Uploaded image for project: 'Qt for Python'
  1. Qt for Python
  2. PYSIDE-3072

[REG 6.7 -> 6.8] Memory corruption when connecting to a signal on another thread

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • P2: Important
    • 6.10.0
    • 6.8.0.2, 6.9.0, 6.8.3
    • PySide
    • None
    • Windows 10 or Arch Linux 6.12 or Ubuntu 24.04

      PySide6 versions 6.8.0.2, 6.8.3 or 6.9 from PyPI, Arch Linux Package repository, Neon package repository or self-built
    • Linux/X11, Windows
    • a4790d33c (dev)

    Description

      When performing a signal connection in a thread, there is a chance something is corrupted, causing a segfault. The attached code runs this process many times, and runs successfully under Qt 6.7. Under 6.8 it produces output on Linux such as (this is a debug build of PySide6)

      Qt version 6.8.2
Started
ASSERT: "entry < allocated" in file /usr/include/qt6/QtCore/qhash.h, line 286
Aborted (core dumped)

      or

      Qt version 6.8.2
Started
ASSERT: "!isUnused()" in file /usr/include/qt6/QtCore/qhash.h, line 794
Aborted (core dumped)

      On Ubuntu it's similar, but with different messages (not a debug build)

      Qt version 6.8.2
Started
terminate called after throwing an instance of 'std::bad_alloc'
  what():  std::bad_alloc
Aborted (core dumped)
refeyn@refeyn-linux-build:~$ python kdbg2.py 
Qt version 6.8.2
Started
Segmentation fault (core dumped)
refeyn@refeyn-linux-build:~$ python kdbg2.py 
Qt version 6.8.2
Started
Segmentation fault (core dumped)
refeyn@refeyn-linux-build:~$ python kdbg2.py 
Qt version 6.8.2
Started
malloc(): unaligned tcache chunk detected
Aborted (core dumped)

      Or on Windows with faulthandler enabled:

      Qt version 6.8.0
Started
Windows fatal exception: code 0xc0000374

Current thread 0x0000b410 (most recent call first):
  File "C:\Users\matthew.joyce\Repos\lw8\kdbg2.py", line 19 in onR

Thread 0x00009e70 (most recent call first):
  File "C:\Users\matthew.joyce\Repos\lw8\kdbg2.py", line 35 in <module>

      Bisecting pyside, this commit responsible for the change in behaviour is 33bd61d13d8d9e3794b6049891be62f3351313d9 (libpyside: Reimplement signal connections for Python callables not targeting a QMetaMethod)

      Oddly this code does use proper slots, so the commit message would imply no change was expected. Dumping the object info shows:

      OBJECT D::unnamed
  SIGNALS OUT
        <None>
  SIGNALS IN
          <-- C::unnamed onS()
OBJECT C::unnamed
  SIGNALS OUT
        signal: destroyed(QObject*)
          <functor or function pointer>
        signal: signal()
          --> D::unnamed onS()
  SIGNALS IN
        <None>

      Attachments

        1. signal_connect_crash.py
          0.5 kB
        2. pyside3072.py
          0.8 kB
        3. pyside3072_stack.txt
          39 kB
        For Gerrit Dashboard: PYSIDE-3072
        # Subject Branch Project Status CR V
        640524,1 PySide/Signal manager: Fix corruption when connecting to temporary object 6.9 pyside/pyside-setup Status: NEW +2 0

        Activity

          People

            kleint Friedemann Kleint
            matsjoyce-refeyn Matthew Joyce
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There is 1 open Gerrit change