Description
$ cd qtwebengine/tests/manual/quick/pdf $ qml bookmarks.qml -- ~/online/books/dsohowto.pdf [ 0.000 D] qt.scenegraph.general QSGRhiSupport::applySettings - Using QRhi with backend OpenGL Graphics API debug/validation layers: 0 QRhi profiling and debug markers: 0 Shader/pipeline cache collection: 0 [ 0.002 D] qt.scenegraph.general QSGRenderLoop::instance - threaded render loop [ 0.002 D] qt.scenegraph.general qsg_useConsistentTiming - Using sg animation driver [ 0.002 D] qt.scenegraph.general QSGAnimationDriver::QSGAnimationDriver - Animation Driver: using vsync: 16.67 ms [ 0.859 D] default QQuickPdfDocument::setSource - QUrl("test.pdf") ------------------ deleting "null" [ 0.859 D] qt.pdf.document QPdfDocument::load - loading "/home/rutledge/dev/qt6/qtwebengine/tests/manual/quick/pdf/test.pdf" [ 0.918 D] default QQuickPdfDocument::carrierFile - "/home/rutledge/dev/qt6/qtwebengine/tests/manual/quick/pdf/test.pdf" <---------- [ 0.918 D] qt.pdf.image QQuickPdfPageImage::load - loading page 0 of 0 from "/home/rutledge/dev/qt6/qtwebengine/tests/manual/quick/pdf/test.pdf" status 3 [ 0.918 D] qt.imageformat.pdf QPdfIOHandler::load - loading via QPdfFile, reusing document instance QPdfDocument(0x55c0524a64d0) [ 0.918 D] qt.imageformat.pdf QPdfIOHandler::imageCount - 3 [ 0.918 D] qt.imageformat.pdf QPdfIOHandler::jumpToImage - 0 [ 0.918 D] qt.imageformat.pdf QPdfIOHandler::imageCount - 3 [ 0.919 D] qt.imageformat.pdf QPdfIOHandler::imageCount - 3 [ 0.919 D] qt.imageformat.pdf QPdfIOHandler::read - 0 QSize(398, 510) [ 0.923 D] default QQuickPdfDocument::setSource - QUrl("/home/rutledge/online/books/dsohowto.pdf") ------------------ deleting "/home/rutledge/dev/qt6/qtwebengine/tests/manual/quick/pdf/test.pdf" [ 0.924 D] qt.pdf.document QPdfDocument::load - loading "/home/rutledge/online/books/dsohowto.pdf" [ 0.924 D] qt.pdf.links QPdfLinkModel::onStatusChanged - sees document statusChanged QPdfDocument::Unloading [ 0.924 D] qt.pdf.image QQuickPdfPageImage::documentStatusChanged - document status QPdfDocument::Unloading [ 0.947 D] qt.pdf.document QPdfDocument::render - page 0 size QSize(398, 510) took 27 ms fish: Job 2, 'qml bookmarks.qml -- ~/online...' terminated by signal SIGSEGV (Address boundary error)
After https://codereview.qt-project.org/c/qt/qtwebengine/+/404636
QQuickPdfDocument::setSource() deletes m_carrierFile after QPdfIOHandler has already begun using it. So maybe it needs to be a QPointer, or we need some other way to tell QPdfIOHandler to stop what it's doing immediately. Or maybe delete it too? Any further reading or rendering is not necessary, because we are switching to a different PDF file.
The actual crash happens here in the QQuickPixmapReader thread:
QMetaObject::cast qmetaobject.cpp QMetaObject::cast qobjectdefs.h qobject_cast<QFile *> qobject.h QImageReader::fileName qimagereader.cpp QImageReader::read qimagereader.cpp readImage qquickpixmapcache.cpp QQuickPixmapReader::processJob qquickpixmapcache.cpp QQuickPixmapReader::processJobs qquickpixmapcache.cpp QQuickPixmapReader::run qquickpixmapcache.cpp operator() qthread_unix.cpp (anonymous namespace)::terminate_on_exception<QThre qthread_unix.cpp QThreadPrivate::start qthread_unix.cpp start_thread
Attachments
Issue Links
- resulted from
-
QTBUG-100578 Heap-use-after-free is possible with QQuickPixmap::loadAsync()
- Closed
For Gerrit Dashboard: QTBUG-102426 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
405851,1 | QImageReader::read(): cache filename rather than getting it twice | dev | qt/qtbase | Status: ABANDONED | 0 | 0 |