Details
-
Bug
-
Resolution: Unresolved
-
P3: Somewhat important
-
None
-
6.5.3, 6.7.0 FF
-
None
Description
Sample code:
#include <QCoreApplication> #include <QTimer> #include <QStringBuilder> void foo() { QString s1 = "somesting1"; QString s2 = "somesting2"; const auto str = s1 % s2; QTimer::singleShot(100, [str] { qDebug() << str; }); } int main(int argc, char *argv[]) { QCoreApplication a(argc, argv); foo(); return a.exec(); }
This code provokes the crash with the following stack:
1 _platform_memmove (arm64e) /usr/lib/system/libsystem_platform.dylib 0x188c61870 2 QConcatenable<QString>::appendTo(QString const&, QChar *&) qstringbuilder.h 255 0x1000037c8 3 void QConcatenable<QStringBuilder<QString&, QString&>>::appendTo<QChar>(QStringBuilder<QString&, QString&> const&, QChar *&) qstringbuilder.h 398 0x100003624 4 QString QStringBuilder<QString&, QString&>::convertTo<QString>() const qstringbuilder.h 112 0x1000034d8 5 QStringBuilder<QString&, QString&>::operator QString() const qstringbuilder.h 129 0x100003260 6 foo()::$_0::operator()() const main.cpp 10 0x100003108 7 QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, foo()::$_0>::call(foo()::$_0&, void * *) qobjectdefs_impl.h 129 0x10000309c 8 void QtPrivate::Functor<foo()::$_0, 0>::call<QtPrivate::List<>, void>(foo()::$_0&, void *, void * *) qobjectdefs_impl.h 243 0x100003034 9 QtPrivate::QFunctorSlotObject<foo()::$_0, 0, QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase *, QObject *, void * *, bool *) qobjectdefs_impl.h 457 0x100002f94 10 QtPrivate::QSlotObjectBase::call(QObject *, void * *) qobjectdefs_impl.h 374 0x100c589e0 11 void doActivate<false>(QObject *, int, void * *) qobject.cpp 4036 0x100c589c4 12 QSingleShotTimer::timeout() qtimer.moc 159 0x100c6e13c 13 QSingleShotTimer::timerEvent(QTimerEvent *) qtimer.cpp 304 0x100c6e124 14 QObject::event(QEvent *) qobject.cpp 0x100c510dc 15 QCoreApplicationPrivate::notify_helper(QObject *, QEvent *) qcoreapplication.cpp 1285 0x100c0e21c 16 QCoreApplication::notifyInternal2(QObject *, QEvent *) qcoreapplication.cpp 1118 0x100c0dd9c 17 QTimerInfoList::activateTimers() qtimerinfo_unix.cpp 613 0x100d7bd48 18 QEventDispatcherUNIXPrivate::activateTimers() qeventdispatcher_unix.cpp 213 0x100d78b3c 19 QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) qeventdispatcher_unix.cpp 482 0x100d78b34 20 QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) qeventloop.cpp 100 0x100c17714 21 QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) qeventloop.cpp 182 0x100c176f0 22 QCoreApplication::exec() qcoreapplication.cpp 1439 0x100c0e428 23 main main.cpp 17 0x100002560
The reason is trivial: a copy of the QSB captured in a lambda expression outlives the strings data it refers to internally. So we get an access violation when we try to manipulate it inside the lambda body.
Attachments
Issue Links
- relates to
-
QTBUG-47066 Segmentation fault with QStringBuilder
- Closed
-
QTBUG-103090 Make QStringBuilder mandatory
- Open
Gerrit Reviews
For Gerrit Dashboard: QTBUG-117699 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
508465,11 | QStringBuilder: disable copy constructor | dev | qt/qtbase | Status: ABANDONED | 0 | 0 |