Important: Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

QFile::open() crashes application on call to previously written file



  • Hello,

    I'm trying to save image data into a file so that work on the image is saved and can then be read back in so the user can continue where they left off. For some reason, seemingly out of nowhere my code

        QFile file(projectName);
        QDataStream out(&file);
        file.open(QIODevice::WriteOnly);
    

    Where projectName is a QString fetched by QFileDialog::getSaveFileName crashes, and it wasn't before. I made sure at the end of the save method (I didn't include the whole thing because a lot of stuff is saved making it pretty lengthy) to call

    file.flush();
    file.close();
    

    It only crashes when it is used on a file that was previously passed through this method.
    Any pointers or help would be greatly appreciated!!


  • Lifetime Qt Champion

    Hi,

    Please run your application through the debugger and show the stack trace of the crash.



  • Hello,

    Apologies, I posted the wrong part earlier.

    0x7ffa6f68fe4a <+ 2890> mov qword ptr [r14+80h],rax
    0x7ffa6f68fe51 <+ 2897> mov rax,qword ptr [rsp+90h]
    0x7ffa6f68fe59 <+ 2905> mov ecx,dword ptr [rax]
    0x7ffa6f68fe5b <+ 2907> mov edi,0FFFFFFFFh
    0x7ffa6f68fe60 <+ 2912> test ecx,ecx
    0x7ffa6f68fe62 <+ 2914> je Qt5Core!QFSFileEngine::link+0xb7b (00007ffa6f68fe7b) 0x7ffa6f68fe64 <+ 2916> cmp ecx,edi 0x7ffa6f68fe66 <+ 2918> je Qt5Core!QFSFileEngine::link+0xb91 (00007ffa6f68fe91)
    0x7ffa6f68fe68 <+ 2920> mov rax,qword ptr [rsp+90h]
    0x7ffa6f68fe70 <+ 2928> mov ecx,edi
    0x7ffa6f68fe72 <+ 2930> lock xadd dword ptr [rax],ecx
    0x7ffa6f68fe76 <+ 2934> cmp ecx,1
    0x7ffa6f68fe79 <+ 2937> jne Qt5Core!QFSFileEngine::link+0xb91 (00007ffa6f68fe91) 0x7ffa6f68fe7b <+ 2939> mov edx,2 0x7ffa6f68fe80 <+ 2944> lea r8d,[rdx+6] 0x7ffa6f68fe84 <+ 2948> mov rcx,qword ptr [rsp+90h] 0x7ffa6f68fe8c <+ 2956> call Qt5Core!QArrayData::deallocate (00007ffa6f540df0)
    0x7ffa6f68fe91 <+ 2961> cmp qword ptr [r14+80h],0FFFFFFFFFFFFFFFFh
    0x7ffa6f68fe99 <+ 2969> jne Qt5Core!QFSFileEngine::link+0xc03 (00007ffa6f68ff03) 0x7ffa6f68fe9b <+ 2971> mov edx,edi 0x7ffa6f68fe9d <+ 2973> lea rcx,[rsp+0A0h] 0x7ffa6f68fea5 <+ 2981> call Qt5Core!QSystemError::windowsString (00007ffa6f728830)
    0x7ffa6f68feaa <+ 2986> nop
    0x7ffa6f68feab <+ 2987> mov r8,rax
    0x7ffa6f68feae <+ 2990> mov edx,5
    0x7ffa6f68feb3 <+ 2995> mov rcx,rsi
    0x7ffa6f68feb6 <+ 2998> call Qt5Core!QAbstractFileEngine::setError (00007ffa6f627100) 0x7ffa6f68febb <+ 3003> nop 0x7ffa6f68febc <+ 3004> mov rax,qword ptr [rsp+0A0h] 0x7ffa6f68fec4 <+ 3012> mov ecx,dword ptr [rax] 0x7ffa6f68fec6 <+ 3014> test ecx,ecx 0x7ffa6f68fec8 <+ 3016> je Qt5Core!QFSFileEngine::link+0xbe0 (00007ffa6f68fee0)
    0x7ffa6f68feca <+ 3018> cmp ecx,0FFFFFFFFh
    0x7ffa6f68fecd <+ 3021> je Qt5Core!QFSFileEngine::link+0xbf6 (00007ffa6f68fef6) 0x7ffa6f68fecf <+ 3023> mov rax,qword ptr [rsp+0A0h] 0x7ffa6f68fed7 <+ 3031> lock xadd dword ptr [rax],edi 0x7ffa6f68fedb <+ 3035> cmp edi,1 0x7ffa6f68fede <+ 3038> jne Qt5Core!QFSFileEngine::link+0xbf6 (00007ffa6f68fef6)
    0x7ffa6f68fee0 <+ 3040> mov edx,2
    0x7ffa6f68fee5 <+ 3045> lea r8d,[rdx+6]
    0x7ffa6f68fee9 <+ 3049> mov rcx,qword ptr [rsp+0A0h]
    0x7ffa6f68fef1 <+ 3057> call Qt5Core!QArrayData::deallocate (00007ffa6f540df0) 0x7ffa6f68fef6 <+ 3062> xor al,al 0x7ffa6f68fef8 <+ 3064> add rsp,60h 0x7ffa6f68fefc <+ 3068> pop r14 0x7ffa6f68fefe <+ 3070> pop rdi 0x7ffa6f68feff <+ 3071> pop rsi 0x7ffa6f68ff00 <+ 3072> pop rbp 0x7ffa6f68ff01 <+ 3073> pop rbx 0x7ffa6f68ff02 <+ 3074> ret 0x7ffa6f68ff03 <+ 3075> test bl,8 0x7ffa6f68ff06 <+ 3078> je Qt5Core!QFSFileEngine::link+0xc16 (00007ffa6f68ff16)
    0x7ffa6f68ff08 <+ 3080> mov rax,qword ptr [rsi]
    0x7ffa6f68ff0b <+ 3083> xor edx,edx
    0x7ffa6f68ff0d <+ 3085> mov rcx,rsi
    0x7ffa6f68ff10 <+ 3088> call qword ptr [rax+80h]
    0x7ffa6f68ff16 <+ 3094> mov al,1
    0x7ffa6f68ff18 <+ 3096> add rsp,60h
    0x7ffa6f68ff1c <+ 3100> pop r14
    0x7ffa6f68ff1e <+ 3102> pop rdi
    0x7ffa6f68ff1f <+ 3103> pop rsi
    0x7ffa6f68ff20 <+ 3104> pop rbp
    0x7ffa6f68ff21 <+ 3105> pop rbx
    0x7ffa6f68ff22 <+ 3106> ret
    0x7ffa6f68ff23 <+ 3107> int 3
    0x7ffa6f68ff24 <+ 3108> int 3
    0x7ffa6f68ff25 <+ 3109> int 3
    0x7ffa6f68ff26 <+ 3110> int 3
    0x7ffa6f68ff27 <+ 3111> int 3
    0x7ffa6f68ff28 <+ 3112> int 3
    0x7ffa6f68ff29 <+ 3113> int 3
    0x7ffa6f68ff2a <+ 3114> int 3
    0x7ffa6f68ff2b <+ 3115> int 3
    0x7ffa6f68ff2c <+ 3116> int 3
    0x7ffa6f68ff2d <+ 3117> int 3
    0x7ffa6f68ff2e <+ 3118> int 3
    0x7ffa6f68ff2f <+ 3119> int 3
    0x7ffa6f68ff30 <+ 3120> mov qword ptr [rsp+20h],rbx
    0x7ffa6f68ff35 <+ 3125> push rdi
    0x7ffa6f68ff36 <+ 3126> sub rsp,20h
    0x7ffa6f68ff3a <+ 3130> mov rdi,qword ptr [rcx+18h]
    0x7ffa6f68ff3e <+ 3134> cmp qword ptr [rcx+78h],0
    0x7ffa6f68ff43 <+ 3139> jne Qt5Core!QFSFileEngine::link+0xce8 (00007ffa6f68ffe8) 0x7ffa6f68ff49 <+ 3145> cmp dword ptr [rcx+0A0h],0FFFFFFFFh 0x7ffa6f68ff50 <+ 3152> jne Qt5Core!QFSFileEngine::link+0xce8 (00007ffa6f68ffe8)

    Is this portion of the stack trace what was needed?

    Thanks!



  • @Pollarm
    This is not the right information. This is disassembly of the code. You need to find the stack trace window.



  • Is this the appropriate information? Sorry for the mistakes and inaccuracy, I've never done this before...

    1 NtCreateFile ntdll 0x7ffae728d0c4
    2 CreateFileW KERNELBASE 0x7ffae4d62920
    3 CreateFileW KERNELBASE 0x7ffae4d62646
    4 QFSFileEngine::link Qt5Core 0x7ffa6f27fe4a
    5 QFSFileEngine::open Qt5Core 0x7ffa6f250ca9
    6 QFile::open Qt5Core 0x7ffa6f227efb
    7 Roto 0x7ff656965bab
    8 Roto 0x7ff6569747ec
    9 Roto 0x7ff656976d4c
    10 QObject::qt_static_metacall Qt5Core 0x7ffa6f2f5109
    11 QAction::activate Qt5Widgets 0x7ffa74285eaf
    12 QMenu::actionGeometry Qt5Widgets 0x7ffa743de378
    13 QMenu::actionGeometry Qt5Widgets 0x7ffa743de153
    14 QMenu::mouseReleaseEvent Qt5Widgets 0x7ffa743e38b1
    15 QWidget::event Qt5Widgets 0x7ffa742b89a2
    16 QMenu::event Qt5Widgets 0x7ffa743df927
    17 QApplicationPrivate::notify_helper Qt5Widgets 0x7ffa742956f0
    18 QApplication::notify Qt5Widgets 0x7ffa7429361d
    19 QCoreApplication::notifyInternal2 Qt5Core 0x7ffa6f2d51ca
    20 QApplicationPrivate::sendMouseEvent Qt5Widgets 0x7ffa742968f3
    21 QSizePolicy::QSizePolicy Qt5Widgets 0x7ffa742e0f7b
    22 QSizePolicy::QSizePolicy Qt5Widgets 0x7ffa742df53e
    23 QApplicationPrivate::notify_helper Qt5Widgets 0x7ffa742956f0
    24 QApplication::notify Qt5Widgets 0x7ffa74294768
    25 QCoreApplication::notifyInternal2 Qt5Core 0x7ffa6f2d51ca
    26 QGuiApplicationPrivate::processMouseEvent Qt5Gui 0x7ffa73bf5144
    27 QWindowSystemInterface::sendWindowSystemEvents Qt5Gui 0x7ffa73bdfe29
    28 QEventDispatcherWin32::processEvents Qt5Core 0x7ffa6f31f887
    29 qt_plugin_query_metadata qwindows 0x7ffaac128d89
    30 QEventLoop::exec Qt5Core 0x7ffa6f2d130c
    31 QCoreApplication::exec Qt5Core 0x7ffa6f2d4194
    32 Roto 0x7ff65696e857
    33 Roto 0x7ff656983027
    34 Roto 0x7ff6569825ce
    35 BaseThreadInitThunk KERNEL32 0x7ffae5267034
    36 RtlUserThreadStart ntdll 0x7ffae723d241

    I'm not sure why it's not grabbing line numbers as well, that field is blank in all rows.



  • @Pollarm check whether file is successfully opened(return value of open) before accessing it.



  • Hello all,

    I've also seen while messing with it that calling file.remove() also causes this behavior.

    Is it possible that perhaps there is some kind of corruption in the file, so that when QFile tries to access it this behavior occurs? Just guessing. That seems unlikely to me, because I can open files with QIODevice::ReadOnly in my method that reads the data from the file to reconstruct the project, it only crashes when opened with file.open(QIODevice::WriteOnly).

    Thanks



  • @Pollarm Did you check file open return value?
    QFile file(projectName);
    if(file.open(QIODevice::WriteOnly))
    {
    QDataStream out(&file); // we will serialize the data into the file
    }
    else
    {
    //Failed to open the file
    }



  • Hello @nagesh,

    I did try that, and it crashed, I believe inside the if-statement.

    Thanks



  • @Pollarm use debugger breakpoint to check which line it crashed?

    It only crashes when it is used on a file that was previously passed through this method.
    

    open the file which was saved using this method through explorer and check whether it's having any content?



  • I'm pretty sure that it crashes on the line that calls

    file.open(QIODevice::WriteOnly)
    

    And I have confirmed the file contains the appropriate content.

    Thanks



  • I was able to catch an exception code 0xc0000409, which I've seen means STATUS_STACK_BUFFER_OVERRUN. What could I do that gets around this?

    If that is the case, does that mean that this is not a QT issue after all?


  • Moderators

    @Pollarm said in QFile::open() crashes application on call to previously written file:

    If that is the case, does that mean that this is not a QT issue after all?

    It doesn't, but I'd be rather surprised this to be a bug in the Qt codebase. Did you extract the above stack trace (the one you posted) from the point of the crash, or did you just stop the debugger there at another time? If the stack was not from a crash, you should reproduce the crash in the debugger and when it happens extract it. Aside from that there are 2 typical reasons for such an error:

    1. You're running an infinite recursion, you should check this. For example it may be a slot calling itself indirectly (through a signal).

    or

    1. You've corrupted the stack somewhere without realizing. Writing to a buffer in the stack over its allowed boundaries should do it. Do you have char data[someSize] anywhere you may be saving to, or something of that sort?

    It'd be also helpful to see some more code around the point of crash, would you provide how you read the file, what you save from it, etc.

    PS. Btw, it doesn't appear your application (assuming Roto is your app) contains debug information. You should build in debug before testing anything else.



  • @kshegunov I believe I've identified the source of the overflow:

    My parameters are being written incorrectly because for some reason (completely unrelated issue) and its causing large values, 9 digits, to be pushed as in index to an array that I think can only hold a maximum of around 57.

    Your comment helped me track that down, thanks!!


  • Moderators

    @Pollarm said in QFile::open() crashes application on call to previously written file:

    My parameters are being written incorrectly because for some reason (completely unrelated issue) and its causing large values, 9 digits, to be pushed as in index to an array that I think can only hold a maximum of around 57.

    If you replace the C arrays with std::vector or QVector, this type of error will be caught immediately when your code is built and run in Debug mode.



  • Hello all,

    Sorry for the long delay in response, I had other issues in this project to work on. The solution to this issue was found, I was using my own extension for the files and it was making windows antivirus grab the files and scan them. Changing the extension to a simple .txt circumvented this issue. Thanks all for your help on this.


Log in to reply