Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-102403

QObject::objectName() leads to heap-use-after-free in tst_qquickanimations::cleanupWhenRenderThreadStops()

    XMLWordPrintable

Details

    • macOS
    • Team B Foundation Sprint 58

    Description

      The usage of QObject::objectName() from the render thread of an object that lives in the main thread causes Address Sanitiser to post an error when running the tst_qquickanimations::cleanupWhenRenderThreadStops() auto test.  This is supposed to work according to https://code.qt.io/cgit/qt/qtbase.git/commit/?id=3f32dcd1ddcbe04c77ccd83e2eaa566d7212e732

      But it doesn't in this case.  This should be a safe operation because this is during a "sync" phase of the rendering where the main thread is blocked by a wait condition while the render thread "syncs" it state with the main thread.  This seems to be caused by the new binding system in Qt 6.  

      13:55:09: Starting /Users/mitch/dev/qt-dev2-debug-non-fw/qtdeclarative/tests/auto/quick/qquickanimations/tst_qquickanimations...
********* Start testing of tst_qquickanimations *********
Config: Using QtTest library 6.4.0, Qt 6.4.0 (x86_64-little_endian-lp64 shared (dynamic) debug build; by Clang 13.1.6 (clang-1316.0.21.2) (Apple)), macos 12.3
PASS   : tst_qquickanimations::initTestCase()
PASS   : tst_qquickanimations::simpleProperty()
PASS   : tst_qquickanimations::simpleNumber()
PASS   : tst_qquickanimations::simpleColor()
PASS   : tst_qquickanimations::simpleRotation()
PASS   : tst_qquickanimations::simplePath()
PASS   : tst_qquickanimations::simpleAnchor()
PASS   : tst_qquickanimations::reparent()
PASS   : tst_qquickanimations::pathInterpolator()
PASS   : tst_qquickanimations::pathInterpolatorBackwardJump()
PASS   : tst_qquickanimations::pathWithNoStart()
PASS   : tst_qquickanimations::alwaysRunToEnd()
PASS   : tst_qquickanimations::complete()
PASS   : tst_qquickanimations::resume()
PASS   : tst_qquickanimations::dotProperty()
PASS   : tst_qquickanimations::badTypes()
PASS   : tst_qquickanimations::badProperties()
PASS   : tst_qquickanimations::mixedTypes()
PASS   : tst_qquickanimations::properties()
PASS   : tst_qquickanimations::propertiesTransition()
QWARN  : tst_qquickanimations::pathTransition() Binding on animations is not deferred as requested by the DeferredPropertyNames class info because one or more of its sub-objects contain an id.
PASS   : tst_qquickanimations::pathTransition()
PASS   : tst_qquickanimations::disabledTransition()
PASS   : tst_qquickanimations::invalidDuration()
PASS   : tst_qquickanimations::attached()
QWARN  : tst_qquickanimations::propertyValueSourceDefaultStart() Binding on animation is not deferred as requested by the DeferredPropertyNames class info because one or more of its sub-objects contain an id.
PASS   : tst_qquickanimations::propertyValueSourceDefaultStart()
QWARN  : tst_qquickanimations::dontStart() Binding on animations is not deferred as requested by the DeferredPropertyNames class info because one or more of its sub-objects contain an id.
PASS   : tst_qquickanimations::dontStart()
PASS   : tst_qquickanimations::easingProperties()
PASS   : tst_qquickanimations::rotation()
PASS   : tst_qquickanimations::startStopSignals()
PASS   : tst_qquickanimations::signalOrder(ColorAnimation, duration = 10)
PASS   : tst_qquickanimations::signalOrder(ColorAnimation, duration = 0)
PASS   : tst_qquickanimations::signalOrder(ParallelAnimation, duration = 0)
PASS   : tst_qquickanimations::runningTrueBug()
PASS   : tst_qquickanimations::nonTransitionBug()
PASS   : tst_qquickanimations::registrationBug()
PASS   : tst_qquickanimations::doubleRegistrationBug()
PASS   : tst_qquickanimations::alwaysRunToEndRestartBug()
PASS   : tst_qquickanimations::transitionAssignmentBug()
PASS   : tst_qquickanimations::pauseBindingBug()
PASS   : tst_qquickanimations::pauseBug()
PASS   : tst_qquickanimations::loopingBug()
PASS   : tst_qquickanimations::anchorBug()
PASS   : tst_qquickanimations::pathAnimationInOutBackBug()
PASS   : tst_qquickanimations::scriptActionBug()
PASS   : tst_qquickanimations::groupAnimationNullChildBug()
PASS   : tst_qquickanimations::scriptActionCrash()
PASS   : tst_qquickanimations::animatorInvalidTargetCrash()
PASS   : tst_qquickanimations::defaultPropertyWarning()
PASS   : tst_qquickanimations::pathSvgAnimation()
PASS   : tst_qquickanimations::pathLineUnspecifiedXYBug()
PASS   : tst_qquickanimations::unsetAnimatorProxyJobWindow()
QWARN  : tst_qquickanimations::finished() Binding on animation is not deferred as requested by the DeferredPropertyNames class info because one or more of its sub-objects contain an id.
QWARN  : tst_qquickanimations::finished() Binding on animations is not deferred as requested by the DeferredPropertyNames class info because one or more of its sub-objects contain an id.
PASS   : tst_qquickanimations::finished()
PASS   : tst_qquickanimations::replacingTransitions()
PASS   : tst_qquickanimations::animationJobSelfDestruction()
PASS   : tst_qquickanimations::fastFlickingBug()
PASS   : tst_qquickanimations::opacityAnimationFromZero()
PASS   : tst_qquickanimations::alwaysRunToEndInSequentialAnimationBug()
=================================================================
==29412==ERROR: AddressSanitizer: heap-use-after-free on address 0x6080001f4028 at pc 0x000116c7e474 bp 0x700000e0caf0 sp 0x700000e0cae8
READ of size 8 at 0x6080001f4028 thread T94
    #0 0x116c7e473 in _ZNK21QObjectCompatPropertyIN14QObjectPrivate9ExtraDataE7QStringXadL_ZNS1_30_qt_property_objectName_offsetEvEEXadL_ZNS1_22setObjectNameForwarderERKS2_EEXadL_ZNS1_20nameChangedForwarderES4_EELDn0EE5valueEv qproperty_p.h:520
    #1 0x116c7d0e4 in _ZNK21QObjectCompatPropertyIN14QObjectPrivate9ExtraDataE7QStringXadL_ZNS1_30_qt_property_objectName_offsetEvEEXadL_ZNS1_22setObjectNameForwarderERKS2_EEXadL_ZNS1_20nameChangedForwarderES4_EELDn0EEcvS4_Ev qproperty_p.h:544
    #2 0x116c7d031 in QObject::objectName() const qobject.cpp:1265
    #3 0x116c84ab4 in qt_qFindChild_helper(QObject const*, QString const&, QMetaObject const&, QFlags<Qt::FindChildOption>) qobject.cpp:2143
    #4 0x110736d48 in QSGBatchRenderer::ShaderManager* QObject::findChild<QSGBatchRenderer::ShaderManager*>(QString const&, QFlags<Qt::FindChildOption>) const qobject.h:180
    #5 0x11073628f in QSGBatchRenderer::Renderer::Renderer(QSGDefaultRenderContext*, QSGRendererInterface::RenderMode) qsgbatchrenderer.cpp:903
    #6 0x1107370c2 in QSGBatchRenderer::Renderer::Renderer(QSGDefaultRenderContext*, QSGRendererInterface::RenderMode) qsgbatchrenderer.cpp:886
    #7 0x11091c833 in QSGDefaultRenderContext::createRenderer(QSGRendererInterface::RenderMode) qsgdefaultrendercontext.cpp:248
    #8 0x11060b241 in QQuickWindowPrivate::syncSceneGraph() qquickwindow.cpp:558
    #9 0x11121d0d0 in QSGRenderThread::sync(bool) qsgthreadedrenderloop.cpp:585
    #10 0x11121fa6b in QSGRenderThread::syncAndRender() qsgthreadedrenderloop.cpp:723
    #11 0x111223e47 in QSGRenderThread::run() qsgthreadedrenderloop.cpp:974
    #12 0x117418dda in QThreadPrivate::start(void*)::$_0::operator()() const qthread_unix.cpp:358
    #13 0x117411c0c in void (anonymous namespace)::terminate_on_exception<QThreadPrivate::start(void*)::$_0>(QThreadPrivate::start(void*)::$_0&&) qthread_unix.cpp:294
    #14 0x117411846 in QThreadPrivate::start(void*) qthread_unix.cpp:317
    #15 0x7ff81092b4e0 in _pthread_start+0x7c (libsystem_pthread.dylib:x86_64+0x64e0)
    #16 0x7ff810926f6a in thread_start+0xe (libsystem_pthread.dylib:x86_64+0x1f6a)

