QJsonObject::value causing segfault

TheVancedGamer

I am parsing some JSON in my application, upon fetching a document and converting it to a QJsonObject, qDebug() now reports it as follows:

QJsonObject({"topics":[]})

However, upon running obj.value("topics"), I get a segfault! I have tried everything, all other member functions run fine (isEmpty(), count() all report sane values i.e. 1). I am pretty confused on what to do next. Any pointers would be appreciated!

The crash trace in gdb:

Thread 1 "rockworkd" received signal SIGSEGV, Segmentation fault.
0x0000007ff68c7f38 in QJSValue::QJSValue(QJSValue const&) () from /lib/aarch64-linux-gnu/libQt5Qml.so.5

(gdb) p obj.value("topics")
Attempt to take address of value not located in memory.
(gdb) p obj
$1 = (const QJsonObject &) @0x7fffffe6e8: {dead = 0x0, o = {d = 0x7fb8086c60}}
(gdb) p obj.keys()
$2 = {<QList<QString>> = {<QListSpecialMethods<QString>> = {<No data fields>}, {p = {static shared_null = {ref = {atomic = {
              _q_value = std::atomic<int> = { -1 }}}, alloc = 0, begin = 0, end = 0, array = {0x0}}, d = 0x7fb80ccd70}, 
      d = 0x7fb80ccd70}}, <No data fields>}
(gdb) p obj.isEmpty()
$4 = false

For reference this is Qt 5.15

JonB

@TheVancedGamer
Odd.
Can you produce/supply a minimal reproducer, including a minimal JSON input to it (e.g. hard-coded string)?
What happens/is produced by other functions which are going to need implicitly to access its value, such as QVariantMap QJsonObject::toVariantMap() and QJsonDocument::toJson()?

While I notice it, why is the call from libQt5Qml.so.5? I would not expect QML to be involved at all here.

TheVancedGamer

@JonB Sure, this snippet should work:

The raw JSON string I'm using: '{"topics":[]}\n'

QJsonObject processJsonReply(QNetworkReply *rpl, QString &err)
{
    rpl->deleteLater();
    if(rpl && rpl->error() == QNetworkReply::NoError) {
        QByteArray data = rpl->read(rpl->bytesAvailable());
        QJsonParseError jpe;
        QJsonDocument doc = QJsonDocument::fromJson(data,&jpe);
        if(jpe.error == QJsonParseError::NoError && doc.isObject() && !doc.object().isEmpty()) {
            QJsonObject obj = doc.object();
            if(obj.contains("error") || obj.contains("errorString")) {
                err.append("Response contains error: ").append(obj.value("error").toString()).append(obj.value("errorString").toString());
            } else {
                return obj;
            }
        } else {
            err.append(QString("Cannot parse response: %1 %2").arg(jpe.errorString(),QString(data)));
            qDebug() << "Cannot parse" << data;
        }
    } else {
        err.append("HTTP Error: ").append(rpl->errorString());
    }
    return QJsonObject();
}

...
processJsonReply(rpl, err);

The QNetworkReply here returns the hardcoded JSON string, and this error is also reproducible by using the string as-is without this QNetworkReply magic, although this function does work fine for all of the other JSON I'm parsing.

I tried using those 2 (toVariantMap() and toJson()) and they seem to cause a crash too.
And I really have no idea why it's using libQt5Qml.so.5, maybe that is causing the issue...

JonB

@TheVancedGamer said in QJsonObject::value causing segfault:

I tried using those 2 (toVariantMap() and toJson()) and they seem to cause a crash too.

That is good, at least it's consistent with what one would expect.

I am sorry but your reproducer is nothing like I would expect. People cannot repro from what you have shown. You should create a brand new standalone project (command line one, no need for a UI), no network or anything stuff. Have the JSON as a constant string, create a document from it and show the error/crash happening. The whole thing should be like 10 lines long which anyone can copy & paste as-is for them to test.

Since it is apparently the value on which it is crashing for you I would want to try various things other than []: e.g. non-array values or array but not empty? Are you saying it is only on [] that there is a problem for you? Does the key being topics matter? If there are some other lines does it still go wrong?

And I really have no idea why it's using libQt5Qml.so.5, maybe that is causing the issue...

QML has ECMAScript JSON but I thought the QJson-stuff was separate. I don't know whether something weird is going on/being picked up or this is correct, at least at Qt5.

Do make sure you are not mixing debug with release libraries. Creating a new project which is just a command line app may clear things up.

TheVancedGamer

So I just tried to post a reproducer but the forum thinks it's spam, so here's a pastebin instead:
https://paste.myself5.de/vilajirihi.cpp

I really have no idea why it works on my laptop and not on my phone, even though I'm using Qt 5.15 on both of them.

JonB

@TheVancedGamer
The code looks fine. Obviously it's significant that it works in one environment but not another. Did you properly install/deploy on laptop (so you know what libraries it uses)? Does it succeed/fail inside/outside Creator? It feels like on your laptop you are picking up wrong libraries....?

TheVancedGamer

@JonB I'm compiling it from cmdline on my laptop:

g++ test.cpp $(pkg-config --cflags Qt5Core) $(pkg-config --libs Qt5Core)

ldd ./a.out 
        linux-vdso.so.1 (0x00007f57bdfea000)
        libQt5Core.so.5 => /usr/lib/libQt5Core.so.5 (0x00007f57bda00000)
        libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x00007f57bd600000)
        libm.so.6 => /usr/lib/libm.so.6 (0x00007f57bd8f2000)
        libgcc_s.so.1 => /usr/lib/libgcc_s.so.1 (0x00007f57bdf7e000)
        libc.so.6 => /usr/lib/libc.so.6 (0x00007f57bd200000)
        libsystemd.so.0 => /usr/lib/libsystemd.so.0 (0x00007f57bd4da000)
        libz.so.1 => /usr/lib/libz.so.1 (0x00007f57bdf63000)
        libdouble-conversion.so.3 => /usr/lib/libdouble-conversion.so.3 (0x00007f57bd8db000)
        libicui18n.so.78 => /usr/lib/libicui18n.so.78 (0x00007f57bce00000)
        libicuuc.so.78 => /usr/lib/libicuuc.so.78 (0x00007f57bca00000)
        libpcre2-16.so.0 => /usr/lib/libpcre2-16.so.0 (0x00007f57bd43a000)
        libzstd.so.1 => /usr/lib/libzstd.so.1 (0x00007f57bcd1b000)
        libglib-2.0.so.0 => /usr/lib/libglib-2.0.so.0 (0x00007f57bc8a8000)
        /lib64/ld-linux-x86-64.so.2 => /usr/lib64/ld-linux-x86-64.so.2 (0x00007f57bdfec000)
        libcap.so.2 => /usr/lib/libcap.so.2 (0x00007f57bdf55000)
        libicudata.so.78 => /usr/lib/libicudata.so.78 (0x00007f57ba800000)
        libpcre2-8.so.0 => /usr/lib/libpcre2-8.so.0 (0x00007f57bcc6d000)

JonB

@TheVancedGamer

0x0000007ff68c7f38 in QJSValue::QJSValue(QJSValue const&) () from /lib/aarch64-linux-gnu/libQt5Qml.so.5

Well I don't see any libQt5Qml.so.5 there.... Nothing Qt other than libQt5Core.so.5. (I don't know whether ldd /usr/lib/libQt5Core.so.5 would be useful.)

I typed a couple things to try in my previous which may have crossed with your post.

But at this point I don't know, other than somehow wrong libraries are being used?

TheVancedGamer

@JonB That output is from RockWorkd, which links into most Qt libraries. Maybe I can try stopping it from linking with Qt5Qml, or test the same locally.

(the repo is at gitlab.com/muhammad23012009/rockwork)

JonB

@TheVancedGamer
Did you say that the code you pasted at https://paste.myself5.de/vilajirihi.cpp has been tested on laptop (works) and phone (does not work)? In which case we can ignore RockWorld and anything else?

Also I notice now you say that it works on laptop and fails on phone, I thought it was other way round. I am a bit lost. Whatever, only you know. Concentrate only on a standalone repro and wherever it does not work.

Axel Spoerl

Which Qt version are you using?
It looks like Qt 5.x.x, which is EOL and only for commercial users.
I remember vaguely that back in the day of 5.1 or so, there was a bug that returned something unexpected on empty objects/arrays.
I am almost sure that the crash wouldn't reproduce with Qt 6. Can you try that?
If it still crashes, I'll dive into it.

TheVancedGamer

@Axel-Spoerl I can try later after rewriting some of the code to compile on Qt 6.