so i tried using TSAN with my own build Glib and Qt, but it directly
crashes with a
System: Ubuntu 22.04 - Glib is the same version as the systems Glib from
the Glib git, Qt is 6.4 tag from git
*** stack smashing detected ***: terminated
without any other message
my test application is just
int main( int argc, char* argv[] )
{
QApplication app( argc, argv );
return app.exec();
}
so i re-build Glib and Qt with ASAN first to get a clue what the problem is
mkdir ~/qt6_dev
# 1. build Glib with --prefix
cd ~/qt6_dev
git clone https://gitlab.gnome.org/GNOME/glib.git
cd glib
git checkout 2.72.1
cd ..
mkdir glib-build
cd glib-build
meson setup ../glib -Dbuildtype=debug -Db_sanitize=address --prefix
~/qt6_dev/glib-install
meson compile
meson install
# 2. build Qt with ASAN + PKG_CONFIG_PATH set to the ASAN GLib build
cd ~/qt6_dev
git clone git://code.qt.io/qt/qt5.git qt6
cd qt6
git checkout v6.4.0
perl init-repository
cd ..
mkdir qt6-build
cd qt6-build
PKG_CONFIG_PATH=~/qt6_dev/glib-install/lib/x86_64-linux-gnu/pkgconfig
../qt6/qtbase/configure -debug -opensource -nomake examples -nomake
tests -sanitize address
cmake --build . --parallel 2
results in
https://pastebin.com/KiUqxEe9
linux@linux-virtual-machine:~/dev/test/qt_tsan_tests_dev/_build_gcc$
./qt_tsan_tests
qt.qpa.plugin: Could not find the Qt platform plugin "wayland" in ""
=================================================================
==72389==ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7ffe033c3af0 at pc 0x7f08b158106e bp 0x7ffe033c3770 sp 0x7ffe033c3760
WRITE of size 4 at 0x7ffe033c3af0 thread T0
#0 0x7f08b158106d in value_lcopy_boolean
../glib/gobject/gvaluetypes.c:76
#1 0x7f08b15289a1 in g_object_get_valist ../glib/gobject/gobject.c:2659
#2 0x7f08b1529029 in g_object_get ../glib/gobject/gobject.c:2754
#3 0x7f08b3eee24b in gtkSetting<bool>
/home/linux/qt6_dev/qt6/qtbase/src/plugins/platformthemes/gtk3/qgtk3theme.cpp:30
#4 0x7f08b3eef12b in QGtk3Theme::appearance() const
/home/linux/qt6_dev/qt6/qtbase/src/plugins/platformthemes/gtk3/qgtk3theme.cpp:179
#5 0x7f08bc0c5d6c in qt_fusionPalette()
/home/linux/qt6_dev/qt6/qtbase/src/gui/kernel/qplatformtheme.cpp:349
#6 0x7f08bc0c727a in
QPlatformThemePrivate::initializeSystemPalette()
/home/linux/qt6_dev/qt6/qtbase/src/gui/kernel/qplatformtheme.cpp:399
#7 0x7f08bc0c7356 in
QPlatformTheme::palette(QPlatformTheme::Palette) const
/home/linux/qt6_dev/qt6/qtbase/src/gui/kernel/qplatformtheme.cpp:439
#8 0x7f08bdbb9a16 in QApplicationPrivate::basePalette() const
/home/linux/qt6_dev/qt6/qtbase/src/widgets/kernel/qapplication.cpp:1065
#9 0x7f08bbf89e2c in QGuiApplicationPrivate::setPalette(QPalette
const&)
/home/linux/qt6_dev/qt6/qtbase/src/gui/kernel/qguiapplication.cpp:3372
#10 0x7f08bbf8a161 in QGuiApplicationPrivate::updatePalette()
/home/linux/qt6_dev/qt6/qtbase/src/gui/kernel/qguiapplication.cpp:3344
#11 0x7f08bbfb01bf in QGuiApplicationPrivate::init()
/home/linux/qt6_dev/qt6/qtbase/src/gui/kernel/qguiapplication.cpp:1603
#12 0x7f08bdbd9d3c in QApplicationPrivate::init()
/home/linux/qt6_dev/qt6/qtbase/src/widgets/kernel/qapplication.cpp:462
#13 0x7f08bdbd9ebc in QApplication::QApplication(int&, char**, int)
/home/linux/qt6_dev/qt6/qtbase/src/widgets/kernel/qapplication.cpp:450
#14 0x5648a1e8f9d8 in main
/home/linux/dev/test/qt_tsan_tests_dev/qt_tsan_tests/main.cpp:8
#15 0x7f08ba2e6d8f in __libc_start_call_main
../sysdeps/nptl/libc_start_call_main.h:58
#16 0x7f08ba2e6e3f in __libc_start_main_impl ../csu/libc-start.c:392
#17 0x5648a1e8e3c4 in _start
(/home/linux/dev/test/qt_tsan_tests_dev/_build_gcc/qt_tsan_tests+0x43c4)
Address 0x7ffe033c3af0 is located in stack of thread T0 at offset 32 in
frame
#0 0x7f08b3eee1c0 in gtkSetting<bool>
/home/linux/qt6_dev/qt6/qtbase/src/plugins/platformthemes/gtk3/qgtk3theme.cpp:26
This frame has 1 object(s):
[32, 33) 'value' (line 29) <== Memory access at offset 32 partially
overflows this variable
HINT: this may be a false positive if your program uses some custom
stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow
../glib/gobject/gvaluetypes.c:76 in value_lcopy_boolean
Shadow bytes around the buggy address:
0x100040670700: 00 00 00 00 f1 f1 f1 f1 00 f2 f2 f2 00 00 00 f2
0x100040670710: f2 f2 f2 f2 00 00 00 00 00 00 00 00 f3 f3 f3 f3
0x100040670720: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
0x100040670730: f1 f1 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 00 00
0x100040670740: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x100040670750: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1[01]f3
0x100040670760: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100040670770: f1 f1 f1 f1 f1 f1 f8 f2 04 f2 04 f2 00 f2 f2 f2
0x100040670780: 00 f2 f2 f2 00 f2 f2 f2 00 00 00 f2 f2 f2 f2 f2
0x100040670790: f8 f8 f8 f2 f2 f2 f2 f2 f8 f8 f8 f2 f2 f2 f2 f2
0x1000406707a0: 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==72389==ABORTING
is that a real bug (i thought ASAN can't false positive - like TSAN can)
_______________________________________________
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest
