Bug#877527: libqt5core5a: QRegularExpression::match crash on x32

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#877527: libqt5core5a: QRegularExpression::match crash on x32
From: Thorsten Glaser <tg@mirbsd.de>
Date: Mon, 02 Oct 2017 17:15:07 +0200
Message-id: <[🔎] 150695730734.486.5476756838099846923.reportbug@tglase.lan.tarent.de>
Reply-to: Thorsten Glaser <tg@mirbsd.de>, 877527@bugs.debian.org

Package: libqt5core5a
Version: 5.9.1+dfsg-11
Severity: normal

Reproduction steps:

• start MuseScore, load any score that has at least a note in it
  or create a new empty score then insert a note, any (black) note
• select the note
• press F8 to let the inspector show on the right-hand side of
  the window
• click on the colour block

‣ Now, a stock Qt colour chooser opens. I’m told that this is a
  standard Qt dialogie, so you can use any other method to get
  there, as long as the preselected colour is black.

• click in the rightmost field, the one which has a gradient
  from white (top) to black (bottom) and slide through it

‣ The crash occurs roughly at #080808 when starting from black.

Backtrace:

(gdb) r
Starting program: /usr/bin/musescore 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnux32/libthread_db.so.1".
QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-tglase'
[New Thread 0xe2e92940 (LWP 32571)]
[New Thread 0xdda52940 (LWP 32572)]
[New Thread 0xdd0ff940 (LWP 32573)]
[New Thread 0xdbe5d940 (LWP 32575)]
[New Thread 0xd8f84940 (LWP 32576)]
[New Thread 0xd86d6940 (LWP 32577)]
[New Thread 0xd6a35940 (LWP 32578)]

Thread 1 "musescore" received signal SIGBUS, Bus error.
0xdd2198e0 in ?? ()
(gdb) bt
#0  0xdd2198e0 in ?? ()
#1  0xf78e1794 in ?? () from /usr/lib/x86_64-linux-gnux32/libfreetype.so.6
#2  0xf13d92dd in ?? () from /usr/lib/x86_64-linux-gnux32/libQt5Core.so.5
#3  0xf13ff34a in ?? () from /usr/lib/x86_64-linux-gnux32/libQt5Core.so.5
#4  0xf140bad2 in ?? () from /usr/lib/x86_64-linux-gnux32/libQt5Core.so.5
#5  0xf11f9710 in ?? () from /usr/lib/x86_64-linux-gnux32/libQt5Core.so.5
#6  0xf11fd736 in QRegularExpression::match(QString const&, int, QRegularExpression::MatchType, QFlags<QRegularExpression::MatchOption>) const () from /usr/lib/x86_64-linux-gnux32/libQt5Core.so.5
#7  0xf1bca05e in QRegularExpressionValidator::validate(QString&, int&) const ()
   from /usr/lib/x86_64-linux-gnux32/libQt5Gui.so.5
#8  0xf21ccfe4 in QWidgetLineControl::finishChange(int, bool, bool) ()
   from /usr/lib/x86_64-linux-gnux32/libQt5Widgets.so.5
#9  0xf21cd4f8 in QWidgetLineControl::internalSetText(QString const&, int, bool) ()
   from /usr/lib/x86_64-linux-gnux32/libQt5Widgets.so.5
#10 0xf2149eb3 in QLineEdit::setText(QString const&) () from /usr/lib/x86_64-linux-gnux32/libQt5Widgets.so.5
#11 0xf220a8bc in ?? () from /usr/lib/x86_64-linux-gnux32/libQt5Widgets.so.5
#12 0xf220c32c in ?? () from /usr/lib/x86_64-linux-gnux32/libQt5Widgets.so.5
#13 0xf1355619 in QMetaObject::activate(QObject*, int, int, void**) ()
   from /usr/lib/x86_64-linux-gnux32/libQt5Core.so.5
#14 0xf2206c1f in ?? () from /usr/lib/x86_64-linux-gnux32/libQt5Widgets.so.5
#15 0xf205c828 in QWidget::event(QEvent*) () from /usr/lib/x86_64-linux-gnux32/libQt5Widgets.so.5
#16 0xf201aba7 in QApplicationPrivate::notify_helper(QObject*, QEvent*) ()
   from /usr/lib/x86_64-linux-gnux32/libQt5Widgets.so.5
#17 0xf2022edb in QApplication::notify(QObject*, QEvent*) ()
   from /usr/lib/x86_64-linux-gnux32/libQt5Widgets.so.5
#18 0xf1326370 in QCoreApplication::notifyInternal2(QObject*, QEvent*) ()
   from /usr/lib/x86_64-linux-gnux32/libQt5Core.so.5
#19 0xf2021b3d in QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool) () from /usr/lib/x86_64-linux-gnux32/libQt5Widgets.so.5
#20 0xf2077b97 in ?? () from /usr/lib/x86_64-linux-gnux32/libQt5Widgets.so.5
#21 0xf207a31a in ?? () from /usr/lib/x86_64-linux-gnux32/libQt5Widgets.so.5
#22 0xf201aba7 in QApplicationPrivate::notify_helper(QObject*, QEvent*) ()
   from /usr/lib/x86_64-linux-gnux32/libQt5Widgets.so.5
#23 0xf2022671 in QApplication::notify(QObject*, QEvent*) ()
[…]

Judging from the addresses in frames #0 and #1 there is likely a JIT
involved, which needs porting to x32. It doesn’t crash on amd64, didn’t
try i386.

-- System Information:
Debian Release: buster/sid
  APT prefers unreleased
  APT policy: (500, 'unreleased'), (500, 'buildd-unstable'), (500, 'unstable')
Architecture: x32 (x86_64)
Foreign Architectures: i386, amd64

Kernel: Linux 4.12.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages libqt5core5a depends on:
ii  libc6                  2.24-17
ii  libdouble-conversion1  2.0.1-4
ii  libgcc1                1:7.2.0-7
ii  libglib2.0-0           2.54.0-1
ii  libicu57               57.1-6
ii  libstdc++6             7.2.0-7
ii  zlib1g                 1:1.2.8.dfsg-5

Versions of packages libqt5core5a recommends:
pn  qttranslations5-l10n  <none>

Versions of packages libqt5core5a suggests:
ii  libthai0  0.1.26-3

-- no debconf information

Reply to:

Prev by Date: kubuntu branches to be deleted
Next by Date: Processed: [bts-link] source package plasma-nm
Previous by thread: Re: kubuntu branches to be deleted
Next by thread: Processed: [bts-link] source package plasma-nm
Index(es):
- Date
- Thread