QFile::open() crashes application on call to previously written file

SGaist

Hi,

Please run your application through the debugger and show the stack trace of the crash.

Pollarm

Hello,

Apologies, I posted the wrong part earlier.

0x7ffa6f68fe4a <+ 2890> mov qword ptr [r14+80h],rax
0x7ffa6f68fe51 <+ 2897> mov rax,qword ptr [rsp+90h]
0x7ffa6f68fe59 <+ 2905> mov ecx,dword ptr [rax]
0x7ffa6f68fe5b <+ 2907> mov edi,0FFFFFFFFh
0x7ffa6f68fe60 <+ 2912> test ecx,ecx
0x7ffa6f68fe62 <+ 2914> je Qt5Core!QFSFileEngine::link+0xb7b (00007ffa6f68fe7b) 0x7ffa6f68fe64 <+ 2916> cmp ecx,edi 0x7ffa6f68fe66 <+ 2918> je Qt5Core!QFSFileEngine::link+0xb91 (00007ffa6f68fe91)
0x7ffa6f68fe68 <+ 2920> mov rax,qword ptr [rsp+90h]
0x7ffa6f68fe70 <+ 2928> mov ecx,edi
0x7ffa6f68fe72 <+ 2930> lock xadd dword ptr [rax],ecx
0x7ffa6f68fe76 <+ 2934> cmp ecx,1
0x7ffa6f68fe79 <+ 2937> jne Qt5Core!QFSFileEngine::link+0xb91 (00007ffa6f68fe91) 0x7ffa6f68fe7b <+ 2939> mov edx,2 0x7ffa6f68fe80 <+ 2944> lea r8d,[rdx+6] 0x7ffa6f68fe84 <+ 2948> mov rcx,qword ptr [rsp+90h] 0x7ffa6f68fe8c <+ 2956> call Qt5Core!QArrayData::deallocate (00007ffa6f540df0)
0x7ffa6f68fe91 <+ 2961> cmp qword ptr [r14+80h],0FFFFFFFFFFFFFFFFh
0x7ffa6f68fe99 <+ 2969> jne Qt5Core!QFSFileEngine::link+0xc03 (00007ffa6f68ff03) 0x7ffa6f68fe9b <+ 2971> mov edx,edi 0x7ffa6f68fe9d <+ 2973> lea rcx,[rsp+0A0h] 0x7ffa6f68fea5 <+ 2981> call Qt5Core!QSystemError::windowsString (00007ffa6f728830)
0x7ffa6f68feaa <+ 2986> nop
0x7ffa6f68feab <+ 2987> mov r8,rax
0x7ffa6f68feae <+ 2990> mov edx,5
0x7ffa6f68feb3 <+ 2995> mov rcx,rsi
0x7ffa6f68feb6 <+ 2998> call Qt5Core!QAbstractFileEngine::setError (00007ffa6f627100) 0x7ffa6f68febb <+ 3003> nop 0x7ffa6f68febc <+ 3004> mov rax,qword ptr [rsp+0A0h] 0x7ffa6f68fec4 <+ 3012> mov ecx,dword ptr [rax] 0x7ffa6f68fec6 <+ 3014> test ecx,ecx 0x7ffa6f68fec8 <+ 3016> je Qt5Core!QFSFileEngine::link+0xbe0 (00007ffa6f68fee0)
0x7ffa6f68feca <+ 3018> cmp ecx,0FFFFFFFFh
0x7ffa6f68fecd <+ 3021> je Qt5Core!QFSFileEngine::link+0xbf6 (00007ffa6f68fef6) 0x7ffa6f68fecf <+ 3023> mov rax,qword ptr [rsp+0A0h] 0x7ffa6f68fed7 <+ 3031> lock xadd dword ptr [rax],edi 0x7ffa6f68fedb <+ 3035> cmp edi,1 0x7ffa6f68fede <+ 3038> jne Qt5Core!QFSFileEngine::link+0xbf6 (00007ffa6f68fef6)
0x7ffa6f68fee0 <+ 3040> mov edx,2
0x7ffa6f68fee5 <+ 3045> lea r8d,[rdx+6]
0x7ffa6f68fee9 <+ 3049> mov rcx,qword ptr [rsp+0A0h]
0x7ffa6f68fef1 <+ 3057> call Qt5Core!QArrayData::deallocate (00007ffa6f540df0) 0x7ffa6f68fef6 <+ 3062> xor al,al 0x7ffa6f68fef8 <+ 3064> add rsp,60h 0x7ffa6f68fefc <+ 3068> pop r14 0x7ffa6f68fefe <+ 3070> pop rdi 0x7ffa6f68feff <+ 3071> pop rsi 0x7ffa6f68ff00 <+ 3072> pop rbp 0x7ffa6f68ff01 <+ 3073> pop rbx 0x7ffa6f68ff02 <+ 3074> ret 0x7ffa6f68ff03 <+ 3075> test bl,8 0x7ffa6f68ff06 <+ 3078> je Qt5Core!QFSFileEngine::link+0xc16 (00007ffa6f68ff16)
0x7ffa6f68ff08 <+ 3080> mov rax,qword ptr [rsi]
0x7ffa6f68ff0b <+ 3083> xor edx,edx
0x7ffa6f68ff0d <+ 3085> mov rcx,rsi
0x7ffa6f68ff10 <+ 3088> call qword ptr [rax+80h]
0x7ffa6f68ff16 <+ 3094> mov al,1
0x7ffa6f68ff18 <+ 3096> add rsp,60h
0x7ffa6f68ff1c <+ 3100> pop r14
0x7ffa6f68ff1e <+ 3102> pop rdi
0x7ffa6f68ff1f <+ 3103> pop rsi
0x7ffa6f68ff20 <+ 3104> pop rbp
0x7ffa6f68ff21 <+ 3105> pop rbx
0x7ffa6f68ff22 <+ 3106> ret
0x7ffa6f68ff23 <+ 3107> int 3
0x7ffa6f68ff24 <+ 3108> int 3
0x7ffa6f68ff25 <+ 3109> int 3
0x7ffa6f68ff26 <+ 3110> int 3
0x7ffa6f68ff27 <+ 3111> int 3
0x7ffa6f68ff28 <+ 3112> int 3
0x7ffa6f68ff29 <+ 3113> int 3
0x7ffa6f68ff2a <+ 3114> int 3
0x7ffa6f68ff2b <+ 3115> int 3
0x7ffa6f68ff2c <+ 3116> int 3
0x7ffa6f68ff2d <+ 3117> int 3
0x7ffa6f68ff2e <+ 3118> int 3
0x7ffa6f68ff2f <+ 3119> int 3
0x7ffa6f68ff30 <+ 3120> mov qword ptr [rsp+20h],rbx
0x7ffa6f68ff35 <+ 3125> push rdi
0x7ffa6f68ff36 <+ 3126> sub rsp,20h
0x7ffa6f68ff3a <+ 3130> mov rdi,qword ptr [rcx+18h]
0x7ffa6f68ff3e <+ 3134> cmp qword ptr [rcx+78h],0
0x7ffa6f68ff43 <+ 3139> jne Qt5Core!QFSFileEngine::link+0xce8 (00007ffa6f68ffe8) 0x7ffa6f68ff49 <+ 3145> cmp dword ptr [rcx+0A0h],0FFFFFFFFh 0x7ffa6f68ff50 <+ 3152> jne Qt5Core!QFSFileEngine::link+0xce8 (00007ffa6f68ffe8)

