Crash in QListData::realloc(), Datarace condition found during Image Download

maheshnagarajan

• I have created a sample app containing two threads - one thread downloads the images and the main thread will be informed continuously about the download from the download thread.
• We ran with the valgrind and found the below datarace condition continuously.
• The datarace condition between QObject::moveToThread() and QCoreApplication::postEvent().
• I am using Qt_4.8.0

==16049== Possible data race during read of size 4 at 0x6aecee4 by thread #4
==16049== at 0x629BE7B: QObjectPrivate::setThreadData_helper(QThreadData*, QThreadData*) (in /usr/local/Qt/lib/libQtCore.so.4.8.0)
==16049== by 0x629C2C9: QObject::moveToThread(QThread*) (in /usr/local/Qt/lib/libQtCore.so.4.8.0)
==16049== by 0x607450C: QNetworkAccessHttpBackend::postRequest() (qnetworkaccesshttpbackend.cpp:534)
==16049== by 0x6075097: QNetworkAccessHttpBackend::open() (qnetworkaccesshttpbackend.cpp:702)
==16049== by 0x606C99D: QNetworkAccessBackend::start() (qnetworkaccessbackend.cpp:418)
==16049== by 0x60826F3: QNetworkReplyImplPrivate::_q_startOperation() (qnetworkreplyimpl.cpp:93)
==16049== by 0x6084281: QNetworkReplyImplPrivate::setup(QNetworkAccessManager::Operation, QNetworkRequest const&, QIODevice*) (qnetworkreplyimpl.cpp:378)
==16049== by 0x60661D5: QNetworkAccessManager::createRequest(QNetworkAccessManager::Operation, QNetworkRequest const&, QIODevice*) (qnetworkaccessmanager.cpp:1008)
==16049== by 0x60651E0: QNetworkAccessManager::get(QNetworkRequest const&) (qnetworkaccessmanager.cpp:599)
==16049== by 0x8049740: CImageDecodingThreadSample::loadFromNetwork(QUrl) (in /mnt/nfs/env/Receiver)
==16049== by 0x80497CC: CImageDecodingThreadSample::LoadImage(QString) (in /mnt/nfs/env/Receiver)
==16049== by 0x804994E: CImageDecodingThreadSample::onStarted() (in /mnt/nfs/env/Receiver)
==16049== This conflicts with a previous write of size 4 by thread #1
==16049== at 0x61A68F8: QListData::realloc(int) (in /usr/local/Qt/lib/libQtCore.so.4.8.0)
==16049== by 0x61A6993: QListData::append(int) (in /usr/local/Qt/lib/libQtCore.so.4.8.0)
==16049== by 0x61A6A15: QListData::append() (in /usr/local/Qt/lib/libQtCore.so.4.8.0)
==16049== by 0x628CD17: ??? (in /usr/local/Qt/lib/libQtCore.so.4.8.0)
==16049== by 0x628C591: QCoreApplication::postEvent(QObject*, QEvent*, int) (in /usr/local/Qt/lib/libQtCore.so.4.8.0)
==16049== by 0x628C63C: QCoreApplication::postEvent(QObject*, QEvent*) (in /usr/local/Qt/lib/libQtCore.so.4.8.0)
==16049== by 0x629DC21: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/local/Qt/lib/libQtCore.so.4.8.0)
==16049== by 0x62EC4F7: QTimer::timeout() (in /usr/local/Qt/lib/libQtCore.so.4.8.0)
==16049== Address 0x6aecee4 is 28 bytes inside a block of size 60 alloc'd
==16049== at 0x402461D: operator new(unsigned int) (vg_replace_malloc.c:255)
==16049== by 0x618525B: ??? (in /usr/local/Qt/lib/libQtCore.so.4.8.0)
==16049== by 0x61852EB: QThread::QThread(QObject*) (in /usr/local/Qt/lib/libQtCore.so.4.8.0)
==16049== by 0x80494ED: CImageResourceSample::CImageResourceSample() (in /mnt/nfs/env/Receiver)
==16049== by 0x80495FF: CImageResourceSample::getInstance() (in /mnt/nfs/env/Receiver)
==16049== by 0x8049301: main (in /mnt/nfs/env/Receiver)

We are using for Embedded platform unix.
Kindly let us the know the root cause for the race condition.

Duck

The root cause is faulty code. Without seeing your code it's hard to tell where the problem is exactly.