Bug#399984: qt3-dev-tools: qmake segfaults on GNU/Hurd when no output file is specified

Thu, 23 Nov 2006 02:10:57 -0800 

Package: qt3-dev-tools
Version: 3:3.3.7-1
Severity: important
Tags: patch

Hi,

if qmake is run without a -o foo option specifying the output file (and
thus implying "Makefile" in regular operation AIUI), it segfaults on
GNU/Hurd with the following backtrace:

#0  0x01042c56 in __hurd_file_name_lookup (use_init_port=0x103d920 
<_hurd_ports_use>,
    get_dtable_port=0x40000002, lookup=0,
    file_name=0x40000002 <Address 0x40000002 out of bounds>, flags=64,
    mode=1073741826, result=0x40000002) at hurdlookup.c:67
#1  0x010432e9 in __file_name_lookup (
    file_name=0x40000002 <Address 0x40000002 out of bounds>, flags=1073741826, 
mode=0)
    at hurdlookup.c:240
#2  0x0110e12a in __lxstat64 (vers=0,
    file=0x40000002 <Address 0x40000002 out of bounds>, buf=0x40000002)
    at ../sysdeps/mach/hurd/lxstat64.c:35
#3  0x0110d2a6 in __lxstat (vers=1073741826,
    file=0x40000002 <Address 0x40000002 out of bounds>, buf=0x8237c88)
    at ../sysdeps/mach/hurd/lxstat.c:29
#4  0x081c0118 in lstat (__path=0x0, __statbuf=0x8237c88)
    at /usr/include/sys/stat.h:373
#5  0x081bfa82 in QFileInfo::doStat (this=0x101ad50)
    at /devel3/qt3/qt-x11-free-3.3.7/src/tools/qfileinfo_unix.cpp:342
#6  0x081bfc6c in QFileInfo::isDir (this=0x101ad50)
    at /devel3/qt3/qt-x11-free-3.3.7/src/tools/qfileinfo_unix.cpp:91
#7  0x0805ca63 in main (argc=16886580, argv=0x0) at main.cpp:86

lstat() is passed a NULL pointer instead of a filename, which leads to
undefined behaviour.  GNU/Linux returns an error when it gets passed a
bogus pointer, GNU/Hurd's lstat() in glibc decides to segfault.

While Qt itself builds fine, this causes FTBFS in other packages, see
e.g. 
http://experimental.ftbfs.de/fetch.php?&pkg=qscintilla&ver=1.6-2&arch=hurd-i386&stamp=1163603807&file=log&as=raw


The problem is that Option::output is not getting initialized, and
passed to isDir() in qmake/main.cpp, which eventually calls lstat() on
it, provoking the segfault.

While glibc is definetely fine to segfault here (after all, it got
passed out-of-spec input), I am not sure whether Qt might want to check
for bogus input in isDir() or doStat().  However, this is for Qt
upstream to decide I guess, and we will bring up the issue with them.

The easy fix (initializing Option::output to "") is attached, please
apply.


cheers,

Michael

--- qt-x11-free-3.3.6~/qmake/option.cpp 2006-09-28 07:45:03.000000000 +0000
+++ qt-x11-free-3.3.6/qmake/option.cpp          2006-09-28 07:45:40.000000000 
+0000
@@ -64,7 +64,7 @@
 //all modes
 int Option::warn_level = WarnLogic;
 int Option::debug_level = 0;
-QFile Option::output;
+QFile Option::output("");
 QString Option::output_dir;
 QStringList Option::before_user_vars;
 QStringList Option::after_user_vars;

Reply via email to