Details
Description
This bug was initially reported in https://bugreports.qt.io/browse/QTBUG-96871 but it seems to have been dismissed because it was not reported on a supported (LTS) QT version.
I report the same bug with additional details for QT 5.15 now.
This bug can be reproduced 100% on our application - if one makes sure to trigger the COM service dispatch events while QT connects to that interface.
We are basically calling :
connect(QAxObject, SIGNAL(StateChangedCallback(State)), SLOT(OnStateChangedCallback(State)))
The callstack
ntdll!NtWaitForMultipleObjects+0x14 ntdll!WerpWaitForCrashReporting+0xa8 ntdll!RtlReportExceptionHelper+0x33e ntdll!RtlReportException+0x9b combase!SilentlyReportExceptions+0xb2 [onecore\com\combase\dcomrem\excepn.cxx @ 134] combase!ServerExceptionFilter+0x112 [onecore\com\combase\dcomrem\excepn.cxx @ 209] combase!AppInvokeExceptionFilterWithMethodAddress+0x66 [onecore\com\combase\dcomrem\excepn.cxx @ 476] combase!`ObjectMethodExceptionHandlingAction<<lambda_c9f3956a20c9da92a64affc24fdd69ec> >'::`1'::filt$0+0x78 [onecore\com\combase\dcomrem\excepn.hxx @ 89] ucrtbase!_C_specific_handler+0xa0 ntdll!RtlpExecuteHandlerForException+0xf ntdll!RtlDispatchException+0x244 ntdll!KiUserExceptionDispatch+0x2e Qt5Core!priv+0x5 [c:\dev\galaxy\qt5\qtbase\src\corelib\kernel\qmetaobject.cpp @ 156] Qt5Core!indexOfMethodRelative<4>+0x55 [c:\dev\galaxy\qt5\qtbase\src\corelib\kernel\qmetaobject.cpp @ 619] Qt5Core!QMetaObjectPrivate::indexOfSignalRelative+0x1f [c:\dev\galaxy\qt5\qtbase\src\corelib\kernel\qmetaobject.cpp @ 748] Qt5Core!QObjectPrivate::signalIndex+0x105 [c:\dev\galaxy\qt5\qtbase\src\corelib\kernel\qobject.cpp @ 4028] Qt5Core!QObject::receivers+0x59 [c:\dev\galaxy\qt5\qtbase\src\corelib\kernel\qobject.cpp @ 2612] qtApp!QAxEventSink::signalHasReceivers+0x6e [c:\work\git\qt5\qtactiveqt\src\activeqt\container\qaxbase.cpp @ 568] qtApp!QAxEventSink::Invoke+0x17d [c:\work\git\qt5\qtactiveqt\src\activeqt\container\qaxbase.cpp @ 392] oleaut32!IDispatch_Invoke_Stub+0xd4 oleaut32!IDispatch_RemoteInvoke_Thunk+0x60 rpcrt4!NdrStubCall2+0x36f combase!CStdStubBuffer_Invoke+0xac [onecore\com\combase\ndr\ndrole\stub.cxx @ 1517] oleaut32!CDispStubWrapper::Invoke+0x1bb combase!InvokeStubWithExceptionPolicyAndTracing::__l6::<lambda_c9f3956a20c9da92a64affc24fdd69ec>::operator()+0x18 [onecore\com\combase\dcomrem\channelb.cxx @ 1279] combase!ObjectMethodExceptionHandlingAction<<lambda_c9f3956a20c9da92a64affc24fdd69ec> >+0x43 [onecore\com\combase\dcomrem\excepn.hxx @ 87] combase!InvokeStubWithExceptionPolicyAndTracing+0xd0 [onecore\com\combase\dcomrem\channelb.cxx @ 1277] combase!DefaultStubInvoke+0x1ee [onecore\com\combase\dcomrem\channelb.cxx @ 1346] combase!SyncStubCall::Invoke+0x22 [onecore\com\combase\dcomrem\channelb.cxx @ 1403] combase!SyncServerCall::StubInvoke+0x26 [onecore\com\combase\dcomrem\ServerCall.hpp @ 781] combase!StubInvoke+0x23e [onecore\com\combase\dcomrem\channelb.cxx @ 1628] combase!ServerCall::ContextInvoke+0x403 [onecore\com\combase\dcomrem\ctxchnl.cxx @ 1423] combase!CServerChannel::ContextInvoke+0x143 [onecore\com\combase\dcomrem\ctxchnl.cxx @ 1332] combase!DefaultInvokeInApartment+0x143 [onecore\com\combase\dcomrem\callctrl.cxx @ 3297] combase!ReentrantSTAInvokeInApartment+0x1ad [onecore\com\combase\dcomrem\reentrantsta.cpp @ 113] combase!AppInvoke+0x245 [onecore\com\combase\dcomrem\channelb.cxx @ 1122] combase!ComInvokeWithLockAndIPID+0xaf6 [onecore\com\combase\dcomrem\channelb.cxx @ 2210] combase!ComInvoke+0x1ff [onecore\com\combase\dcomrem\channelb.cxx @ 1697] combase!ThreadDispatch+0x25e [onecore\com\combase\dcomrem\chancont.cxx @ 414] combase!ThreadWndProc+0x40a [onecore\com\combase\dcomrem\chancont.cxx @ 740] user32!UserCallWinProcCheckWow+0x2f8 user32!DispatchMessageWorker+0x249 combase!CCliModalLoop::MyDispatchMessage+0xc [onecore\com\combase\dcomrem\callctrl.cxx @ 2989] combase!CCliModalLoop::PeekRPCAndDDEMessage+0x77 [onecore\com\combase\dcomrem\callctrl.cxx @ 2611] combase!CCliModalLoop::BlockFn+0x2c5 [onecore\com\combase\dcomrem\callctrl.cxx @ 2103] combase!ModalLoop+0xa9 [onecore\com\combase\dcomrem\chancont.cxx @ 164] combase!ClassicSTAThreadWaitForCall+0xbb [onecore\com\combase\dcomrem\threadtypespecific.cpp @ 172] combase!ThreadSendReceive+0x84e [onecore\com\combase\dcomrem\channelb.cxx @ 7355] combase!CSyncClientCall::SwitchAptAndDispatchCall+0x8df [onecore\com\combase\dcomrem\channelb.cxx @ 5900] combase!CSyncClientCall::SendReceive2+0x9d6 [onecore\com\combase\dcomrem\channelb.cxx @ 5459] combase!SyncClientCallRetryContext::SendReceiveWithRetry+0x25 [onecore\com\combase\dcomrem\callctrl.cxx @ 1542] combase!CSyncClientCall::SendReceiveInRetryContext+0x25 [onecore\com\combase\dcomrem\callctrl.cxx @ 565] combase!ClassicSTAThreadSendReceive+0xa3 [onecore\com\combase\dcomrem\callctrl.cxx @ 547] combase!CSyncClientCall::SendReceive+0x18b [onecore\com\combase\dcomrem\ctxchnl.cxx @ 783] combase!CClientChannel::SendReceive+0x84 [onecore\com\combase\dcomrem\ctxchnl.cxx @ 655] combase!NdrExtpProxySendReceive+0x4e [onecore\com\combase\ndr\ndrole\proxy.cxx @ 2002] rpcrt4!NdrpClientCall2+0x5d0 rpcrt4!NdrClientCall2+0x1f oleaut32!ITypeInfo_GetNames_Proxy+0x3d qtApp!qaxTypeInfoNames+0x59 [c:\work\git\qt5\qtactiveqt\src\activeqt\shared\qaxutils.cpp @ 252] qtApp!MetaObjectGenerator::readEventInterface+0x20f [c:\work\git\qt5\qtactiveqt\src\activeqt\container\qaxbase.cpp @ 2821] qtApp!MetaObjectGenerator::readEventInfo+0x495 [c:\work\git\qt5\qtactiveqt\src\activeqt\container\qaxbase.cpp @ 2905] qtApp!MetaObjectGenerator::metaObject+0xfb [c:\work\git\qt5\qtactiveqt\src\activeqt\container\qaxbase.cpp @ 3026] qtApp!QAxBase::metaObject+0xb9 [c:\work\git\qt5\qtactiveqt\src\activeqt\container\qaxbase.cpp @ 3288] Qt5Core!QObject::connect+0xed [c:\dev\galaxy\qt5\qtbase\src\corelib\kernel\qobject.cpp @ 2834] qtApp!QObject::connect+0x25 [c:\dev\qt\include\qtcore\qobject.h @ 483]
Seems to be some kind of a race condition between the time QT fully initializes it's COM binding and the moment it actually receives a COM dispatch event.
Attachments
Issue Links
- duplicates
-
QTBUG-96871 Crash on calling connect on QAxObject source instance
- Closed