stack corruption in the webservice code
Linus Torvalds
torvalds at linux-foundation.org
Tue Dec 10 11:00:42 UTC 2013
On Tue, Dec 10, 2013 at 10:40 AM, Thiago Macieira <thiago at macieira.org> wrote:
>
> Actually, you need to keep the QByteArray temporary.
>
> QByteArray tempfileBA = tempfileQ.toLocal8Bit();
> tempfile = tempfileBA.constData();
>
> It's the QByteArray that owns the memory block. QByteArray is basically a
> glorified on-scope-exit-call-free() object :-)
.. but it's still free'd when it exits scope.
So I repeat: you either need to create your own copy (ie strdup or
similar), or you need to return the actual object itself (and *not*
the "tempfile" pointer at all).
Sure, the "actual object" *could* be the QByteArray that you get from
toLocal8Bit(), but that would be just strange. Much better to just
return the QString if what you want to return is a Qt object.
Of course, in this case, there's no reason to not use strdup(), since
we actually want the pathname, not some random Qt string. The only
reason that Qt string exists at all is because the code uses C++ to
create a slow but convenient version of snprintf().
> Valgrind is able to catch them. It will tell you that you're accessing a
> memory block freed inside ~QByteArray.
Even if the compiler decides to internally just allocate it on the
stack because it can see the whole scope?
But I guess those conversions aren't inlined etc, so the compiler is
unlikely to really grok the code well enough to be smart.
Linus
More information about the subsurface
mailing list