[Bug 228430] Simple program using QJson* classes segfaults
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu May 24 14:45:06 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228430
--- Comment #2 from Gleb Popov <arrowd at FreeBSD.org> ---
I was able to reproduce this in the jail created from the latest 12.0-CURRENT
snapshot:
Create a new jail
# poudriere -c -j cur12 -v 12.0-CURRENT
Build pkg and leave the jail running
# poudriere testport -j cur12 -I ports-mgmt/pkg
Copy the testcase into the jail
# cp test.cpp /usr/local/poudriere/data/.m/cur12-default/ref/root/
Enter it
# sudo jexec cur12-sbreeze-n env -i TERM=$TERM /usr/bin/login -fp root
Compile the testcase
# c++ -I/usr/local/include/qt5/QtCore -I/usr/local/include/qt5 -fPIC
-L/usr/local/lib/qt5 -lQt5Core test.cpp -o fail
Get a segfault
# ./fail
Segmentation fault (core dumped)
The reversing effort I did was right - when QJsonObject::~QJsonObject is called
it dereferences .d field and the count becomes 0. However, returned
QJsonValueRef enabledByDefaultValue also holds the same d while it gets
deleted. So, when the execution gets to enabledByDefaultValue.isNull(), that .d
field is already freed and contains garbage.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the kde-freebsd
mailing list