setFilter() with illegal expression causes crash

My application crashes when using the setFilter() method of a QSqlTableModel object (attached to a QTableView object) using an illegal expression. The setFilter() method is executed but it crashes when returning to the event loop with this output:

ASSERT: "idx >= 0 && idx < s" in file c:\iwmake\build_vs2008_opensource________________padding________________\include\qtcore\../../src/corelib/tools/qvarlengtharray.h, line 107
QWidget::repaint: Recursive repaint detected
ASSERT: "idx >= 0 && idx < s" in file c:\iwmake\build_vs2008_opensource________________padding________________\include\qtcore\../../src/corelib/tools/qvarlengtharray.h, line 107

This is the call stack I get:

> QtCored4.dll!qt_message_output(QtMsgType msgType=QtFatalMsg, const char * buf=0x0167da18) Zeile 2270 C++
QtCored4.dll!qt_message(QtMsgType msgType=QtFatalMsg, const char * msg=0x672aa0d8, char * ap=0x003936a0) Zeile 2328 + 0x12 Bytes C++
QtCored4.dll!qFatal(const char * msg=0x672aa0d8, ...) Zeile 2511 + 0xf Bytes C++
QtCored4.dll!qt_assert(const char * assertion=0x6203cb5c, const char * file=0x6203cb78, int line=107) Zeile 2027 + 0x16 Bytes C++
QtSqld4.dll!QVarLengthArray<int,56>::operator[](int idx=0) Zeile 107 + 0x31 Bytes C++
QtSqld4.dll!QSqlQueryModel::indexInQuery(const QModelIndex & item=

{...}) Zeile 597 + 0x2d Bytes C++
QtSqld4.dll!QSqlQueryModel::headerData(int section=0, Qt::Orientation orientation=Horizontal, int role=6) Zeile 284 + 0x3e Bytes C++
QtSqld4.dll!QSqlTableModel::headerData(int section=0, Qt::Orientation orientation=Horizontal, int role=6) Zeile 486 + 0x18 Bytes C++
QtGuid4.dll!QHeaderView::paintEvent(QPaintEvent * e=0x003943e8) Zeile 2107 + 0x32 Bytes C++
QtGuid4.dll!QWidget::event(QEvent * event=0x003943e8) Zeile 8406 C++
QtGuid4.dll!QFrame::event(QEvent * e=0x003943e8) Zeile 557 + 0xc Bytes C++
QtGuid4.dll!QAbstractScrollArea::viewportEvent(QEvent * e=0x003943e8) Zeile 1043 + 0xc Bytes C++
QtGuid4.dll!QAbstractItemView::viewportEvent(QEvent * event=0x003943e8) Zeile 1629 C++
QtGuid4.dll!QHeaderView::viewportEvent(QEvent * e=0x003943e8) Zeile 2426 C++
QtGuid4.dll!QAbstractScrollAreaPrivate::viewportEvent(QEvent * event=0x003943e8) Zeile 100 + 0x28 Bytes C++
QtGuid4.dll!QAbstractScrollAreaFilter::eventFilter(QObject * o=0x015eb4f0, QEvent * e=0x003943e8) Zeile 116 + 0x29 Bytes C++
QtCored4.dll!QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject * receiver=0x015eb4f0, QEvent * event=0x003943e8) Zeile 846 + 0x15 Bytes C++
QtGuid4.dll!QApplicationPrivate::notify_helper(QObject * receiver=0x015eb4f0, QEvent * e=0x003943e8) Zeile 4458 + 0x11 Bytes C++
QtGuid4.dll!QApplication::notify(QObject * receiver=0x015eb4f0, QEvent * e=0x003943e8) Zeile 4427 + 0x10 Bytes C++
QtCored4.dll!QCoreApplication::notifyInternal(QObject * receiver=0x015eb4f0, QEvent * event=0x003943e8) Zeile 731 + 0x15 Bytes C++
QtCored4.dll!QCoreApplication::sendSpontaneousEvent(QObject * receiver=0x015eb4f0, QEvent * event=0x003943e8) Zeile 218 + 0x38 Bytes C++
QtGuid4.dll!QWidgetPrivate::drawWidget(QPaintDevice * pdev=0x015a2eb0, const QRegion & rgn={...}

, const QPoint & offset=

{...}, int flags=4, QPainter * sharedPainter=0x00000000, QWidgetBackingStore * backingStore=0x01634888) Zeile 5492 + 0xe Bytes C++
QtGuid4.dll!QWidgetPrivate::paintSiblingsRecursive(QPaintDevice * pdev=0x015a2eb0, const QList<QObject *> & siblings={...}

, int index=0, const QRegion & rgn=

{...}, const QPoint & offset={...}

, int flags=4, QPainter * sharedPainter=0x00000000, QWidgetBackingStore * backingStore=0x01634888) Zeile 5700 C++
QtGuid4.dll!QWidgetPrivate::drawWidget(QPaintDevice * pdev=0x015a2eb0, const QRegion & rgn=

{...}, const QPoint & offset={...}

, int flags=4, QPainter * sharedPainter=0x00000000, QWidgetBackingStore * backingStore=0x01634888) Zeile 5547 C++
QtGuid4.dll!QWidgetPrivate::paintSiblingsRecursive(QPaintDevice * pdev=0x015a2eb0, const QList<QObject *> & siblings=

{...}, int index=3, const QRegion & rgn={...}

, const QPoint & offset=

{...}, int flags=4, QPainter * sharedPainter=0x00000000, QWidgetBackingStore * backingStore=0x01634888) Zeile 5700 C++
QtGuid4.dll!QWidgetPrivate::paintSiblingsRecursive(QPaintDevice * pdev=0x015a2eb0, const QList<QObject *> & siblings={...}

, int index=6, const QRegion & rgn=

{...}, const QPoint & offset={...}

, int flags=4, QPainter * sharedPainter=0x00000000, QWidgetBackingStore * backingStore=0x01634888) Zeile 5687 C++
QtGuid4.dll!QWidgetPrivate::drawWidget(QPaintDevice * pdev=0x015a2eb0, const QRegion & rgn=

{...}, const QPoint & offset={...}

, int flags=5, QPainter * sharedPainter=0x00000000, QWidgetBackingStore * backingStore=0x01634888) Zeile 5547 C++
QtGuid4.dll!QWidgetBackingStore::sync() Zeile 1336 C++
QtGuid4.dll!QWidgetPrivate::syncBackingStore() Zeile 1845 C++
QtGuid4.dll!QWidget::event(QEvent * event=0x0167c258) Zeile 8553 C++
QtGuid4.dll!QFrame::event(QEvent * e=0x0167c258) Zeile 557 + 0xc Bytes C++
QtGuid4.dll!QAbstractScrollArea::event(QEvent * e=0x0167c258) Zeile 996 + 0xc Bytes C++
QtGuid4.dll!QAbstractItemView::event(QEvent * event=0x0167c258) Zeile 1565 C++
QtGuid4.dll!QApplicationPrivate::notify_helper(QObject * receiver=0x0160b568, QEvent * e=0x0167c258) Zeile 4462 + 0x11 Bytes C++
QtGuid4.dll!QApplication::notify(QObject * receiver=0x0160b568, QEvent * e=0x0167c258) Zeile 4427 + 0x10 Bytes C++
QtCored4.dll!QCoreApplication::notifyInternal(QObject * receiver=0x0160b568, QEvent * event=0x0167c258) Zeile 731 + 0x15 Bytes C++
QtCored4.dll!QCoreApplication::sendEvent(QObject * receiver=0x0160b568, QEvent * event=0x0167c258) Zeile 215 + 0x39 Bytes C++
QtCored4.dll!QCoreApplicationPrivate::sendPostedEvents(QObject * receiver=0x00000000, int event_type=0, QThreadData * data=0x01587680) Zeile 1372 + 0xd Bytes C++
QtCored4.dll!qt_internal_proc(HWND__ * hwnd=0x00030ec6, unsigned int message=1025, unsigned int wp=0, long lp=0) Zeile 497 + 0x10 Bytes C++
user32.dll!77b6c4e7()
[Unten angegebene Rahmen sind möglicherweise nicht korrekt und/oder fehlen, keine Symbole geladen für user32.dll]
user32.dll!77b6c5e7()
user32.dll!77b6c590()
user32.dll!77b6cc19()
user32.dll!77b6cc70()
user32.dll!77b838d7()
user32.dll!77b83b27()
user32.dll!77bae0d5()
user32.dll!77bae659()
user32.dll!77bae78c()
user32.dll!77bae836()
user32.dll!77bae9e4()
user32.dll!77baea56()
msvcr90d.dll!0f7c4d57()

I could reproduce this by compiling the sql/TableModel example (that is delivered with Qt) using VC++ Express 2008 and by adding two lines of code to the main function of the example:

int main(int argc, char *argv[])
{
QApplication app(argc, argv);
if (!createConnection())
return 1;

QSqlTableModel model;

initializeModel(&model);

QTableView *view1 = createView(QObject::tr("Table Model (View 1)"), &model);
QTableView *view2 = createView(QObject::tr("Table Model (View 2)"), &model);

view1->show();
view2->move(view1->x() + view1->width() + 20, view1->y());
view2->show();

model.setFilter("some stupid nonsense"); // new
qDebug() << model.lastError().type(); // new

return app.exec();
}

This is a showstopper for me and I was not able to find a workaround. I need to allow the user entering the filter expression into a QLineEdit so it is not unusual that there are mistakes in the expression.