[Interest] QCoreApplication::arguments(): getting the application name safely during global destruction

Thiago Macieira thiago.macieira at intel.com
Wed Jan 22 16:44:50 CET 2020

On Wednesday, 22 January 2020 00:47:17 PST René J. V. Bertin wrote:
> Thiago Macieira wrote:
> > The chance that it has been overwritten is 100% at this point.
> Are you certain this is true on all platforms? I seem to recall one where
> you can get at argc,argv through global variables (or where they
> functions...), possibly OS X or otherwise MS Windows.

Yes. 100%. There are only to possibilities: either argc was passed in 
registers or it was passed on the stack.

If the latter (i386), then the same slot in the stack was used to pass main's 
return value to exit(). That's usually 0 and wouldn't cause a crash in 
QCoreApplication::arguments(). But it's UB nonetheless.

If the former (all other ABIs I know of), then main() spilled argc to the 
stack so it could give QCoreApplication an address. Since main() returned, the 
stack became writable. On x86-64, anything below %rsp is liable to be 
overwritten at any time. Moreover, exit() called more functions, so the stack 
pointer was moved past where argc was originally spilled.

> > This was a return from main().
> Then it must have been the last line in main(),
> return qApp->exec();
> I don't suppose QCoreApplication can see it's being called with a
> dynamically allocated `this` and do a `delete this` before returning so I
> guess I have another location to report.

Correct, it can't.

Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel System Software Products

More information about the Interest mailing list