Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-102017

Sporadic crashes at QBindingStorage::clear()

    XMLWordPrintable

    Details

    • Platform/s:
      All

      Description

      I'm getting sporadic crashes when deleting quick items. Unfortunately, there's no test application to demonstrate, but I'll try to explain. It involves a lot of loading/unloading of QML items with Loader



      Here we can see, that QBindingStorageData has size == 8, used == 2.
      And on 2nd screenshot p is NULL with i == 2.

      See qproperty.cpp file.
      QBindingStoragePrivate::reallocate allocates memory for QBindingStorageData at least 8 QBindingStoragePrivate::Pair, but doesn't create actual Pair structs. So the memory is filled with zeroes.

      And QBindingStoragePrivate::destroy contains a for loop until size.

          void destroy()
          {
              if (!d)
                  return;
              Pair *p = pairs(d);
              for (size_t i = 0; i < d->size; ++i) {
                  if (p->data)
                      p->~Pair();
                  ++p;
              }
              free(d);
          }
      

      I just wonder why it doesn't crash every single time. And why it doesn't crash on dereferencing p immediately. Anyway, it looks like a huge issue.

      I can suggest checking p for NULL

      if (p && p->data)
                      p->~Pair();
      

      or looping until d->used instead of d->size (if Pairs are guaranteed to be consequent in memory.

      Pair *p = pairs(d);
              for (size_t i = 0; i < d->used; ++i) {
                  if (p->data)
                      p->~Pair();
                  ++p;
              }
      

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            Assignee:
            fabiankosmale Fabian Kosmale
            Reporter:
            sergei.nevdakh Sergei Nevdakh
            Votes:
            2 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated:

                Gerrit Reviews

                There are no open Gerrit changes