Is this portion of the stack trace what was needed?

Thanks!

JonB

@Pollarm
This is not the right information. This is disassembly of the code. You need to find the stack trace window.

Pollarm

Is this the appropriate information? Sorry for the mistakes and inaccuracy, I've never done this before...

1 NtCreateFile 2 CreateFileW 3 CreateFileW 4 QFSFileEngine::link 5 QFSFileEngine::open 6 QFile::open 7 Roto 8 Roto 9 Roto 10 QObject::qt_static_metacall 11 QAction::activate 12 QMenu::actionGeometry 13 QMenu::actionGeometry 14 QMenu::mouseReleaseEvent 15 QWidget::event 16 QMenu::event 17 QApplicationPrivate::notify_helper 18 QApplication::notify 19 QCoreApplication::notifyInternal2 20 QApplicationPrivate::sendMouseEvent 21 QSizePolicy::QSizePolicy 22 QSizePolicy::QSizePolicy 23 QApplicationPrivate::notify_helper 24 QApplication::notify 25 QCoreApplication::notifyInternal2 26 QGuiApplicationPrivate:: 27 QWindowSystemInterface:: 28 QEventDispatcherWin32::processEvents 29 qt_plugin_query_metadata 30 QEventLoop::exec 31 QCoreApplication::exec 32 Roto 33 Roto 34 Roto 35 BaseThreadInitThunk 36 RtlUserThreadStart ntdll 0x7ffae728d0c4
KERNELBASE 0x7ffae4d62920
KERNELBASE 0x7ffae4d62646
Qt5Core 0x7ffa6f27fe4a
Qt5Core 0x7ffa6f250ca9
Qt5Core 0x7ffa6f227efb
0x7ff656965bab
0x7ff6569747ec
0x7ff656976d4c
Qt5Core 0x7ffa6f2f5109
Qt5Widgets 0x7ffa74285eaf
Qt5Widgets 0x7ffa743de378
Qt5Widgets 0x7ffa743de153
Qt5Widgets 0x7ffa743e38b1
Qt5Widgets 0x7ffa742b89a2
Qt5Widgets 0x7ffa743df927
Qt5Widgets 0x7ffa742956f0
Qt5Widgets 0x7ffa7429361d
Qt5Core 0x7ffa6f2d51ca
Qt5Widgets 0x7ffa742968f3
Qt5Widgets 0x7ffa742e0f7b
Qt5Widgets 0x7ffa742df53e
Qt5Widgets 0x7ffa742956f0
Qt5Widgets 0x7ffa74294768
Qt5Core 0x7ffa6f2d51ca
processMouseEvent Qt5Gui 0x7ffa73bf5144
sendWindowSystemEvents Qt5Gui 0x7ffa73bdfe29
Qt5Core 0x7ffa6f31f887
qwindows 0x7ffaac128d89
Qt5Core 0x7ffa6f2d130c
Qt5Core 0x7ffa6f2d4194
0x7ff65696e857
0x7ff656983027
0x7ff6569825ce
KERNEL32 0x7ffae5267034
ntdll 0x7ffae723d241

I'm not sure why it's not grabbing line numbers as well, that field is blank in all rows.

nagesh

@Pollarm check whether file is successfully opened(return value of open) before accessing it.

Pollarm

Hello all,

I've also seen while messing with it that calling file.remove() also causes this behavior.

Is it possible that perhaps there is some kind of corruption in the file, so that when QFile tries to access it this behavior occurs? Just guessing. That seems unlikely to me, because I can open files with QIODevice::ReadOnly in my method that reads the data from the file to reconstruct the project, it only crashes when opened with file.open(QIODevice::WriteOnly).

Thanks

nagesh

@Pollarm Did you check file open return value?
QFile file(projectName);
if(file.open(QIODevice::WriteOnly))
{
QDataStream out(&file); // we will serialize the data into the file
}
else
{
//Failed to open the file
}

Pollarm

Hello @nagesh,

I did try that, and it crashed, I believe inside the if-statement.

Thanks

nagesh

@Pollarm use debugger breakpoint to check which line it crashed?

It only crashes when it is used on a file that was previously passed through this method.

open the file which was saved using this method through explorer and check whether it's having any content?

Pollarm

I'm pretty sure that it crashes on the line that calls

file.open(QIODevice::WriteOnly)

And I have confirmed the file contains the appropriate content.

Thanks

Pollarm

I was able to catch an exception code 0xc0000409, which I've seen means STATUS_STACK_BUFFER_OVERRUN. What could I do that gets around this?

If that is the case, does that mean that this is not a QT issue after all?

kshegunov

@Pollarm said in QFile::open() crashes application on call to previously written file:

If that is the case, does that mean that this is not a QT issue after all?

It doesn't, but I'd be rather surprised this to be a bug in the Qt codebase. Did you extract the above stack trace (the one you posted) from the point of the crash, or did you just stop the debugger there at another time? If the stack was not from a crash, you should reproduce the crash in the debugger and when it happens extract it. Aside from that there are 2 typical reasons for such an error:

You're running an infinite recursion, you should check this. For example it may be a slot calling itself indirectly (through a signal).

or

You've corrupted the stack somewhere without realizing. Writing to a buffer in the stack over its allowed boundaries should do it. Do you have char data[someSize] anywhere you may be saving to, or something of that sort?

It'd be also helpful to see some more code around the point of crash, would you provide how you read the file, what you save from it, etc.

PS. Btw, it doesn't appear your application (assuming Roto is your app) contains debug information. You should build in debug before testing anything else.

Pollarm

@kshegunov I believe I've identified the source of the overflow:

My parameters are being written incorrectly because for some reason (completely unrelated issue) and its causing large values, 9 digits, to be pushed as in index to an array that I think can only hold a maximum of around 57.

Your comment helped me track that down, thanks!!

JKSH

@Pollarm said in QFile::open() crashes application on call to previously written file:

My parameters are being written incorrectly because for some reason (completely unrelated issue) and its causing large values, 9 digits, to be pushed as in index to an array that I think can only hold a maximum of around 57.

If you replace the C arrays with std::vector or QVector, this type of error will be caught immediately when your code is built and run in Debug mode.

Pollarm

Hello all,

Sorry for the long delay in response, I had other issues in this project to work on. The solution to this issue was found, I was using my own extension for the files and it was making windows antivirus grab the files and scan them. Changing the extension to a simple .txt circumvented this issue. Thanks all for your help on this.