New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

apicheck segfaults when compiled with Qt 5.9.5 #26

Open
UniversalSuperBox opened this Issue Nov 17, 2018 · 3 comments

Comments

Projects
None yet
2 participants
@UniversalSuperBox
Copy link
Member

UniversalSuperBox commented Nov 17, 2018

This issue is going to be a bit of a brain dump as I've been working at it for a few hours and I'm only a little further than when I started.

As can be seen in recent build output, the apicheck binary segfaults after being called on Extinct.Animals. Since this prevents tests from finishing, we are unable to merge any pull requests right now.

I've been trying to debug this issue for a few hours. TL;DR: We're corrupting our heap for a QQmlType, replacing its QQmlTypePrivate named d's name attribute, maybe more:

(gdb) print thisQmlType->d->name
$8 = {static null = {<No data fields>}, d = 0x61}

I feel like I'm close to finding the issue, since looking at a data structure closer to the beginning of the private object nets us...

p thisQmlType->d->extraData
$18 = {cd = 0x3, sd = 0x3, fd = 0x3}

In case it's helpful, here's the valgrind output

@mardy

This comment has been minimized.

Copy link
Member

mardy commented Nov 17, 2018

Try printing the string in apicheck.cpp:169

@UniversalSuperBox

This comment has been minimized.

Copy link
Member

UniversalSuperBox commented Nov 20, 2018

As discussed off-issue, that's exactly what segfaults.

Reading the valgrind output again, it looked like the typeFormat QString creation just a bit before the illegal call was causing a value to be written a little too close to the problem memory, so I changed typeFormat to just an empty QString. Now the new valgrind output says Use of uninitialised value of size 8. Progress!

@UniversalSuperBox

This comment has been minimized.

Copy link
Member

UniversalSuperBox commented Dec 4, 2018

This is fixed in d85ab39, but I will keep the issue open until a PR with it is merged.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment