Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: P1: Critical
Fix Version/s: 6.2.9, 6.5.2, 6.6.0 FF
Affects Version/s: 6.5.0
Component/s: Core: Object Model
Labels:
- Reported_by_support_standard

Commits:
cb30e45b9 (dev), cdf35671d (6.5), b7c3eabdb (tqtc/lts-6.2)

Description

Looks like black magic.

    QProperty<long long> size;
    size = 3;
    QProperty<int> max;
    max.setBinding([&size]() -> int {
        for (int i = 0; i < size; i++) {} // without this it works fine
        return size.value();
    });
    size = 4; // this triggers the crash

gdb says:

1 QPropertyBindingPrivate::notifyNonRecursive()                                                                     0x7ffff639da7a 
2 QtPrivate::QPropertyBindingData::notifyObservers(QUntypedPropertyData *, QBindingStorage *) const                 0x7ffff63a0b05 
3 QProperty<long long>::notify                                                                      qproperty.h 486 0x55555555fde3 
4 QProperty<long long>::setValue                                                                    qproperty.h 407 0x55555555fcd6 
5 QProperty<long long>::operator=                                                                   qproperty.h 418 0x55555555fc0d 
6 main                                                                                              main.cpp    22  0x55555555f588

Valgrind says:

Invalid read of size 8
  in main in /home/user/tests/quickcmake/main.cpp:22
  1: QtPrivate::QPropertyBindingData::notifyObservers(QUntypedPropertyData*, QBindingStorage*) const in /home/user/Qt/6.5.0/gcc_64/lib/libQt6Core.so.6.5.0
  2: QProperty<long long>::notify() in /home/user/Qt/6.5.0/gcc_64/include/QtCore/qproperty.h:486
  3: QProperty<long long>::setValue(long long) in /home/user/Qt/6.5.0/gcc_64/include/QtCore/qproperty.h:407
  4: QProperty<long long>::operator=(long long) in /home/user/Qt/6.5.0/gcc_64/include/QtCore/qproperty.h:418
  5: main in /home/user/tests/quickcmake/main.cpp:22
Address 0x10689970 is 16 bytes inside a block of size 24 free'd  1: operator delete(void*, unsigned long) in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so
  2: void std::vector<QPropertyObserver, std::allocator<QPropertyObserver> >::_M_realloc_insert<>(__gnu_cxx::__normal_iterator<QPropertyObserver*, std::vector<QPropertyObserver, std::allocator<QPropertyObserver> > >) in /home/user/Qt/6.5.0/gcc_64/lib/libQt6Core.so.6.5.0
  3: QPropertyBindingPrivate::allocateDependencyObserver_slow() in /home/user/Qt/6.5.0/gcc_64/lib/libQt6Core.so.6.5.0
  4: QtPrivate::QPropertyBindingData::registerWithCurrentlyEvaluatingBinding_helper(QtPrivate::BindingEvaluationState*) const in /home/user/Qt/6.5.0/gcc_64/lib/libQt6Core.so.6.5.0
  5: QProperty<long long>::value() const in /home/user/Qt/6.5.0/gcc_64/include/QtCore/qproperty.h:366
  6: main::{lambda()#1}::operator()() const in /home/user/tests/quickcmake/main.cpp:20
  7: int std::__invoke_impl<int, main::{lambda()#1}&>(std::__invoke_other, main::{lambda()#1}&) in /usr/include/c++/11/bits/invoke.h:61
  8: std::__invoke_result<main::{lambda()#1}&>::type std::__invoke<main::{lambda()#1}&>(main::{lambda()#1}&) in /usr/include/c++/11/bits/invoke.h:96
  9: std::invoke_result<main::{lambda()#1}&>::type std::invoke<main::{lambda()#1}&>(main::{lambda()#1}&) in /usr/include/c++/11/functional:97
  10: QtPrivate::BindingFunctionVTable::createFor<main::{lambda()#1}, int>()::{lambda(QMetaType, QUntypedPropertyData*, void*)#1}::operator()(QMetaType, QUntypedPropertyData*, void*) const in /home/user/Qt/6.5.0/gcc_64/include/QtCore/qpropertyprivate.h:188
  11: QtPrivate::BindingFunctionVTable::createFor<main::{lambda()#1}, int>()::{lambda(QMetaType, QUntypedPropertyData*, void*)#1}::_FUN(QMetaType, QUntypedPropertyData*, void*) in /home/user/Qt/6.5.0/gcc_64/include/QtCore/qpropertyprivate.h:177
  12: /home/user/Qt/6.5.0/gcc_64/lib/libQt6Core.so.6.5.0
  13: QtPrivate::QPropertyBindingData::notifyObserver_helper(QUntypedPropertyData*, QBindingStorage*, QPropertyObserverPointer, QVarLengthArray<QBindingObserverPtr, 256ll>&) const in /home/user/Qt/6.5.0/gcc_64/lib/libQt6Core.so.6.5.0
  14: QtPrivate::QPropertyBindingData::notifyObservers(QUntypedPropertyData*, QBindingStorage*) const in /home/user/Qt/6.5.0/gcc_64/lib/libQt6Core.so.6.5.0
  15: QProperty<long long>::notify() in /home/user/Qt/6.5.0/gcc_64/include/QtCore/qproperty.h:486
  16: QProperty<long long>::setValue(long long) in /home/user/Qt/6.5.0/gcc_64/include/QtCore/qproperty.h:407
  17: QProperty<long long>::operator=(long long) in /home/user/Qt/6.5.0/gcc_64/include/QtCore/qproperty.h:418
  18: main in /home/user/tests/quickcmake/main.cpp:22
Block was alloc'd at  1: operator new(unsigned long) in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so
  2: void std::vector<QPropertyObserver, std::allocator<QPropertyObserver> >::_M_realloc_insert<>(__gnu_cxx::__normal_iterator<QPropertyObserver*, std::vector<QPropertyObserver, std::allocator<QPropertyObserver> > >) in /home/user/Qt/6.5.0/gcc_64/lib/libQt6Core.so.6.5.0
  3: QPropertyBindingPrivate::allocateDependencyObserver_slow() in /home/user/Qt/6.5.0/gcc_64/lib/libQt6Core.so.6.5.0
  4: QtPrivate::QPropertyBindingData::registerWithCurrentlyEvaluatingBinding_helper(QtPrivate::BindingEvaluationState*) const in /home/user/Qt/6.5.0/gcc_64/lib/libQt6Core.so.6.5.0
  5: QProperty<long long>::value() const in /home/user/Qt/6.5.0/gcc_64/include/QtCore/qproperty.h:366
  6: main::{lambda()#1}::operator()() const in /home/user/tests/quickcmake/main.cpp:20
  7: int std::__invoke_impl<int, main::{lambda()#1}&>(std::__invoke_other, main::{lambda()#1}&) in /usr/include/c++/11/bits/invoke.h:61
  8: std::__invoke_result<main::{lambda()#1}&>::type std::__invoke<main::{lambda()#1}&>(main::{lambda()#1}&) in /usr/include/c++/11/bits/invoke.h:96
  9: std::invoke_result<main::{lambda()#1}&>::type std::invoke<main::{lambda()#1}&>(main::{lambda()#1}&) in /usr/include/c++/11/functional:97
  10: QtPrivate::BindingFunctionVTable::createFor<main::{lambda()#1}, int>()::{lambda(QMetaType, QUntypedPropertyData*, void*)#1}::operator()(QMetaType, QUntypedPropertyData*, void*) const in /home/user/Qt/6.5.0/gcc_64/include/QtCore/qpropertyprivate.h:188
  11: QtPrivate::BindingFunctionVTable::createFor<main::{lambda()#1}, int>()::{lambda(QMetaType, QUntypedPropertyData*, void*)#1}::_FUN(QMetaType, QUntypedPropertyData*, void*) in /home/user/Qt/6.5.0/gcc_64/include/QtCore/qpropertyprivate.h:177
  12: QPropertyBindingPrivate::evaluateRecursive(QVarLengthArray<QBindingObserverPtr, 256ll>&, QBindingStatus*) in /home/user/Qt/6.5.0/gcc_64/lib/libQt6Core.so.6.5.0
  13: QtPrivate::QPropertyBindingData::setBinding(QUntypedPropertyBinding const&, QUntypedPropertyData*, void (*)(QUntypedPropertyData*), bool (*)(QMetaType, QUntypedPropertyData*, QtPrivate::QPropertyBindingFunction)) in /home/user/Qt/6.5.0/gcc_64/lib/libQt6Core.so.6.5.0
  14: QProperty<int>::setBinding(QPropertyBinding<int> const&) in /home/user/Qt/6.5.0/gcc_64/include/QtCore/qproperty.h:424
  15: QPropertyBinding<int> QProperty<int>::setBinding<main::{lambda()#1}>(main::{lambda()#1}&&, QPropertyBindingSourceLocation const&, std::enable_if<is_invocable_v<main::{lambda()#1}>, void>::type*) in /home/user/Qt/6.5.0/gcc_64/include/QtCore/qproperty.h:441
  16: main in /home/user/tests/quickcmake/main.cpp:18