Details
-
Bug
-
Resolution: Unresolved
-
P1: Critical
-
None
-
6.2.4
-
None
Description
I'm getting sporadic crashes when deleting quick items. Unfortunately, there's no test application to demonstrate, but I'll try to explain. It involves a lot of loading/unloading of QML items with Loader
Here we can see, that QBindingStorageData has size == 8, used == 2.
And on 2nd screenshot p is NULL with i == 2.
See qproperty.cpp file.
QBindingStoragePrivate::reallocate allocates memory for QBindingStorageData at least 8 QBindingStoragePrivate::Pair, but doesn't create actual Pair structs. So the memory is filled with zeroes.
And QBindingStoragePrivate::destroy contains a for loop until size.
void destroy() { if (!d) return; Pair *p = pairs(d); for (size_t i = 0; i < d->size; ++i) { if (p->data) p->~Pair(); ++p; } free(d); }
I just wonder why it doesn't crash every single time. And why it doesn't crash on dereferencing p immediately. Anyway, it looks like a huge issue.
I can suggest checking p for NULL
if (p && p->data) p->~Pair();
or looping until d->used instead of d->size (if Pairs are guaranteed to be consequent in memory.
Pair *p = pairs(d); for (size_t i = 0; i < d->used; ++i) { if (p->data) p->~Pair(); ++p; }