0x6080001f4028 is located 8 bytes inside of 89-byte region [0x6080001f4020,0x6080001f4079)
freed by thread T93 here:
    #0 0x10b78e6d9 in wrap_free+0xa9 (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x486d9)
    #1 0x7ff81092951b in _pthread_tsd_cleanup+0x19b (libsystem_pthread.dylib:x86_64+0x451b)
    #2 0x7ff81092bb88 in _pthread_exit+0x45 (libsystem_pthread.dylib:x86_64+0x6b88)
    #3 0x7ff81092b4eb in _pthread_start+0x87 (libsystem_pthread.dylib:x86_64+0x64eb)
    #4 0x7ff810926f6a in thread_start+0xe (libsystem_pthread.dylib:x86_64+0x1f6a)

previously allocated by thread T93 here:
    #0 0x10b78e590 in wrap_malloc+0xa0 (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x48590)
    #1 0x10ff8391e in dyld4::RuntimeState::_instantiateTLVs(unsigned long)+0xae (dyld:x86_64+0xf91e)
    #2 0x7ff810932563 in tlv_get_addr+0x127 (libdyld.dylib:x86_64+0x1563)
    #3 0x117411138 in set_thread_data(QThreadData*) qthread_unix.cpp:169
    #4 0x1174189a9 in QThreadPrivate::start(void*)::$_0::operator()() const qthread_unix.cpp:332
    #5 0x117411c0c in void (anonymous namespace)::terminate_on_exception<QThreadPrivate::start(void*)::$_0>(QThreadPrivate::start(void*)::$_0&&) qthread_unix.cpp:294
    #6 0x117411846 in QThreadPrivate::start(void*) qthread_unix.cpp:317
    #7 0x7ff81092b4e0 in _pthread_start+0x7c (libsystem_pthread.dylib:x86_64+0x64e0)
    #8 0x7ff810926f6a in thread_start+0xe (libsystem_pthread.dylib:x86_64+0x1f6a)

Thread T94 created by T0 here:
    #0 0x10b78871c in wrap_pthread_create+0x5c (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x4271c)
    #1 0x11741381f in QThread::start(QThread::Priority) qthread_unix.cpp:744
    #2 0x11122b870 in QSGThreadedRenderLoop::handleExposure(QQuickWindow*) qsgthreadedrenderloop.cpp:1319
    #3 0x111229a55 in QSGThreadedRenderLoop::exposureChanged(QQuickWindow*) qsgthreadedrenderloop.cpp:1244
    #4 0x1106070ec in QQuickWindow::exposeEvent(QExposeEvent*) qquickwindow.cpp:214
    #5 0x11ac33b15 in QWindow::event(QEvent*) qwindow.cpp:2501
    #6 0x110617e74 in QQuickWindow::event(QEvent*) qquickwindow.cpp:1552
    #7 0x116aa439d in QCoreApplicationPrivate::notify_helper(QObject*, QEvent*) qcoreapplication.cpp:1237
    #8 0x116aa355c in doNotify(QObject*, QEvent*) qcoreapplication.cpp:1166
    #9 0x116aa3780 in QCoreApplication::notify(QObject*, QEvent*) qcoreapplication.cpp:1149
    #10 0x11aa39a13 in QGuiApplication::notify(QObject*, QEvent*) qguiapplication.cpp:1939
    #11 0x116aa3217 in QCoreApplication::notifyInternal2(QObject*, QEvent*) qcoreapplication.cpp:1070
    #12 0x116aa5f93 in QCoreApplication::sendSpontaneousEvent(QObject*, QEvent*) qcoreapplication.cpp:1500
    #13 0x11aa4920f in QGuiApplicationPrivate::processExposeEvent(QWindowSystemInterfacePrivate::ExposeEvent*) qguiapplication.cpp:3181
    #14 0x11aa3b54b in QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) qguiapplication.cpp:2078
    #15 0x11ac87901 in bool QWindowSystemHelper<QWindowSystemInterface::SynchronousDelivery>::handleEvent<QWindowSystemInterfacePrivate::ExposeEvent, QWindow*, QRegion>(QWindow*, QRegion) qwindowsysteminterface.cpp:135
    #16 0x11ac6cb48 in bool handleWindowSystemEvent<QWindowSystemInterfacePrivate::ExposeEvent, QWindowSystemInterface::SynchronousDelivery, QWindow*, QRegion>(QWindow*, QRegion) qwindowsysteminterface.cpp:167
    #17 0x11ac6c9dc in bool QWindowSystemInterface::handleExposeEvent<QWindowSystemInterface::SynchronousDelivery>(QWindow*, QRegion const&) qwindowsysteminterface.cpp:360
    #18 0x10ee28c6e in QCocoaWindow::handleExposeEvent(QRegion const&) qcocoawindow.mm:1444
    #19 0x10ee5ad5d in -[QNSView(Drawing) displayLayer:] qnsview_drawing.mm:243
    #20 0x7ff817a9e950 in CA::Layer::display_if_needed(CA::Transaction*)+0x368 (QuartzCore:x86_64+0x20950)
    #21 0x7ff817bf5335 in CA::Context::commit_transaction(CA::Transaction*, double, double*)+0x27f (QuartzCore:x86_64+0x177335)
    #22 0x7ff817a80230 in CA::Transaction::commit()+0x308 (QuartzCore:x86_64+0x2230)
    #23 0x7ff8135827f0 in __62+[CATransaction(NSCATransaction) NS_setFlushesWithDisplayLink]_block_invoke+0x11c (AppKit:x86_64+0x1aa7f0)
    #24 0x7ff813cc9687 in ___NSRunLoopObserverCreateWithHandler_block_invoke+0x28 (AppKit:x86_64+0x8f1687)
    #25 0x7ff8109f0e8f in __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__+0x16 (CoreFoundation:x86_64h+0x7ee8f)
    #26 0x7ff8109f0d21 in __CFRunLoopDoObservers+0x21e (CoreFoundation:x86_64h+0x7ed21)
    #27 0x7ff8109f01b3 in __CFRunLoopRun+0x347 (CoreFoundation:x86_64h+0x7e1b3)
    #28 0x7ff8109ef7ab in CFRunLoopRunSpecific+0x231 (CoreFoundation:x86_64h+0x7d7ab)
    #29 0x7ff819676ce5 in RunCurrentEventLoopInMode+0x123 (HIToolbox:x86_64+0x2fce5)
    #30 0x7ff819676912 in ReceiveNextEventCommon+0x11a (HIToolbox:x86_64+0x2f912)
    #31 0x7ff8196767e4 in _BlockUntilNextEventMatchingListInModeWithFilter+0x45 (HIToolbox:x86_64+0x2f7e4)
    #32 0x7ff8134165cc in _DPSNextEvent+0x39e (AppKit:x86_64+0x3e5cc)
    #33 0x7ff813414c89 in -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:]+0x571 (AppKit:x86_64+0x3cc89)
    #34 0x10edb3247 in QCocoaEventDispatcher::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) qcocoaeventdispatcher.mm:482
    #35 0x116aa463d in QCoreApplication::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) qcoreapplication.cpp:1299
    #36 0x11ac08181 in bool QTest::qWaitFor<QTest::qWaitForWindowExposed(QWindow*, int)::$_1>(QTest::qWaitForWindowExposed(QWindow*, int)::$_1, int) qtestsupport_core.h:75
    #37 0x11ac078b2 in QTest::qWaitForWindowExposed(QWindow*, int) qtestsupport_gui.cpp:93
    #38 0x109c5851d in tst_qquickanimations::cleanupWhenRenderThreadStops() tst_qquickanimations.cpp:2011
    #39 0x109c58fa7 in tst_qquickanimations::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) tst_qquickanimations.moc:320
    #40 0x116b103cc in QMetaMethod::invoke(QObject*, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) const qmetaobject.cpp:2393
    #41 0x10b44ab0d in QMetaMethod::invoke(QObject*, Qt::ConnectionType, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) const qmetaobject.h:126
    #42 0x10b448681 in QTest::TestMethods::invokeTestOnData(int) const qtestcase.cpp:967
    #43 0x10b44bd7e in QTest::TestMethods::invokeTest(int, char const*, QTest::WatchDog*) const qtestcase.cpp:1218
    #44 0x10b4522ca in QTest::TestMethods::invokeTests(QObject*) const qtestcase.cpp:1560
    #45 0x10b45466f in QTest::qRun() qtestcase.cpp:2026
    #46 0x10b4532e7 in QTest::qExec(QObject*, int, char**) qtestcase.cpp:1928
    #47 0x109c5893c in main tst_qquickanimations.cpp:2014
    #48 0x10ff7951d in start+0x1cd (dyld:x86_64+0x551d)

Thread T93 created by T0 here:
    #0 0x10b78871c in wrap_pthread_create+0x5c (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x4271c)
    #1 0x11741381f in QThread::start(QThread::Priority) qthread_unix.cpp:744
    #2 0x11122b870 in QSGThreadedRenderLoop::handleExposure(QQuickWindow*) qsgthreadedrenderloop.cpp:1319
    #3 0x111229a55 in QSGThreadedRenderLoop::exposureChanged(QQuickWindow*) qsgthreadedrenderloop.cpp:1244
    #4 0x1106070ec in QQuickWindow::exposeEvent(QExposeEvent*) qquickwindow.cpp:214
    #5 0x11ac33b15 in QWindow::event(QEvent*) qwindow.cpp:2501
    #6 0x110617e74 in QQuickWindow::event(QEvent*) qquickwindow.cpp:1552
    #7 0x116aa439d in QCoreApplicationPrivate::notify_helper(QObject*, QEvent*) qcoreapplication.cpp:1237
    #8 0x116aa355c in doNotify(QObject*, QEvent*) qcoreapplication.cpp:1166
    #9 0x116aa3780 in QCoreApplication::notify(QObject*, QEvent*) qcoreapplication.cpp:1149
    #10 0x11aa39a13 in QGuiApplication::notify(QObject*, QEvent*) qguiapplication.cpp:1939
    #11 0x116aa3217 in QCoreApplication::notifyInternal2(QObject*, QEvent*) qcoreapplication.cpp:1070
    #12 0x116aa5f93 in QCoreApplication::sendSpontaneousEvent(QObject*, QEvent*) qcoreapplication.cpp:1500
    #13 0x11aa4920f in QGuiApplicationPrivate::processExposeEvent(QWindowSystemInterfacePrivate::ExposeEvent*) qguiapplication.cpp:3181
    #14 0x11aa3b54b in QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) qguiapplication.cpp:2078
    #15 0x11ac87901 in bool QWindowSystemHelper<QWindowSystemInterface::SynchronousDelivery>::handleEvent<QWindowSystemInterfacePrivate::ExposeEvent, QWindow*, QRegion>(QWindow*, QRegion) qwindowsysteminterface.cpp:135
    #16 0x11ac6cb48 in bool handleWindowSystemEvent<QWindowSystemInterfacePrivate::ExposeEvent, QWindowSystemInterface::SynchronousDelivery, QWindow*, QRegion>(QWindow*, QRegion) qwindowsysteminterface.cpp:167
    #17 0x11ac6c9dc in bool QWindowSystemInterface::handleExposeEvent<QWindowSystemInterface::SynchronousDelivery>(QWindow*, QRegion const&) qwindowsysteminterface.cpp:360
    #18 0x10ee28c6e in QCocoaWindow::handleExposeEvent(QRegion const&) qcocoawindow.mm:1444
    #19 0x10ee5ad5d in -[QNSView(Drawing) displayLayer:] qnsview_drawing.mm:243
    #20 0x7ff817a9e950 in CA::Layer::display_if_needed(CA::Transaction*)+0x368 (QuartzCore:x86_64+0x20950)
    #21 0x7ff817bf5335 in CA::Context::commit_transaction(CA::Transaction*, double, double*)+0x27f (QuartzCore:x86_64+0x177335)
    #22 0x7ff817a80230 in CA::Transaction::commit()+0x308 (QuartzCore:x86_64+0x2230)
    #23 0x7ff8135827f0 in __62+[CATransaction(NSCATransaction) NS_setFlushesWithDisplayLink]_block_invoke+0x11c (AppKit:x86_64+0x1aa7f0)
    #24 0x7ff813cc9687 in ___NSRunLoopObserverCreateWithHandler_block_invoke+0x28 (AppKit:x86_64+0x8f1687)
    #25 0x7ff8109f0e8f in __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__+0x16 (CoreFoundation:x86_64h+0x7ee8f)
    #26 0x7ff8109f0d21 in __CFRunLoopDoObservers+0x21e (CoreFoundation:x86_64h+0x7ed21)
    #27 0x7ff8109f01b3 in __CFRunLoopRun+0x347 (CoreFoundation:x86_64h+0x7e1b3)
    #28 0x7ff8109ef7ab in CFRunLoopRunSpecific+0x231 (CoreFoundation:x86_64h+0x7d7ab)
    #29 0x7ff819676ce5 in RunCurrentEventLoopInMode+0x123 (HIToolbox:x86_64+0x2fce5)
    #30 0x7ff819676912 in ReceiveNextEventCommon+0x11a (HIToolbox:x86_64+0x2f912)
    #31 0x7ff8196767e4 in _BlockUntilNextEventMatchingListInModeWithFilter+0x45 (HIToolbox:x86_64+0x2f7e4)
    #32 0x7ff8134165cc in _DPSNextEvent+0x39e (AppKit:x86_64+0x3e5cc)
    #33 0x7ff813414c89 in -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:]+0x571 (AppKit:x86_64+0x3cc89)
    #34 0x10edb3247 in QCocoaEventDispatcher::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) qcocoaeventdispatcher.mm:482
    #35 0x116aa463d in QCoreApplication::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) qcoreapplication.cpp:1299
    #36 0x11ac08181 in bool QTest::qWaitFor<QTest::qWaitForWindowExposed(QWindow*, int)::$_1>(QTest::qWaitForWindowExposed(QWindow*, int)::$_1, int) qtestsupport_core.h:75
    #37 0x11ac078b2 in QTest::qWaitForWindowExposed(QWindow*, int) qtestsupport_gui.cpp:93
    #38 0x109c58420 in tst_qquickanimations::cleanupWhenRenderThreadStops() tst_qquickanimations.cpp:2007
    #39 0x109c58fa7 in tst_qquickanimations::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) tst_qquickanimations.moc:320
    #40 0x116b103cc in QMetaMethod::invoke(QObject*, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) const qmetaobject.cpp:2393
    #41 0x10b44ab0d in QMetaMethod::invoke(QObject*, Qt::ConnectionType, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) const qmetaobject.h:126
    #42 0x10b448681 in QTest::TestMethods::invokeTestOnData(int) const qtestcase.cpp:967
    #43 0x10b44bd7e in QTest::TestMethods::invokeTest(int, char const*, QTest::WatchDog*) const qtestcase.cpp:1218
    #44 0x10b4522ca in QTest::TestMethods::invokeTests(QObject*) const qtestcase.cpp:1560
    #45 0x10b45466f in QTest::qRun() qtestcase.cpp:2026
    #46 0x10b4532e7 in QTest::qExec(QObject*, int, char**) qtestcase.cpp:1928
    #47 0x109c5893c in main tst_qquickanimations.cpp:2014
    #48 0x10ff7951d in start+0x1cd (dyld:x86_64+0x551d)

SUMMARY: AddressSanitizer: heap-use-after-free qproperty_p.h:520 in _ZNK21QObjectCompatPropertyIN14QObjectPrivate9ExtraDataE7QStringXadL_ZNS1_30_qt_property_objectName_offsetEvEEXadL_ZNS1_22setObjectNameForwarderERKS2_EEXadL_ZNS1_20nameChangedForwarderES4_EELDn0EE5valueEv
Shadow bytes around the buggy address:
  0x1c100003e7b0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa
  0x1c100003e7c0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c100003e7d0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c100003e7e0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c100003e7f0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
=>0x1c100003e800: fa fa fa fa fd[fd]fd fd fd fd fd fd fd fd fd fd
  0x1c100003e810: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa
  0x1c100003e820: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa
  0x1c100003e830: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c100003e840: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa
  0x1c100003e850: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==29412==ABORTING
13:56:00: /Users/mitch/dev/qt-dev2-debug-non-fw/qtdeclarative/tests/auto/quick/qquickanimations/tst_qquickanimations crashed.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-101177 QTimer random segmentation fault (SIGSEGV)

          • P1: Critical - Urgent and Important, will STOP the release if matched with set FixVersion field. This includes regressions from the last version that are not edge cases; Data loss; Build issues; All but the most unlikely crashes/lockups/hanging; Serious usability issues and embarrassing bugs & Bugs critical to a deliverable. This is the highest possible priority for requirements.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-101681 tst_QPointer::threadSafety() is flaky (probably race condition)

          • P2: Important - Urgent, should be fixed, but will not stop the release.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-99775 Crash on QObject::objectName access when using QThreadPool from non-owning thread

          • P1: Critical - Urgent and Important, will STOP the release if matched with set FixVersion field. This includes regressions from the last version that are not edge cases; Data loss; Build issues; All but the most unlikely crashes/lockups/hanging; Serious usability issues and embarrassing bugs & Bugs critical to a deliverable. This is the highest possible priority for requirements.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              fabiankosmale Fabian Kosmale
              mitch_curtis Mitch Curtis
              Vladimir Minenko Vladimir Minenko
              Alex Blasche Alex Blasche
              Votes:
              0 Vote for this issue
              Watchers:
              11 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: