Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: P1: Critical
Fix Version/s: 5.15.16, 6.5.4, 6.6.1, 6.7.0 FF
Affects Version/s: 5.15
Component/s: Active Qt
Labels:
None
Environment:
Windows

Platform/s:

Windows
Support Tickets:

421818
Commits:
690770d8e (dev), c758be532 (6.6), 61365249a (6.5), 2965d36e0 (tqtc/lts-5.15)

Description

This bug was initially reported in https://bugreports.qt.io/browse/QTBUG-96871 but it seems to have been dismissed because it was not reported on a supported (LTS) QT version.

I report the same bug with additional details for QT 5.15 now.

This bug can be reproduced 100% on our application - if one makes sure to trigger the COM service dispatch events while QT connects to that interface.

We are basically calling :

connect(QAxObject, SIGNAL(StateChangedCallback(State)), SLOT(OnStateChangedCallback(State)))

The callstack

 ntdll!NtWaitForMultipleObjects+0x14
 ntdll!WerpWaitForCrashReporting+0xa8
 ntdll!RtlReportExceptionHelper+0x33e
 ntdll!RtlReportException+0x9b
 combase!SilentlyReportExceptions+0xb2 [onecore\com\combase\dcomrem\excepn.cxx @ 134] 
 combase!ServerExceptionFilter+0x112 [onecore\com\combase\dcomrem\excepn.cxx @ 209] 
 combase!AppInvokeExceptionFilterWithMethodAddress+0x66 [onecore\com\combase\dcomrem\excepn.cxx @ 476] 
 combase!`ObjectMethodExceptionHandlingAction<<lambda_c9f3956a20c9da92a64affc24fdd69ec> >'::`1'::filt$0+0x78 [onecore\com\combase\dcomrem\excepn.hxx @ 89] 
 ucrtbase!_C_specific_handler+0xa0
 ntdll!RtlpExecuteHandlerForException+0xf
 ntdll!RtlDispatchException+0x244
 ntdll!KiUserExceptionDispatch+0x2e
 Qt5Core!priv+0x5 [c:\dev\galaxy\qt5\qtbase\src\corelib\kernel\qmetaobject.cpp @ 156] 
 Qt5Core!indexOfMethodRelative<4>+0x55 [c:\dev\galaxy\qt5\qtbase\src\corelib\kernel\qmetaobject.cpp @ 619] 
 Qt5Core!QMetaObjectPrivate::indexOfSignalRelative+0x1f [c:\dev\galaxy\qt5\qtbase\src\corelib\kernel\qmetaobject.cpp @ 748] 
 Qt5Core!QObjectPrivate::signalIndex+0x105 [c:\dev\galaxy\qt5\qtbase\src\corelib\kernel\qobject.cpp @ 4028] 
 Qt5Core!QObject::receivers+0x59 [c:\dev\galaxy\qt5\qtbase\src\corelib\kernel\qobject.cpp @ 2612] 
 qtApp!QAxEventSink::signalHasReceivers+0x6e [c:\work\git\qt5\qtactiveqt\src\activeqt\container\qaxbase.cpp @ 568] 
 qtApp!QAxEventSink::Invoke+0x17d [c:\work\git\qt5\qtactiveqt\src\activeqt\container\qaxbase.cpp @ 392] 
 oleaut32!IDispatch_Invoke_Stub+0xd4
 oleaut32!IDispatch_RemoteInvoke_Thunk+0x60
 rpcrt4!NdrStubCall2+0x36f
 combase!CStdStubBuffer_Invoke+0xac [onecore\com\combase\ndr\ndrole\stub.cxx @ 1517] 
 oleaut32!CDispStubWrapper::Invoke+0x1bb
 combase!InvokeStubWithExceptionPolicyAndTracing::__l6::<lambda_c9f3956a20c9da92a64affc24fdd69ec>::operator()+0x18 [onecore\com\combase\dcomrem\channelb.cxx @ 1279] 
 combase!ObjectMethodExceptionHandlingAction<<lambda_c9f3956a20c9da92a64affc24fdd69ec> >+0x43 [onecore\com\combase\dcomrem\excepn.hxx @ 87] 
 combase!InvokeStubWithExceptionPolicyAndTracing+0xd0 [onecore\com\combase\dcomrem\channelb.cxx @ 1277] 
 combase!DefaultStubInvoke+0x1ee [onecore\com\combase\dcomrem\channelb.cxx @ 1346] 
 combase!SyncStubCall::Invoke+0x22 [onecore\com\combase\dcomrem\channelb.cxx @ 1403] 
 combase!SyncServerCall::StubInvoke+0x26 [onecore\com\combase\dcomrem\ServerCall.hpp @ 781] 
 combase!StubInvoke+0x23e [onecore\com\combase\dcomrem\channelb.cxx @ 1628] 
 combase!ServerCall::ContextInvoke+0x403 [onecore\com\combase\dcomrem\ctxchnl.cxx @ 1423] 
 combase!CServerChannel::ContextInvoke+0x143 [onecore\com\combase\dcomrem\ctxchnl.cxx @ 1332] 
 combase!DefaultInvokeInApartment+0x143 [onecore\com\combase\dcomrem\callctrl.cxx @ 3297] 
 combase!ReentrantSTAInvokeInApartment+0x1ad [onecore\com\combase\dcomrem\reentrantsta.cpp @ 113] 
 combase!AppInvoke+0x245 [onecore\com\combase\dcomrem\channelb.cxx @ 1122] 
 combase!ComInvokeWithLockAndIPID+0xaf6 [onecore\com\combase\dcomrem\channelb.cxx @ 2210] 
 combase!ComInvoke+0x1ff [onecore\com\combase\dcomrem\channelb.cxx @ 1697] 
 combase!ThreadDispatch+0x25e [onecore\com\combase\dcomrem\chancont.cxx @ 414] 
 combase!ThreadWndProc+0x40a [onecore\com\combase\dcomrem\chancont.cxx @ 740] 
 user32!UserCallWinProcCheckWow+0x2f8
 user32!DispatchMessageWorker+0x249
 combase!CCliModalLoop::MyDispatchMessage+0xc [onecore\com\combase\dcomrem\callctrl.cxx @ 2989] 
 combase!CCliModalLoop::PeekRPCAndDDEMessage+0x77 [onecore\com\combase\dcomrem\callctrl.cxx @ 2611] 
 combase!CCliModalLoop::BlockFn+0x2c5 [onecore\com\combase\dcomrem\callctrl.cxx @ 2103] 
 combase!ModalLoop+0xa9 [onecore\com\combase\dcomrem\chancont.cxx @ 164] 
 combase!ClassicSTAThreadWaitForCall+0xbb [onecore\com\combase\dcomrem\threadtypespecific.cpp @ 172] 
 combase!ThreadSendReceive+0x84e [onecore\com\combase\dcomrem\channelb.cxx @ 7355] 
 combase!CSyncClientCall::SwitchAptAndDispatchCall+0x8df [onecore\com\combase\dcomrem\channelb.cxx @ 5900] 
 combase!CSyncClientCall::SendReceive2+0x9d6 [onecore\com\combase\dcomrem\channelb.cxx @ 5459] 
 combase!SyncClientCallRetryContext::SendReceiveWithRetry+0x25 [onecore\com\combase\dcomrem\callctrl.cxx @ 1542] 
 combase!CSyncClientCall::SendReceiveInRetryContext+0x25 [onecore\com\combase\dcomrem\callctrl.cxx @ 565] 
 combase!ClassicSTAThreadSendReceive+0xa3 [onecore\com\combase\dcomrem\callctrl.cxx @ 547] 
 combase!CSyncClientCall::SendReceive+0x18b [onecore\com\combase\dcomrem\ctxchnl.cxx @ 783] 
 combase!CClientChannel::SendReceive+0x84 [onecore\com\combase\dcomrem\ctxchnl.cxx @ 655] 
 combase!NdrExtpProxySendReceive+0x4e [onecore\com\combase\ndr\ndrole\proxy.cxx @ 2002] 
 rpcrt4!NdrpClientCall2+0x5d0
 rpcrt4!NdrClientCall2+0x1f
 oleaut32!ITypeInfo_GetNames_Proxy+0x3d
 qtApp!qaxTypeInfoNames+0x59 [c:\work\git\qt5\qtactiveqt\src\activeqt\shared\qaxutils.cpp @ 252] 
 qtApp!MetaObjectGenerator::readEventInterface+0x20f [c:\work\git\qt5\qtactiveqt\src\activeqt\container\qaxbase.cpp @ 2821] 
 qtApp!MetaObjectGenerator::readEventInfo+0x495 [c:\work\git\qt5\qtactiveqt\src\activeqt\container\qaxbase.cpp @ 2905] 
 qtApp!MetaObjectGenerator::metaObject+0xfb [c:\work\git\qt5\qtactiveqt\src\activeqt\container\qaxbase.cpp @ 3026] 
 qtApp!QAxBase::metaObject+0xb9 [c:\work\git\qt5\qtactiveqt\src\activeqt\container\qaxbase.cpp @ 3288] 
 Qt5Core!QObject::connect+0xed [c:\dev\galaxy\qt5\qtbase\src\corelib\kernel\qobject.cpp @ 2834] 
 qtApp!QObject::connect+0x25 [c:\dev\qt\include\qtcore\qobject.h @ 483]

Seems to be some kind of a race condition between the time QT fully initializes it's COM binding and the moment it actually receives a COM dispatch event.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

CrashFix-6063.patch
2 kB
11 Feb '22 12:47

Issue Links

duplicates

QTBUG-96871 Crash on calling connect on QAxObject source instance

Closed

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

For Gerrit Dashboard: QTBUG-100657
#	Subject	Branch	Project	Status	CR	V
503103,2	Block signals while the meta object gets created	dev	qt/qtactiveqt	Status: MERGED	+2	0
506411,2	Block signals while the meta object gets created	6.6	qt/qtactiveqt	Status: MERGED	+2	0
506535,2	Block signals while the meta object gets created	6.5	qt/qtactiveqt	Status: MERGED	+2	0
506655,2	Block signals while the meta object gets created	tqtc/lts-5.15	qt/tqtc-qtactiveqt	Status: MERGED	+2	0