QFile::open() crashes application on call to previously written file
-
Hello,
I'm trying to save image data into a file so that work on the image is saved and can then be read back in so the user can continue where they left off. For some reason, seemingly out of nowhere my code
QFile file(projectName); QDataStream out(&file); file.open(QIODevice::WriteOnly);Where projectName is a QString fetched by QFileDialog::getSaveFileName crashes, and it wasn't before. I made sure at the end of the save method (I didn't include the whole thing because a lot of stuff is saved making it pretty lengthy) to call
file.flush(); file.close();It only crashes when it is used on a file that was previously passed through this method.
Any pointers or help would be greatly appreciated!! -
Hi,
Please run your application through the debugger and show the stack trace of the crash.
-
Hello,
Apologies, I posted the wrong part earlier.
0x7ffa6f68fe4a <+ 2890> mov qword ptr [r14+80h],rax
0x7ffa6f68fe51 <+ 2897> mov rax,qword ptr [rsp+90h]
0x7ffa6f68fe59 <+ 2905> mov ecx,dword ptr [rax]
0x7ffa6f68fe5b <+ 2907> mov edi,0FFFFFFFFh
0x7ffa6f68fe60 <+ 2912> test ecx,ecx
0x7ffa6f68fe62 <+ 2914> je Qt5Core!QFSFileEngine::link+0xb7b (00007ffa6f68fe7b) 0x7ffa6f68fe64 <+ 2916> cmp ecx,edi 0x7ffa6f68fe66 <+ 2918> je Qt5Core!QFSFileEngine::link+0xb91 (00007ffa6f68fe91)
0x7ffa6f68fe68 <+ 2920> mov rax,qword ptr [rsp+90h]
0x7ffa6f68fe70 <+ 2928> mov ecx,edi
0x7ffa6f68fe72 <+ 2930> lock xadd dword ptr [rax],ecx
0x7ffa6f68fe76 <+ 2934> cmp ecx,1
0x7ffa6f68fe79 <+ 2937> jne Qt5Core!QFSFileEngine::link+0xb91 (00007ffa6f68fe91) 0x7ffa6f68fe7b <+ 2939> mov edx,2 0x7ffa6f68fe80 <+ 2944> lea r8d,[rdx+6] 0x7ffa6f68fe84 <+ 2948> mov rcx,qword ptr [rsp+90h] 0x7ffa6f68fe8c <+ 2956> call Qt5Core!QArrayData::deallocate (00007ffa6f540df0)
0x7ffa6f68fe91 <+ 2961> cmp qword ptr [r14+80h],0FFFFFFFFFFFFFFFFh
0x7ffa6f68fe99 <+ 2969> jne Qt5Core!QFSFileEngine::link+0xc03 (00007ffa6f68ff03) 0x7ffa6f68fe9b <+ 2971> mov edx,edi 0x7ffa6f68fe9d <+ 2973> lea rcx,[rsp+0A0h] 0x7ffa6f68fea5 <+ 2981> call Qt5Core!QSystemError::windowsString (00007ffa6f728830)
0x7ffa6f68feaa <+ 2986> nop
0x7ffa6f68feab <+ 2987> mov r8,rax
0x7ffa6f68feae <+ 2990> mov edx,5
0x7ffa6f68feb3 <+ 2995> mov rcx,rsi
0x7ffa6f68feb6 <+ 2998> call Qt5Core!QAbstractFileEngine::setError (00007ffa6f627100) 0x7ffa6f68febb <+ 3003> nop 0x7ffa6f68febc <+ 3004> mov rax,qword ptr [rsp+0A0h] 0x7ffa6f68fec4 <+ 3012> mov ecx,dword ptr [rax] 0x7ffa6f68fec6 <+ 3014> test ecx,ecx 0x7ffa6f68fec8 <+ 3016> je Qt5Core!QFSFileEngine::link+0xbe0 (00007ffa6f68fee0)
0x7ffa6f68feca <+ 3018> cmp ecx,0FFFFFFFFh
0x7ffa6f68fecd <+ 3021> je Qt5Core!QFSFileEngine::link+0xbf6 (00007ffa6f68fef6) 0x7ffa6f68fecf <+ 3023> mov rax,qword ptr [rsp+0A0h] 0x7ffa6f68fed7 <+ 3031> lock xadd dword ptr [rax],edi 0x7ffa6f68fedb <+ 3035> cmp edi,1 0x7ffa6f68fede <+ 3038> jne Qt5Core!QFSFileEngine::link+0xbf6 (00007ffa6f68fef6)
0x7ffa6f68fee0 <+ 3040> mov edx,2
0x7ffa6f68fee5 <+ 3045> lea r8d,[rdx+6]
0x7ffa6f68fee9 <+ 3049> mov rcx,qword ptr [rsp+0A0h]
0x7ffa6f68fef1 <+ 3057> call Qt5Core!QArrayData::deallocate (00007ffa6f540df0) 0x7ffa6f68fef6 <+ 3062> xor al,al 0x7ffa6f68fef8 <+ 3064> add rsp,60h 0x7ffa6f68fefc <+ 3068> pop r14 0x7ffa6f68fefe <+ 3070> pop rdi 0x7ffa6f68feff <+ 3071> pop rsi 0x7ffa6f68ff00 <+ 3072> pop rbp 0x7ffa6f68ff01 <+ 3073> pop rbx 0x7ffa6f68ff02 <+ 3074> ret 0x7ffa6f68ff03 <+ 3075> test bl,8 0x7ffa6f68ff06 <+ 3078> je Qt5Core!QFSFileEngine::link+0xc16 (00007ffa6f68ff16)
0x7ffa6f68ff08 <+ 3080> mov rax,qword ptr [rsi]
0x7ffa6f68ff0b <+ 3083> xor edx,edx
0x7ffa6f68ff0d <+ 3085> mov rcx,rsi
0x7ffa6f68ff10 <+ 3088> call qword ptr [rax+80h]
0x7ffa6f68ff16 <+ 3094> mov al,1
0x7ffa6f68ff18 <+ 3096> add rsp,60h
0x7ffa6f68ff1c <+ 3100> pop r14
0x7ffa6f68ff1e <+ 3102> pop rdi
0x7ffa6f68ff1f <+ 3103> pop rsi
0x7ffa6f68ff20 <+ 3104> pop rbp
0x7ffa6f68ff21 <+ 3105> pop rbx
0x7ffa6f68ff22 <+ 3106> ret
0x7ffa6f68ff23 <+ 3107> int 3
0x7ffa6f68ff24 <+ 3108> int 3
0x7ffa6f68ff25 <+ 3109> int 3
0x7ffa6f68ff26 <+ 3110> int 3
0x7ffa6f68ff27 <+ 3111> int 3
0x7ffa6f68ff28 <+ 3112> int 3
0x7ffa6f68ff29 <+ 3113> int 3
0x7ffa6f68ff2a <+ 3114> int 3
0x7ffa6f68ff2b <+ 3115> int 3
0x7ffa6f68ff2c <+ 3116> int 3
0x7ffa6f68ff2d <+ 3117> int 3
0x7ffa6f68ff2e <+ 3118> int 3
0x7ffa6f68ff2f <+ 3119> int 3
0x7ffa6f68ff30 <+ 3120> mov qword ptr [rsp+20h],rbx
0x7ffa6f68ff35 <+ 3125> push rdi
0x7ffa6f68ff36 <+ 3126> sub rsp,20h
0x7ffa6f68ff3a <+ 3130> mov rdi,qword ptr [rcx+18h]
0x7ffa6f68ff3e <+ 3134> cmp qword ptr [rcx+78h],0
0x7ffa6f68ff43 <+ 3139> jne Qt5Core!QFSFileEngine::link+0xce8 (00007ffa6f68ffe8) 0x7ffa6f68ff49 <+ 3145> cmp dword ptr [rcx+0A0h],0FFFFFFFFh 0x7ffa6f68ff50 <+ 3152> jne Qt5Core!QFSFileEngine::link+0xce8 (00007ffa6f68ffe8)Is this portion of the stack trace what was needed?
Thanks!
-
Hello,
Apologies, I posted the wrong part earlier.
0x7ffa6f68fe4a <+ 2890> mov qword ptr [r14+80h],rax
0x7ffa6f68fe51 <+ 2897> mov rax,qword ptr [rsp+90h]
0x7ffa6f68fe59 <+ 2905> mov ecx,dword ptr [rax]
0x7ffa6f68fe5b <+ 2907> mov edi,0FFFFFFFFh
0x7ffa6f68fe60 <+ 2912> test ecx,ecx
0x7ffa6f68fe62 <+ 2914> je Qt5Core!QFSFileEngine::link+0xb7b (00007ffa6f68fe7b) 0x7ffa6f68fe64 <+ 2916> cmp ecx,edi 0x7ffa6f68fe66 <+ 2918> je Qt5Core!QFSFileEngine::link+0xb91 (00007ffa6f68fe91)
0x7ffa6f68fe68 <+ 2920> mov rax,qword ptr [rsp+90h]
0x7ffa6f68fe70 <+ 2928> mov ecx,edi
0x7ffa6f68fe72 <+ 2930> lock xadd dword ptr [rax],ecx
0x7ffa6f68fe76 <+ 2934> cmp ecx,1
0x7ffa6f68fe79 <+ 2937> jne Qt5Core!QFSFileEngine::link+0xb91 (00007ffa6f68fe91) 0x7ffa6f68fe7b <+ 2939> mov edx,2 0x7ffa6f68fe80 <+ 2944> lea r8d,[rdx+6] 0x7ffa6f68fe84 <+ 2948> mov rcx,qword ptr [rsp+90h] 0x7ffa6f68fe8c <+ 2956> call Qt5Core!QArrayData::deallocate (00007ffa6f540df0)
0x7ffa6f68fe91 <+ 2961> cmp qword ptr [r14+80h],0FFFFFFFFFFFFFFFFh
0x7ffa6f68fe99 <+ 2969> jne Qt5Core!QFSFileEngine::link+0xc03 (00007ffa6f68ff03) 0x7ffa6f68fe9b <+ 2971> mov edx,edi 0x7ffa6f68fe9d <+ 2973> lea rcx,[rsp+0A0h] 0x7ffa6f68fea5 <+ 2981> call Qt5Core!QSystemError::windowsString (00007ffa6f728830)
0x7ffa6f68feaa <+ 2986> nop
0x7ffa6f68feab <+ 2987> mov r8,rax
0x7ffa6f68feae <+ 2990> mov edx,5
0x7ffa6f68feb3 <+ 2995> mov rcx,rsi
0x7ffa6f68feb6 <+ 2998> call Qt5Core!QAbstractFileEngine::setError (00007ffa6f627100) 0x7ffa6f68febb <+ 3003> nop 0x7ffa6f68febc <+ 3004> mov rax,qword ptr [rsp+0A0h] 0x7ffa6f68fec4 <+ 3012> mov ecx,dword ptr [rax] 0x7ffa6f68fec6 <+ 3014> test ecx,ecx 0x7ffa6f68fec8 <+ 3016> je Qt5Core!QFSFileEngine::link+0xbe0 (00007ffa6f68fee0)
0x7ffa6f68feca <+ 3018> cmp ecx,0FFFFFFFFh
0x7ffa6f68fecd <+ 3021> je Qt5Core!QFSFileEngine::link+0xbf6 (00007ffa6f68fef6) 0x7ffa6f68fecf <+ 3023> mov rax,qword ptr [rsp+0A0h] 0x7ffa6f68fed7 <+ 3031> lock xadd dword ptr [rax],edi 0x7ffa6f68fedb <+ 3035> cmp edi,1 0x7ffa6f68fede <+ 3038> jne Qt5Core!QFSFileEngine::link+0xbf6 (00007ffa6f68fef6)
0x7ffa6f68fee0 <+ 3040> mov edx,2
0x7ffa6f68fee5 <+ 3045> lea r8d,[rdx+6]
0x7ffa6f68fee9 <+ 3049> mov rcx,qword ptr [rsp+0A0h]
0x7ffa6f68fef1 <+ 3057> call Qt5Core!QArrayData::deallocate (00007ffa6f540df0) 0x7ffa6f68fef6 <+ 3062> xor al,al 0x7ffa6f68fef8 <+ 3064> add rsp,60h 0x7ffa6f68fefc <+ 3068> pop r14 0x7ffa6f68fefe <+ 3070> pop rdi 0x7ffa6f68feff <+ 3071> pop rsi 0x7ffa6f68ff00 <+ 3072> pop rbp 0x7ffa6f68ff01 <+ 3073> pop rbx 0x7ffa6f68ff02 <+ 3074> ret 0x7ffa6f68ff03 <+ 3075> test bl,8 0x7ffa6f68ff06 <+ 3078> je Qt5Core!QFSFileEngine::link+0xc16 (00007ffa6f68ff16)
0x7ffa6f68ff08 <+ 3080> mov rax,qword ptr [rsi]
0x7ffa6f68ff0b <+ 3083> xor edx,edx
0x7ffa6f68ff0d <+ 3085> mov rcx,rsi
0x7ffa6f68ff10 <+ 3088> call qword ptr [rax+80h]
0x7ffa6f68ff16 <+ 3094> mov al,1
0x7ffa6f68ff18 <+ 3096> add rsp,60h
0x7ffa6f68ff1c <+ 3100> pop r14
0x7ffa6f68ff1e <+ 3102> pop rdi
0x7ffa6f68ff1f <+ 3103> pop rsi
0x7ffa6f68ff20 <+ 3104> pop rbp
0x7ffa6f68ff21 <+ 3105> pop rbx
0x7ffa6f68ff22 <+ 3106> ret
0x7ffa6f68ff23 <+ 3107> int 3
0x7ffa6f68ff24 <+ 3108> int 3
0x7ffa6f68ff25 <+ 3109> int 3
0x7ffa6f68ff26 <+ 3110> int 3
0x7ffa6f68ff27 <+ 3111> int 3
0x7ffa6f68ff28 <+ 3112> int 3
0x7ffa6f68ff29 <+ 3113> int 3
0x7ffa6f68ff2a <+ 3114> int 3
0x7ffa6f68ff2b <+ 3115> int 3
0x7ffa6f68ff2c <+ 3116> int 3
0x7ffa6f68ff2d <+ 3117> int 3
0x7ffa6f68ff2e <+ 3118> int 3
0x7ffa6f68ff2f <+ 3119> int 3
0x7ffa6f68ff30 <+ 3120> mov qword ptr [rsp+20h],rbx
0x7ffa6f68ff35 <+ 3125> push rdi
0x7ffa6f68ff36 <+ 3126> sub rsp,20h
0x7ffa6f68ff3a <+ 3130> mov rdi,qword ptr [rcx+18h]
0x7ffa6f68ff3e <+ 3134> cmp qword ptr [rcx+78h],0
0x7ffa6f68ff43 <+ 3139> jne Qt5Core!QFSFileEngine::link+0xce8 (00007ffa6f68ffe8) 0x7ffa6f68ff49 <+ 3145> cmp dword ptr [rcx+0A0h],0FFFFFFFFh 0x7ffa6f68ff50 <+ 3152> jne Qt5Core!QFSFileEngine::link+0xce8 (00007ffa6f68ffe8)Is this portion of the stack trace what was needed?
Thanks!
-
Is this the appropriate information? Sorry for the mistakes and inaccuracy, I've never done this before...
1 NtCreateFile ntdll 0x7ffae728d0c4
2 CreateFileW KERNELBASE 0x7ffae4d62920
3 CreateFileW KERNELBASE 0x7ffae4d62646
4 QFSFileEngine::link Qt5Core 0x7ffa6f27fe4a
5 QFSFileEngine::open Qt5Core 0x7ffa6f250ca9
6 QFile::open Qt5Core 0x7ffa6f227efb
7 Roto 0x7ff656965bab
8 Roto 0x7ff6569747ec
9 Roto 0x7ff656976d4c
10 QObject::qt_static_metacall Qt5Core 0x7ffa6f2f5109
11 QAction::activate Qt5Widgets 0x7ffa74285eaf
12 QMenu::actionGeometry Qt5Widgets 0x7ffa743de378
13 QMenu::actionGeometry Qt5Widgets 0x7ffa743de153
14 QMenu::mouseReleaseEvent Qt5Widgets 0x7ffa743e38b1
15 QWidget::event Qt5Widgets 0x7ffa742b89a2
16 QMenu::event Qt5Widgets 0x7ffa743df927
17 QApplicationPrivate::notify_helper Qt5Widgets 0x7ffa742956f0
18 QApplication::notify Qt5Widgets 0x7ffa7429361d
19 QCoreApplication::notifyInternal2 Qt5Core 0x7ffa6f2d51ca
20 QApplicationPrivate::sendMouseEvent Qt5Widgets 0x7ffa742968f3
21 QSizePolicy::QSizePolicy Qt5Widgets 0x7ffa742e0f7b
22 QSizePolicy::QSizePolicy Qt5Widgets 0x7ffa742df53e
23 QApplicationPrivate::notify_helper Qt5Widgets 0x7ffa742956f0
24 QApplication::notify Qt5Widgets 0x7ffa74294768
25 QCoreApplication::notifyInternal2 Qt5Core 0x7ffa6f2d51ca
26 QGuiApplicationPrivate::processMouseEvent Qt5Gui 0x7ffa73bf5144
27 QWindowSystemInterface::sendWindowSystemEvents Qt5Gui 0x7ffa73bdfe29
28 QEventDispatcherWin32::processEvents Qt5Core 0x7ffa6f31f887
29 qt_plugin_query_metadata qwindows 0x7ffaac128d89
30 QEventLoop::exec Qt5Core 0x7ffa6f2d130c
31 QCoreApplication::exec Qt5Core 0x7ffa6f2d4194
32 Roto 0x7ff65696e857
33 Roto 0x7ff656983027
34 Roto 0x7ff6569825ce
35 BaseThreadInitThunk KERNEL32 0x7ffae5267034
36 RtlUserThreadStart ntdll 0x7ffae723d241I'm not sure why it's not grabbing line numbers as well, that field is blank in all rows.
-
Hello all,
I've also seen while messing with it that calling file.remove() also causes this behavior.
Is it possible that perhaps there is some kind of corruption in the file, so that when QFile tries to access it this behavior occurs? Just guessing. That seems unlikely to me, because I can open files with QIODevice::ReadOnly in my method that reads the data from the file to reconstruct the project, it only crashes when opened with file.open(QIODevice::WriteOnly).
Thanks
-
@Pollarm use debugger breakpoint to check which line it crashed?
It only crashes when it is used on a file that was previously passed through this method.open the file which was saved using this method through explorer and check whether it's having any content?
-
I was able to catch an exception code 0xc0000409, which I've seen means STATUS_STACK_BUFFER_OVERRUN. What could I do that gets around this?
If that is the case, does that mean that this is not a QT issue after all?
@Pollarm said in QFile::open() crashes application on call to previously written file:
If that is the case, does that mean that this is not a QT issue after all?
It doesn't, but I'd be rather surprised this to be a bug in the Qt codebase. Did you extract the above stack trace (the one you posted) from the point of the crash, or did you just stop the debugger there at another time? If the stack was not from a crash, you should reproduce the crash in the debugger and when it happens extract it. Aside from that there are 2 typical reasons for such an error:
- You're running an infinite recursion, you should check this. For example it may be a slot calling itself indirectly (through a signal).
or
- You've corrupted the stack somewhere without realizing. Writing to a buffer in the stack over its allowed boundaries should do it. Do you have
char data[someSize]anywhere you may be saving to, or something of that sort?
It'd be also helpful to see some more code around the point of crash, would you provide how you read the file, what you save from it, etc.
PS. Btw, it doesn't appear your application (assuming
Rotois your app) contains debug information. You should build in debug before testing anything else. -
@kshegunov I believe I've identified the source of the overflow:
My parameters are being written incorrectly because for some reason (completely unrelated issue) and its causing large values, 9 digits, to be pushed as in index to an array that I think can only hold a maximum of around 57.
Your comment helped me track that down, thanks!!
-
@kshegunov I believe I've identified the source of the overflow:
My parameters are being written incorrectly because for some reason (completely unrelated issue) and its causing large values, 9 digits, to be pushed as in index to an array that I think can only hold a maximum of around 57.
Your comment helped me track that down, thanks!!
@Pollarm said in QFile::open() crashes application on call to previously written file:
My parameters are being written incorrectly because for some reason (completely unrelated issue) and its causing large values, 9 digits, to be pushed as in index to an array that I think can only hold a maximum of around 57.
If you replace the C arrays with
std::vectororQVector, this type of error will be caught immediately when your code is built and run in Debug mode. -
Hello all,
Sorry for the long delay in response, I had other issues in this project to work on. The solution to this issue was found, I was using my own extension for the files and it was making windows antivirus grab the files and scan them. Changing the extension to a simple .txt circumvented this issue. Thanks all for your help on this.
