Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-40595

[Reg]: crash in SpriteSequence if goalSprite is referenced before it's created

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P2: Important
    • 5.4.0 RC
    • 5.3.1, 5.4.0 Beta
    • Quick: Other
    • None

    Description

      If 'goalSprite' is referenced before it is created the application crashes. This is regression from Qt 5.2.1.

      The attached example application can be used to reproduce the crash with Qt 5.3.1.

      Steps to reproduce:
      1. compile and run the example

      Expected result:
      The application starts without problems.

      Actual result:
      The application crashes with segmentation fault.

      The gdb output of the crash:

      Program received signal SIGSEGV, Segmentation fault.
0x00007fffecb5a9a2 in QListData::size (this=0x10)
    at /work/Qt/qt-5.3.1/qtbase/include/QtCore/../../src/corelib/tools/qlist.h:96
96	    inline int size() const { return d->end - d->begin; }
(gdb) bt
#0  0x00007fffecb5a9a2 in QListData::size (this=0x10)
    at /work/Qt/qt-5.3.1/qtbase/include/QtCore/../../src/corelib/tools/qlist.h:96
#1  0x00007fffecd37b98 in QList<QQuickStochasticState*>::count (this=0x10)
    at /work/Qt/qt-src-5.3.1/qtbase/include/QtCore/../../src/corelib/tools/qlist.h:292
#2  0x00007fffecd3bc5f in QQuickStochasticEngine::stateIndex (this=0x0, s=...) at items/qquickspriteengine_p.h:209
#3  0x00007fffecd3a71d in QQuickSpriteSequence::setGoalSprite (this=0x596080, sprite=...)
    at items/qquickspritesequence.cpp:254
#4  0x00007fffecdd62fa in QQuickSpriteSequence::qt_metacall (this=0x596080, _c=QMetaObject::WriteProperty, _id=2, 
    _a=0x7fffffffbda0) at .moc/moc_qquickspritesequence_p.cpp:223
#5  0x00007ffff6e6b08b in QMetaObject::metacall (object=0x596080, cl=QMetaObject::WriteProperty, idx=43, 
    argv=0x7fffffffbda0) at kernel/qmetaobject.cpp:308
#6  0x00007ffff7b6491e in QQmlObjectCreator::setPropertyValue (this=0x7fffffffce10, property=0x7fffe003b388, 
    binding=0x7fffe003f9a8) at qml/qqmlobjectcreator.cpp:365
#7  0x00007ffff7b688a8 in QQmlObjectCreator::setPropertyBinding (this=0x7fffffffce10, property=0x7fffe003b388, 
    binding=0x7fffe003f9a8) at qml/qqmlobjectcreator.cpp:983
#8  0x00007ffff7b66c0c in QQmlObjectCreator::setupBindings (this=0x7fffffffce10, bindingsToSkip=...)
    at qml/qqmlobjectcreator.cpp:724
#9  0x00007ffff7b6a746 in QQmlObjectCreator::populateInstance (this=0x7fffffffce10, index=0, instance=0x0, 
    bindingTarget=0x61fef0, valueTypeProperty=0x0, bindingsToSkip=...) at qml/qqmlobjectcreator.cpp:1314
#10 0x00007ffff7b69a83 in QQmlObjectCreator::createInstance (this=0x7fffffffce10, index=0, parent=0x0, isContextObject=true)
    at qml/qqmlobjectcreator.cpp:1158
#11 0x00007ffff7b63cef in QQmlObjectCreator::create (this=0x7fffffffce10, subComponentIndex=-1, parent=0x0, interrupt=0x0)
    at qml/qqmlobjectcreator.cpp:219
#12 0x00007ffff7b692b8 in QQmlObjectCreator::createInstance (this=0x474d30, index=3, parent=0x520ae0, isContextObject=false)
    at qml/qqmlobjectcreator.cpp:1075
#13 0x00007ffff7b6710e in QQmlObjectCreator::setPropertyBinding (this=0x474d30, property=0x7fffe003f348, 
    binding=0x7fffe004ed48) at qml/qqmlobjectcreator.cpp:765
#14 0x00007ffff7b66c0c in QQmlObjectCreator::setupBindings (this=0x474d30, bindingsToSkip=...)
    at qml/qqmlobjectcreator.cpp:724
#15 0x00007ffff7b6a746 in QQmlObjectCreator::populateInstance (this=0x474d30, index=0, instance=0x0, 
    bindingTarget=0x44bb90, valueTypeProperty=0x0, bindingsToSkip=...) at qml/qqmlobjectcreator.cpp:1314
#16 0x00007ffff7b69a83 in QQmlObjectCreator::createInstance (this=0x474d30, index=0, parent=0x0, isContextObject=true)
    at qml/qqmlobjectcreator.cpp:1158
#17 0x00007ffff7b63cef in QQmlObjectCreator::create (this=0x474d30, subComponentIndex=-1, parent=0x0, interrupt=0x0)
    at qml/qqmlobjectcreator.cpp:219
#18 0x00007ffff7ad7314 in QQmlComponentPrivate::beginCreate (this=0x522180, context=0x521360) at qml/qqmlcomponent.cpp:884
#19 0x00007ffff7ad6f81 in QQmlComponent::beginCreate (this=0x51c7d0, publicContext=0x51ca90) at qml/qqmlcomponent.cpp:833
#20 0x00007ffff7ad6edd in QQmlComponent::create (this=0x51c7d0, context=0x51ca90) at qml/qqmlcomponent.cpp:793
#21 0x00007ffff7b5bb9a in QQmlApplicationEnginePrivate::_q_finishLoad (this=0x439d30, o=0x51c7d0)
    at qml/qqmlapplicationengine.cpp:138
#22 0x00007ffff7b5b94f in QQmlApplicationEnginePrivate::startLoad (this=0x439d30, url=..., data=..., dataFlag=false)
    at qml/qqmlapplicationengine.cpp:117
#23 0x00007ffff7b5bea3 in QQmlApplicationEngine::load (this=0x7fffffffe030, url=...) at qml/qqmlapplicationengine.cpp:254
#24 0x0000000000400cd1 in main (argc=1, argv=0x7fffffffe178) at main.cpp:9

      The patch attached can be used to workaround the problem

      Attachments

        1. bug_40595.zip
          5 kB
        2. patch.diff
          0.9 kB
        For Gerrit Dashboard: QTBUG-40595
        # Subject Branch Project Status CR V
        97565,3 Fix crash in SpriteSequence 5.4 qt/qtdeclarative Status: MERGED +2 0

        Activity

          People

            ablasche Alex Blasche
            qtcomsupport Qt Support
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes