Loading...

Details

Type: Bug
Resolution: Done
Priority: P2: Important
Fix Version/s: 4.6.3
Affects Version/s: 4.6.0
Component/s: None
Labels:
None

Commits:
71df6edab122730c38ac238e168a4cc35b6f4857

Description

OOM testing Qt with tst_exceptionsafety_objects, widgets(QToolBar) test, QImage::setAlphaChannel crashed with a null d pointer. The call stack is below.

setAlphaChannel is implemented as follows, which makes me think that the problem is in detach or convertToFormat, or their use.

void QImage::setAlphaChannel(const QImage &alphaChannel)
{
if (!d)
return;

...
detach();

*this = convertToFormat(QImage::Format_ARGB32_Premultiplied);

// Slight optimization since alphachannels are returned as 8-bit grays.
if (alphaChannel.d->depth == 8 && alphaChannel.isGrayscale()) {
const uchar *src_data = alphaChannel.d->data;
const uchar dest_data = d->data; // ****crash is here***
...

51 ThreadPanicBreakPoint() I:\sf\os\kernelhwsrv\kernel\eka\kernel\win32\cutils.cpp:156 0x0096bab6
50 DJitCrashHandler::HandleEvent() I:\sf\os\kernelhwsrv\kernel\eka\kernel\win32\cutils.cpp:204 0x0096bcce
49 DKernelEventHandler::Dispatch() I:\sf\os\kernelhwsrv\kernel\eka\kernel\skernel.cpp:1924 0x00982f44
48 DThread::Exit() I:\sf\os\kernelhwsrv\kernel\eka\kernel\sthread.cpp:695 0x0099f480
47 DThread::EpocThreadExitHandler() I:\sf\os\kernelhwsrv\kernel\eka\kernel\sthread.cpp:636 0x0099f282
46 NThreadBase::Exit() I:\sf\os\kernelhwsrv\kernel\eka\nkern\nkern.cpp:1101 0x00962348
45 NThreadBase::DoCsFunction() I:\sf\os\kernelhwsrv\kernel\eka\nkern\nkern.cpp:682 0x00961acc
44 NFastMutex::Signal() I:\sf\os\kernelhwsrv\kernel\eka\nkern\nkern.cpp:121 0x009611f8
43 NKern::ThreadKill() I:\sf\os\kernelhwsrv\kernel\eka\nkern\nkern.cpp:1542 0x00962914
42 DThread::Die() I:\sf\os\kernelhwsrv\kernel\eka\kernel\sthread.cpp:794 0x0099f724
41 K::PanicCurrentThread() I:\sf\os\kernelhwsrv\kernel\eka\kernel\server.cpp:905 0x00992be4
40 K::PanicKernExec() I:\sf\os\kernelhwsrv\kernel\eka\kernel\server.cpp:898 0x00992bb0
39 Exc::Dispatch() I:\sf\os\kernelhwsrv\kernel\eka\kernel\win32\ckernel.cpp:227 0x0096b1ff
38 NThread__HandleException() I:\sf\os\kernelhwsrv\kernel\eka\nkern\win32\ncthrd.cpp:299 0x009698f7
37 NThread::Exception() I:\sf\os\kernelhwsrv\kernel\eka\nkern\win32\ncthrd.cpp:348 0x00969965
36 QImage::setAlphaChannel() I:\qt\src\gui\image\qimage.cpp:5621 0x7126ea26
35 QS60StyleModeSpecifics::fromFbsBitmap() I:\qt\src\gui\styles\qs60style_s60.cpp:607 0x7153ba53
34 QS60StyleModeSpecifics::createSkinnedGraphicsLX() I:\qt\src\gui\styles\qs60style_s60.cpp:690 0x7153c011
33 QS60StyleModeSpecifics::skinnedGraphics() I:\qt\src\gui\styles\qs60style_s60.cpp:339 0x7153a963
32 QS60StylePrivate::part() I:\qt\src\gui\styles\qs60style_s60.cpp:1151 0x7153d942
31 QS60StylePrivate::cachedPart() I:\qt\src\gui\styles\qs60style.cpp:603 0x71531284
