Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-94502

Crash on Android caused by automatic type conversion between JS array and QVariantList (SIGBUS)

    XMLWordPrintable

Details

    • Android
    • dbe34dfa0d42510b804c898b77d6fe145473c31b (qt/qtdeclarative/dev) 94063d0c01b1471554773c00c2f6dd4a916fe0ac (qt/qtdeclarative/6.2) 55a9b77788dc11bf3669ed77a91d3cb68de03b0a (qt/qtdeclarative/6.1)

    Description

      Running the attached minimal example on an Android device (armeabi-v7a) or Android simulator (x86) leads to an reproducible crash. The type conversion from JS array to QVariantList in main.qml:27 seems to be the origin of the crash. Sometimes the crash occurs immediately, sometimes after pressing the button. arm64-v8a is not affected.

      Also notice the output onĀ armeabi-v7a (if the crash doesn't occur immediately):

      libtest_armeabi-v7a.so: list QList(QVariant(Invalid), QVariant(Invalid))

      vs. arm64-v8a:

      libtest_arm64-v8a.so: list QList(QVariant(QColor, QColor(ARGB 1, 0, 0.501961, 0)), QVariant(QColor, QColor(ARGB 1, 0, 0, 0)))

      Tested with following build environment (default setup Qt online installer):

      • Android-NDK 21.3.6528147
      • Clang 9.0.8 from the NDK
      • Targets: armv7a-linux-androideabi23, aarch64-linux-android23, i686-linux-android23
      • Qt 6.1.1

      I got this stack trace from another application (not the minimal example) but with the same cause and with Qt 6.1.1 compiled from source

      SIGBUS (signal SIGBUS: illegal alignment)
      int std::__ndk1::__cxx_atomic_fetch_add<int>(std::__ndk1::__cxx_atomic_base_impl<int>*, int, std::__ndk1::memory_order) atomic:1014
std::__ndk1::__atomic_base<int, true>::fetch_add(int, std::__ndk1::memory_order) atomic:1575
std::__ndk1::__atomic_base<int, true>::operator++() atomic:1612
bool QAtomicOps<int>::ref<int>(std::__ndk1::atomic<int>&) 0x00000000c4c8bc90
QBasicAtomicInteger<int>::ref() 0x00000000c4c8bc6e
QVariant::QVariant(QVariant const&) 0x00000000c4dc6d4a
void QtPrivate::QMovableArrayOps<QVariant>::emplace<QVariant const&>(int, QVariant const&&&) 0x00000000c4d8ae8e
QVariant& QList<QVariant>::emplaceBack<QVariant const&>(QVariant const&&&) 0x00000000c4d8adc0
QList<QVariant>::append(QVariant const&) 0x00000000c4d8a642
QList<QVariant>::push_back(QVariant const&) 0x00000000c4d912d4
QtMetaContainerPrivate::QMetaSequenceForContainer<QList<QVariant> >::getAddValueFn()::'lambda'(void*, void const*, QtMetaContainerPrivate::QMetaContainerInterface::Position)::operator()(void*, void const*, QtMetaContainerPrivate::QMetaContainerInterface::Position) const 0x00000000c4d912a6
QtMetaContainerPrivate::QMetaSequenceForContainer<QList<QVariant> >::getAddValueFn()::'lambda'(void*, void const*, QtMetaContainerPrivate::QMetaContainerInterface::Position)::__invoke(void*, void const*, QtMetaContainerPrivate::QMetaContainerInterface::Position) 0x00000000c4d90b5e
QMetaSequence::addValue(void*, void const*) const 0x00000000c4d52858
toVariant(QV4::ExecutionEngine*, QV4::Value const&, int, bool, QSet<QV4::Heap::Object*>*) 0x00000000c2fae546
QV4::ExecutionEngine::toVariant(QV4::Value const&, int, bool) 0x00000000c2fade36
QQmlBinding::slowWrite(QQmlPropertyData const&, QQmlPropertyData const&, QV4::Value const&, bool, QFlags<QQmlPropertyData::WriteFlag>) 0x00000000c30d9c40
GenericBinding<0>::write(QV4::Value const&, bool, QFlags<QQmlPropertyData::WriteFlag>) 0x00000000c30e639c
QQmlNonbindingBinding::doUpdate(QQmlJavaScriptExpression::DeleteWatcher const&, QFlags<QQmlPropertyData::WriteFlag>, QV4::Scope&) 0x00000000c30de358
QQmlBinding::update(QFlags<QQmlPropertyData::WriteFlag>) 0x00000000c30d9384
QQmlBinding::setEnabled(bool, QFlags<QQmlPropertyData::WriteFlag>) 0x00000000c30da526
QQmlObjectCreator::finalize(QQmlInstantiationInterrupt&) 0x00000000c3172b52
QQmlIncubatorPrivate::incubate(QQmlInstantiationInterrupt&) 0x00000000c313d658
QQmlEnginePrivate::incubate(QQmlIncubator&, QQmlRefPointer<QQmlContextData> const&) 0x00000000c313cfde
QQmlComponent::create(QQmlIncubator&, QQmlContext*, QQmlContext*) 0x00000000c30ec2ac

      Attachments

        For Gerrit Dashboard: QTBUG-94502
        # Subject Branch Project Status CR V
        354870,3 Fix conversion of entries to be added to QVariantLists dev qt/qtdeclarative Status: MERGED +2 0
        355078,3 Fix conversion of entries to be added to QVariantLists 6.2 qt/qtdeclarative Status: MERGED +2 0
        355079,3 Fix conversion of entries to be added to QVariantLists 6.1 qt/qtdeclarative Status: MERGED +2 0

        Activity

          People

            ulherman Ulf Hermann
            tereius Bjoern S
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes