[Interest] QCoreApplication::arguments(): getting the application name safely during global destruction
Thiago Macieira
thiago.macieira at intel.com
Wed Jan 22 16:44:50 CET 2020
On Wednesday, 22 January 2020 00:47:17 PST René J. V. Bertin wrote:
> Thiago Macieira wrote:
> > The chance that it has been overwritten is 100% at this point.
>
> Are you certain this is true on all platforms? I seem to recall one where
> you can get at argc,argv through global variables (or where they
> functions...), possibly OS X or otherwise MS Windows.
Yes. 100%. There are only to possibilities: either argc was passed in
registers or it was passed on the stack.
If the latter (i386), then the same slot in the stack was used to pass main's
return value to exit(). That's usually 0 and wouldn't cause a crash in
QCoreApplication::arguments(). But it's UB nonetheless.
If the former (all other ABIs I know of), then main() spilled argc to the
stack so it could give QCoreApplication an address. Since main() returned, the
stack became writable. On x86-64, anything below %rsp is liable to be
overwritten at any time. Moreover, exit() called more functions, so the stack
pointer was moved past where argc was originally spilled.
> > This was a return from main().
>
> Then it must have been the last line in main(),
>
> return qApp->exec();
>
> I don't suppose QCoreApplication can see it's being called with a
> dynamically allocated `this` and do a `delete this` before returning so I
> guess I have another location to report.
Correct, it can't.
--
Thiago Macieira - thiago.macieira (AT) intel.com
Software Architect - Intel System Software Products
More information about the Interest
mailing list