30 QS60Style::standardIconImplementation() I:\qt\src\gui\styles\qs60style.cpp:2855 0x71539c16
29 QS60Style::qt_metacall() I:\qt\src\gui\tmp\moc\debug_shared\moc_qs60style.cpp:80 0x71602013
28 QMetaObject::metacall() I:\qt\src\corelib\kernel\qmetaobject.cpp:237 0x6bbf1f64
27 QMetaMethod::invoke() I:\qt\src\corelib\kernel\qmetaobject.cpp:1533 0x6bbf45a0
26 QMetaObject::invokeMethod() I:\qt\src\corelib\kernel\qmetaobject.cpp:1112 0x6bbf3b7b
25 QStyle::standardIcon() I:\qt\src\gui\styles\qstyle.cpp:2274 0x714c269b
24 QToolBarExtension::setOrientation() I:\qt\src\gui\widgets\qtoolbarextension.cpp:67 0x716f8323
23 QToolBarExtension::QToolBarExtension() I:\qt\src\gui\widgets\qtoolbarextension.cpp:58 0x716f8257
22 QToolBarLayout::QToolBarLayout() I:\qt\src\gui\widgets\qtoolbarlayout.cpp:86 0x716f4986
21 QToolBarPrivate::init() I:\qt\src\gui\widgets\qtoolbar.cpp:101 0x716f16d9
20 QToolBar::QToolBar() I:\qt\src\gui\widgets\qtoolbar.cpp:528 0x716f24c1
19 WidgetCreator<QToolBar>::operator() I:\qt\tests\auto\exceptionsafety_objects\tst_exceptionsafety_objects.cpp:387 0x2fd6aada
18 doOOMTest<AbstractTester>() I:\qt\tests\auto\exceptionsafety_objects\tst_exceptionsafety_objects.cpp:201 0x2fd650be
17 tst_ExceptionSafetyObjects::widgets() I:\qt\tests\auto\exceptionsafety_objects\tst_exceptionsafety_objects.cpp:481 0x2fd6387a
16 tst_ExceptionSafetyObjects::qt_metacall() I:\qt\tests\auto\exceptionsafety_objects\tmp\moc\debug_shared\tst_exceptionsafety_objects.moc:91 0x2fd63e36
15 QMetaObject::metacall() I:\qt\src\corelib\kernel\qmetaobject.cpp:237 0x6bbf1f64
14 QMetaMethod::invoke() I:\qt\src\corelib\kernel\qmetaobject.cpp:1533 0x6bbf45a0
13 QMetaObject::invokeMethod() I:\qt\src\corelib\kernel\qmetaobject.cpp:1112 0x6bbf3b7b
12 QMetaObject::invokeMethod() I:\qt\src\corelib\kernel\qobjectdefs.h:395 0x6bb4b71d
11 QTest::qInvokeTestMethodDataEntry() I:\qt\src\testlib\qtestcase.cpp:1212 0x2fe32a1e
10 QTest::qInvokeTestMethod() I:\qt\src\testlib\qtestcase.cpp:1308 0x2fe331f8
9 QTest::qInvokeTestMethods() I:\qt\src\testlib\qtestcase.cpp:1463 0x2fe339ae
8 QTest::qExec() I:\qt\src\testlib\qtestcase.cpp:1666 0x2fe33bf6
7 main() I:\qt\tests\auto\exceptionsafety_objects\tst_exceptionsafety_objects.cpp:782 0x2fd63c21
6 QtMainWrapper() I:\qt\src\s60main\qts60main_mcrt0.cpp:90 0x2fd7ca82
5 E32Main() I:\qt\src\s60main\qts60main.cpp:57 0x2fd7c61c
4 _E32Startup() M:\sf\os\kernelhwsrv\kernel\eka\euser\epoc\win32\uc_exe.cpp:87 0x2fd7bfac
3 DThread::EpocThreadFunction() I:\sf\os\kernelhwsrv\kernel\eka\kernel\win32\ckernel.cpp:84 0x0096ac23
2 NThread::StartThread() I:\sf\os\kernelhwsrv\kernel\eka\nkern\win32\ncthrd.cpp:187 0x009695b7
1 0x7C80B729( KERNEL32.dll )() 0x7c80b729

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

QImage::setAlphaChannel null pointer crash on OOM

Details

Description

Attachments

Gerrit Reviews

Activity

People

Dates

Gerrit Reviews