Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-50263

[MAC] Crash in QFocusFrame::paintEvent

    XMLWordPrintable

Details

    • macOS

    Description

      It happens when setting the focus to a particular widget with the QWidget::setFocus() API. The QFocusFrame::paintEvent is still called and the private widget pointer referencing fails with a coredump.
      The reason it crashes is that in QFocusFrame::paintEvent the observed widget for the QFocusFrame is 0.

      frame #4: 0x000000010be3d3d5 QtWidgets_debug`QFocusFrame::paintEvent(this=0x0000000114f1de40, (null)=0x00007fff5fbf66f0) + 245 at qfocusframe.cpp:258
  255 	    initStyleOption(&option);
  256 	    int vmargin = style()->pixelMetric(QStyle::PM_FocusFrameVMargin);
  257 	    int hmargin = style()->pixelMetric(QStyle::PM_FocusFrameHMargin);
-> 258 	    QWidgetPrivate *wd = qt_widget_private(d->widget); //d->widget is 0 !!!!!!
  259 	    QRect rect = wd->clipRect().adjusted(0, 0, hmargin*2, vmargin*2);
  260 	    p.setClipRect(rect);
  261 	    p.drawControl(QStyle::CE_FocusFrame, option);
(lldb) 
Do you get something similar on your side ?
Regards,Leo

thread #1: tid = 0x9b4b50, 0x000000010bbb30bc QtWidgets_debug`QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> >::data(this=0x0000000000000008) const + 12 at qscopedpointer.h:135, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x8)
   frame #0: 0x000000010bbb30bc QtWidgets_debug`QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> >::data(this=0x0000000000000008) const + 12 at qscopedpointer.h:135
   frame #1: 0x000000010bbd6da5 QtWidgets_debug`QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> >::pointer qGetPtrHelper<QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> > >(p=0x0000000000000008) + 21 at qglobal.h:983
   frame #2: 0x000000010bbd82ec QtWidgets_debug`QWidget::d_func(this=0x0000000000000000) + 28 at qwidget.h:121
   frame #3: 0x000000010bc15265 QtWidgets_debug`qt_widget_private(widget=0x0000000000000000) + 21 at qwidget.cpp:12109
   frame #4: 0x000000010be3d3d5 QtWidgets_debug`QFocusFrame::paintEvent(this=0x0000000114f1de40, (null)=0x00007fff5fbf66f0) + 245 at qfocusframe.cpp:258
   frame #5: 0x000000010bc2edfe QtWidgets_debug`QWidget::event(this=0x0000000114f1de40, event=0x00007fff5fbf66f0) + 2654 at qwidget.cpp:8817
   frame #6: 0x000000010be3d768 QtWidgets_debug`QFocusFrame::event(this=0x0000000114f1de40, e=0x00007fff5fbf66f0) + 40 at qfocusframe.cpp:328
   frame #7: 0x000000010bbcef3c QtWidgets_debug`QApplicationPrivate::notify_helper(this=0x000000010e83b160, receiver=0x0000000114f1de40, e=0x00007fff5fbf66f0) + 396 at qapplication.cpp:3717
 * frame #8: 0x000000010bbd3f36 QtWidgets_debug`QApplication::notify(this=0x000000010e83b040, receiver=0x0000000114f1de40, e=0x00007fff5fbf66f0) + 14310 at qapplication.cpp:3682
   frame #9: 0x000000010019df56 gdc`QtSingleApplication::notify(this=0x000000010e83b040, receiver=0x0000000114f1de40, event=0x00007fff5fbf66f0) + 374 at qtsingleapplication.cpp:414
   frame #10: 0x0000000101809d66 QtCore_debug`QCoreApplication::notifyInternal(this=0x000000010e83b040, receiver=0x0000000114f1de40, event=0x00007fff5fbf66f0) + 198 at qcoreapplication.cpp:965
   frame #11: 0x000000010bbd86af QtWidgets_debug`QCoreApplication::sendSpontaneousEvent(receiver=0x0000000114f1de40, event=0x00007fff5fbf66f0) + 95 at qcoreapplication.h:227
   frame #12: 0x000000010bc270a4 QtWidgets_debug`QWidgetPrivate::sendPaintEvent(this=0x0000000114f2eef0, toBePainted=0x00007fff5fbf69c0) + 68 at qwidget.cpp:5615
   frame #13: 0x000000010bc26bb3 QtWidgets_debug`QWidgetPrivate::drawWidget(this=0x0000000114f2eef0, pdev=0x00000001155752b0, rgn=0x00007fff5fbf6b20, offset=0x00007fff5fbf6b00, flags=4, sharedPainter=0x0000000000000000, backingStore=0x0000000115576100) + 2691 at qwidget.cpp:5555
   frame #14: 0x000000010bc27615 QtWidgets_debug`QWidgetPrivate::paintSiblingsRecursive(this=0x000000010eaf9ca0, pdev=0x00000001155752b0, siblings=0x000000010eaf9cb8, index=0, rgn=0x00007fff5fbf6fd0, offset=0x00007fff5fbf6fb0, flags=4, sharedPainter=0x0000000000000000, backingStore=0x0000000115576100) + 1317 at qwidget.cpp:5750
   frame #15: 0x000000010bc2704a QtWidgets_debug`QWidgetPrivate::drawWidget(this=0x000000010eaf9ca0, pdev=0x00000001155752b0, rgn=0x00007fff5fbf6fd0, offset=0x00007fff5fbf6fb0, flags=4, sharedPainter=0x0000000000000000, backingStore=0x0000000115576100) + 3866 at qwidget.cpp:5606
   frame #16: 0x000000010bc27615 QtWidgets_debug`QWidgetPrivate::paintSiblingsRecursive(this=0x000000010eaf9a10, pdev=0x00000001155752b0, siblings=0x000000010eaf9a28, index=0, rgn=0x00007fff5fbf7480, offset=0x00007fff5fbf7460, flags=4, sharedPainter=0x0000000000000000, backingStore=0x0000000115576100) + 1317 at qwidget.cpp:5750
   frame #17: 0x000000010bc2704a QtWidgets_debug`QWidgetPrivate::drawWidget(this=0x000000010eaf9a10, pdev=0x00000001155752b0, rgn=0x00007fff5fbf7480, offset=0x00007fff5fbf7460, flags=4, sharedPainter=0x0000000000000000, backingStore=0x0000000115576100) + 3866 at qwidget.cpp:5606
   frame #18: 0x000000010bc27615 QtWidgets_debug`QWidgetPrivate::paintSiblingsRecursive(this=0x000000010ef03250, pdev=0x00000001155752b0, siblings=0x000000010ef03268, index=0, rgn=0x00007fff5fbf7930, offset=0x00007fff5fbf7910, flags=4, sharedPainter=0x0000000000000000, backingStore=0x0000000115576100) + 1317 at qwidget.cpp:5750
   frame #19: 0x000000010bc2704a QtWidgets_debug`QWidgetPrivate::drawWidget(this=0x000000010ef03250, pdev=0x00000001155752b0, rgn=0x00007fff5fbf7930, offset=0x00007fff5fbf7910, flags=4, sharedPainter=0x0000000000000000, backingStore=0x0000000115576100) + 3866 at qwidget.cpp:5606
   frame #20: 0x000000010bc27615 QtWidgets_debug`QWidgetPrivate::paintSiblingsRecursive(this=0x000000010ef02a70, pdev=0x00000001155752b0, siblings=0x000000010ef02a88, index=1, rgn=0x00007fff5fbf7f28, offset=0x0000000115576154, flags=4, sharedPainter=0x0000000000000000, backingStore=0x0000000115576100) + 1317 at qwidget.cpp:5750
   frame #21: 0x000000010bc2704a QtWidgets_debug`QWidgetPrivate::drawWidget(this=0x000000010ef02a70, pdev=0x00000001155752b0, rgn=0x00007fff5fbf7f28, offset=0x0000000115576154, flags=5, sharedPainter=0x0000000000000000, backingStore=0x0000000115576100) + 3866 at qwidget.cpp:5606
   frame #22: 0x000000010bbe68be QtWidgets_debug`QWidgetBackingStore::doSync(this=0x0000000115576100) + 4910 at qwidgetbackingstore.cpp:1226
   frame #23: 0x000000010bbe6c8c QtWidgets_debug`QWidgetBackingStore::sync(this=0x0000000115576100) + 508 at qwidgetbackingstore.cpp:1032
   frame #24: 0x000000010bc1c5c6 QtWidgets_debug`QWidgetPrivate::syncBackingStore(this=0x000000010ef02a70) + 150 at qwidget.cpp:1892
   frame #25: 0x000000010bc2f48c QtWidgets_debug`QWidget::event(this=0x000000010ef028f0, event=0x000000010eafa4e0) + 4332 at qwidget.cpp:8970
   frame #26: 0x000000010bda43d2 QtWidgets_debug`QMainWindow::event(this=0x000000010ef028f0, event=0x000000010eafa4e0) + 1810 at qmainwindow.cpp:1495
   frame #27: 0x00000001005c848c gdc`WMainWindow::event(this=0x000000010ef028f0, event=0x000000010eafa4e0) + 1148 at WMainWindow.cpp:1047
   frame #28: 0x000000010bbcef3c QtWidgets_debug`QApplicationPrivate::notify_helper(this=0x000000010e83b160, receiver=0x000000010ef028f0, e=0x000000010eafa4e0) + 396 at qapplication.cpp:3717
   frame #29: 0x000000010bbd3f36 QtWidgets_debug`QApplication::notify(this=0x000000010e83b040, receiver=0x000000010ef028f0, e=0x000000010eafa4e0) + 14310 at qapplication.cpp:3682
   frame #30: 0x000000010019df56 gdc`QtSingleApplication::notify(this=0x000000010e83b040, receiver=0x000000010ef028f0, event=0x000000010eafa4e0) + 374 at qtsingleapplication.cpp:414
   frame #31: 0x0000000101809d66 QtCore_debug`QCoreApplication::notifyInternal(this=0x000000010e83b040, receiver=0x000000010ef028f0, event=0x000000010eafa4e0) + 198 at qcoreapplication.cpp:965
   frame #32: 0x000000010180f234 QtCore_debug`QCoreApplication::sendEvent(receiver=0x000000010ef028f0, event=0x000000010eafa4e0) + 84 at qcoreapplication.h:224
   frame #33: 0x000000010180b26c QtCore_debug`QCoreApplicationPrivate::sendPostedEvents(receiver=0x0000000000000000, event_type=0, data=0x000000010e825070) + 1436 at qcoreapplication.cpp:1593
   frame #34: 0x000000010180a6af QtCore_debug`QCoreApplication::sendPostedEvents(receiver=0x0000000000000000, event_type=0) + 47 at qcoreapplication.cpp:1451
   frame #35: 0x00000001120a531e libqcocoa.dylib`___lldb_unnamed_function448$$libqcocoa.dylib + 190
   frame #36: 0x00000001120a5bf1 libqcocoa.dylib`___lldb_unnamed_function460$$libqcocoa.dylib + 33
   frame #37: 0x00007fff9032aa01 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
   frame #38: 0x00007fff9031cb8d CoreFoundation`__CFRunLoopDoSources0 + 269
   frame #39: 0x00007fff9031c1bf CoreFoundation`__CFRunLoopRun + 927
   frame #40: 0x00007fff9031bbd8 CoreFoundation`CFRunLoopRunSpecific + 296
   frame #41: 0x00007fff93ab056f HIToolbox`RunCurrentEventLoopInMode + 235
   frame #42: 0x00007fff93ab01ee HIToolbox`ReceiveNextEventCommon + 179
   frame #43: 0x00007fff93ab012b HIToolbox`_BlockUntilNextEventMatchingListInModeWithFilter + 71
   frame #44: 0x00007fff8f69b8ab AppKit`_DPSNextEvent + 978
   frame #45: 0x00007fff8f69ae58 AppKit`-[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 346
   frame #46: 0x00007fff8f690af3 AppKit`-[NSApplication run] + 594
   frame #47: 0x00000001120a4abf libqcocoa.dylib`___lldb_unnamed_function442$$libqcocoa.dylib + 2191
   frame #48: 0x00000001018050fa QtCore_debug`QEventLoop::processEvents(this=0x00007fff5fbfb178, flags=(i = 36)) + 122 at qeventloop.cpp:128
   frame #49: 0x000000010180533d QtCore_debug`QEventLoop::exec(this=0x00007fff5fbfb178, flags=(i = 0)) + 557 at qeventloop.cpp:204
   frame #50: 0x000000010bddad14 QtWidgets_debug`QMenu::exec(this=0x000000010eac8d40, p=0x00007fff5fbfbd00, action=0x0000000000000000) + 148 at qmenu.cpp:2307
   frame #51: 0x0000000100399940 gdc`Utilities::execPopupMenu(menu=0x000000010eac8d40, pos=0x00007fff5fbfbd00) + 64 at Utilities.h:297
   frame #52: 0x00000001005fbb66 gdc`WTextEdit::contextMenuEvent(this=0x0000000112301dd0, event=0x00007fff5fbfbcd8) + 5206 at WTextEdit.cpp:405
   frame #53: 0x000000010bc2eeea QtWidgets_debug`QWidget::event(this=0x0000000112301dd0, event=0x00007fff5fbfbcd8) + 2890 at qwidget.cpp:8840
   frame #54: 0x000000010bd83d7d QtWidgets_debug`QFrame::event(this=0x0000000112301dd0, e=0x00007fff5fbfbcd8) + 77 at qframe.cpp:540
   frame #55: 0x000000010be376e0 QtWidgets_debug`QAbstractScrollArea::event(this=0x0000000112301dd0, e=0x00007fff5fbfbcd8) + 1280 at qabstractscrollarea.cpp:1038
   frame #56: 0x000000010be18fbc QtWidgets_debug`QTextEdit::event(this=0x0000000112301dd0, e=0x000000010ea19ed0) + 252 at qtextedit.cpp:1056
   frame #57: 0x000000010be21218 QtWidgets_debug`QTextBrowser::event(this=0x0000000112301dd0, e=0x000000010ea19ed0) + 40 at qtextbrowser.cpp:1257
   frame #58: 0x000000010bbcef3c QtWidgets_debug`QApplicationPrivate::notify_helper(this=0x000000010e83b160, receiver=0x0000000112301dd0, e=0x000000010ea19ed0) + 396 at qapplication.cpp:3717
   frame #59: 0x000000010bbd22ec QtWidgets_debug`QApplication::notify(this=0x000000010e83b040, receiver=0x0000000112301dd0, e=0x000000010ea19ed0) + 7068 at qapplication.cpp:3360
   frame #60: 0x000000010019df56 gdc`QtSingleApplication::notify(this=0x000000010e83b040, receiver=0x0000000112301dd0, event=0x000000010ea19ed0) + 374 at qtsingleapplication.cpp:414
   frame #61: 0x0000000101809d66 QtCore_debug`QCoreApplication::notifyInternal(this=0x000000010e83b040, receiver=0x0000000112301dd0, event=0x000000010ea19ed0) + 198 at qcoreapplication.cpp:965
   frame #62: 0x000000010180f234 QtCore_debug`QCoreApplication::sendEvent(receiver=0x0000000112301dd0, event=0x000000010ea19ed0) + 84 at qcoreapplication.h:224
   frame #63: 0x000000010180b26c QtCore_debug`QCoreApplicationPrivate::sendPostedEvents(receiver=0x0000000000000000, event_type=0, data=0x000000010e825070) + 1436 at qcoreapplication.cpp:1593
   frame #64: 0x000000010180a6af QtCore_debug`QCoreApplication::sendPostedEvents(receiver=0x0000000000000000, event_type=0) + 47 at qcoreapplication.cpp:1451
   frame #65: 0x00000001120a531e libqcocoa.dylib`___lldb_unnamed_function448$$libqcocoa.dylib + 190
   frame #66: 0x00000001120a5bf1 libqcocoa.dylib`___lldb_unnamed_function460$$libqcocoa.dylib + 33
   frame #67: 0x00007fff9032aa01 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
   frame #68: 0x00007fff9031cb8d CoreFoundation`__CFRunLoopDoSources0 + 269
   frame #69: 0x00007fff9031c1bf CoreFoundation`__CFRunLoopRun + 927
   frame #70: 0x00007fff9031bbd8 CoreFoundation`CFRunLoopRunSpecific + 296
   frame #71: 0x00007fff93ab056f HIToolbox`RunCurrentEventLoopInMode + 235
   frame #72: 0x00007fff93ab02ea HIToolbox`ReceiveNextEventCommon + 431
   frame #73: 0x00007fff93ab012b HIToolbox`_BlockUntilNextEventMatchingListInModeWithFilter + 71
   frame #74: 0x00007fff8f69b8ab AppKit`_DPSNextEvent + 978
   frame #75: 0x00007fff8f69ae58 AppKit`-[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 346
   frame #76: 0x00007fff8f690af3 AppKit`-[NSApplication run] + 594
   frame #77: 0x00000001120a4abf libqcocoa.dylib`___lldb_unnamed_function442$$libqcocoa.dylib + 2191
   frame #78: 0x00000001018050fa QtCore_debug`QEventLoop::processEvents(this=0x00007fff5fbfe5e0, flags=(i = 36)) + 122 at qeventloop.cpp:128
   frame #79: 0x000000010180533d QtCore_debug`QEventLoop::exec(this=0x00007fff5fbfe5e0, flags=(i = 0)) + 557 at qeventloop.cpp:204
   frame #80: 0x000000010180a549 QtCore_debug`QCoreApplication::exec() + 393 at qcoreapplication.cpp:1229
   frame #81: 0x000000010abba2e6 QtGui_debug`QGuiApplication::exec() + 22 at qguiapplication.cpp:1528
   frame #82: 0x000000010bbd0609 QtWidgets_debug`QApplication::exec() + 9 at qapplication.cpp:2977
   frame #83: 0x00000001000fdd2a gdc`main(argc=1, argv=0x00007fff5fbff098) + 17562 at main.cpp:680
   frame #84: 0x0000000100008424 gdc`start + 52
(lldb)

      Attachments

        For Gerrit Dashboard: QTBUG-50263
        # Subject Branch Project Status CR V
        146237,2 QFocusFrame: Don't crash on null d->widget. 5.6 qt/qtbase Status: MERGED +2 0

        Activity

          People

            sorvig Morten Sørvig
            ls@4js.com Leo Schubert
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes