calls
Stats: 81M really freed by 95799 calls
Stats: 70M (18046 full pages) mmaped in 140 calls
mmaps by size class: 7:36855; 8:4094; 9:1023; 10:511; 11:255; 12:128; 13:64; 14:64; 15:16; 16:968;
mallocs by size class: 7:122112; 8:8666; 9:677; 10:94; 11:90; 12:194; 13:106; 14:37; 15:12; 16:3414;
frees by size class: 7:119924; 8:8337; 9:622; 10:58; 11:42; 12:185; 13:100; 14:36; 15:10; 16:3413;
rfrees by size class: 7:86305; 8:6143; 9:540; 10:58; 11:31; 12:136; 13:81; 14:36; 15:10; 16:2459;
Stats: malloc large: 3426 small slow: 641
==23824== ABORTING