Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-104923

Heap use after free in QQuickStackView

    XMLWordPrintable

Details

    Description

      Running "tst_basic StackView::test_requiredProperties" I get:

      ********* Start testing of tst_controls::Basic *********
Config: Using QtTest library 6.5.0, Qt 6.5.0 (x86_64-little_endian-lp64 shared (dynamic) debug build; by GCC 10.2.1 20210110), debian 11
PASS   : tst_controls::Basic::StackView::initTestCase()
QWARN  : tst_controls::Basic::StackView::test_requiredProperties() file:///home/ulf/dev/qt6dev-src/qtdeclarative/tests/auto/quickcontrols2/controls/data/tst_stackview.qml:22:9: QML StackView: push: Property i was marked as required but not set.

=================================================================
==45257==ERROR: AddressSanitizer: heap-use-after-free on address 0x60f00019de68 at pc 0x7ffff37ef3bf bp 0x7ffffffd6f30 sp 0x7ffffffd6f28
READ of size 4 at 0x60f00019de68 thread T0
    #0 0x7ffff37ef3be in QQuickStackViewPrivate::viewItemTransitionFinished(QQuickItemViewTransitionableItem*) /home/ulf/dev/qt6dev-src/qtdeclarative/src/quicktemplates2/qquickstackview_p.cpp:269
    #1 0x7ffff37ef27f in QQuickStackViewPrivate::completeTransition(QQuickStackElement*, QQuickTransition*, QQuickStackView::Status) /home/ulf/dev/qt6dev-src/qtdeclarative/src/quicktemplates2/qquickstackview_p.cpp:263
    #2 0x7ffff37eedb7 in QQuickStackViewPrivate::startTransition(QQuickStackTransition const&, QQuickStackTransition const&, bool) /home/ulf/dev/qt6dev-src/qtdeclarative/src/quicktemplates2/qquickstackview_p.cpp:227
    #3 0x7ffff37d4e96 in QQuickStackView::pop(QQmlV4Function*) /home/ulf/dev/qt6dev-src/qtdeclarative/src/quicktemplates2/qquickstackview.cpp:690
    #4 0x7ffff37d958c in QQuickStackView::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/ulf/dev/qt6dev/qtdeclarative/src/quicktemplates2/QuickTemplates2_autogen/include/moc_qquickstackview_p.cpp:453
    #5 0x7ffff37db2de in QQuickStackView::qt_metacall(QMetaObject::Call, int, void**) /home/ulf/dev/qt6dev/qtdeclarative/src/quicktemplates2/QuickTemplates2_autogen/include/moc_qquickstackview_p.cpp:614
    #6 0x7ffff2b025b3 in QQmlVMEMetaObject::metaCall(QObject*, QMetaObject::Call, int, void**) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/qml/qqmlvmemetaobject.cpp:1085
    #7 0x7ffff461a1d5 in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) /home/ulf/dev/qt6dev-src/qtbase/src/corelib/kernel/qmetaobject.cpp:286
    #8 0x7ffff28b9c35 in QQmlObjectOrGadget::metacall(QMetaObject::Call, int, void**) const /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/qml/qqmlobjectorgadget.cpp:14
    #9 0x7ffff23db276 in operator() /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:2319
    #10 0x7ffff23db5ee in operator()<QV4::QObjectMethod::callInternal(const QV4::Value*, const QV4::Value*, int) const::<lambda()> > /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:2303
    #11 0x7ffff23dc38a in QV4::QObjectMethod::callInternal(QV4::Value const*, QV4::Value const*, int) const /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:2313
    #12 0x7ffff23daee9 in QV4::QObjectMethod::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:2262
    #13 0x7ffff2176ec1 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const /home/ulf/dev/qt6dev/qtbase/include/QtQml/6.5.0/QtQml/private/../../../../../../../qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:169
    #14 0x7ffff2516d79 in QV4::Moth::VME::interpret(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*, char const*) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:860
    #15 0x7ffff2508fc2 in QV4::Moth::VME::exec(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:542
    #16 0x7ffff22f6ea6 in QV4::ArrowFunction::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:542
    #17 0x7ffff2176ec1 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const /home/ulf/dev/qt6dev/qtbase/include/QtQml/6.5.0/QtQml/private/../../../../../../../qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:169
    #18 0x7ffff246bd77 in QV4::Runtime::CallElement::call(QV4::ExecutionEngine*, QV4::Value const&, QV4::Value const&, QV4::Value*, int) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4runtime.cpp:1509
    #19 0x7ffff251774d in QV4::Moth::VME::interpret(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*, char const*) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:866
    #20 0x7ffff2508fc2 in QV4::Moth::VME::exec(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:542
    #21 0x7ffff22f6ea6 in QV4::ArrowFunction::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:542
    #22 0x7ffff2176ec1 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const /home/ulf/dev/qt6dev/qtbase/include/QtQml/6.5.0/QtQml/private/../../../../../../../qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:169
    #23 0x7ffff246a0c1 in QV4::Runtime::CallQmlContextPropertyLookup::call(QV4::ExecutionEngine*, unsigned int, QV4::Value*, int) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4runtime.cpp:1398
    #24 0x7ffff251937e in QV4::Moth::VME::interpret(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*, char const*) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:890
    #25 0x7ffff2508fc2 in QV4::Moth::VME::exec(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:542
    #26 0x7ffff22f6ea6 in QV4::ArrowFunction::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:542
    #27 0x7ffff2176ec1 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const /home/ulf/dev/qt6dev/qtbase/include/QtQml/6.5.0/QtQml/private/../../../../../../../qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:169
    #28 0x7ffff246a0c1 in QV4::Runtime::CallQmlContextPropertyLookup::call(QV4::ExecutionEngine*, unsigned int, QV4::Value*, int) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4runtime.cpp:1398
    #29 0x7ffff251937e in QV4::Moth::VME::interpret(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*, char const*) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:890
    #30 0x7ffff2508fc2 in QV4::Moth::VME::exec(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:542
    #31 0x7ffff22f6ea6 in QV4::ArrowFunction::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:542
    #32 0x7ffff2176ec1 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const /home/ulf/dev/qt6dev/qtbase/include/QtQml/6.5.0/QtQml/private/../../../../../../../qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:169
    #33 0x7ffff246a0c1 in QV4::Runtime::CallQmlContextPropertyLookup::call(QV4::ExecutionEngine*, unsigned int, QV4::Value*, int) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4runtime.cpp:1398
    #34 0x7ffff251937e in QV4::Moth::VME::interpret(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*, char const*) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:890
    #35 0x7ffff2508fc2 in QV4::Moth::VME::exec(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:542
    #36 0x7ffff22eb17e in QV4::Function::call(QV4::Value const*, QV4::Value const*, int, QV4::ExecutionContext*) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4function.cpp:62
    #37 0x7ffff22eaabb in operator() /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4function.cpp:31
    #38 0x7ffff22ed6f7 in convertAndCall<QV4::Function::call(QObject*, void**, const QMetaType*, int, QV4::ExecutionContext*)::<lambda(const QV4::Value*, const QV4::Value*, int)> > /home/ulf/dev/qt6dev/qtbase/include/QtQml/6.5.0/QtQml/private/../../../../../../../qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4jscall_p.h:193
    #39 0x7ffff22eabfb in QV4::Function::call(QObject*, void**, QMetaType const*, int, QV4::ExecutionContext*) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4function.cpp:28
    #40 0x7ffff27d0094 in QQmlJavaScriptExpression::evaluate(void**, QMetaType const*, int) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/qml/qqmljavascriptexpression.cpp:270
    #41 0x7ffff26483f4 in QQmlBoundSignalExpression::evaluate(void**) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/qml/qqmlboundsignal.cpp:199
    #42 0x7ffff2648f42 in QQmlBoundSignal_callback(QQmlNotifierEndpoint*, void**) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/qml/qqmlboundsignal.cpp:314
    #43 0x7ffff2872cb5 in QQmlNotifier::emitNotify(QQmlNotifierEndpoint*, void**) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/qml/qqmlnotifier.cpp:70
    #44 0x7ffff26d5069 in QQmlData::signalEmitted(QAbstractDeclarativeData*, QObject*, int, void**) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/qml/qqmlengine.cpp:344
    #45 0x7ffff472f9a2 in void doActivate<false>(QObject*, int, void**) /home/ulf/dev/qt6dev-src/qtbase/src/corelib/kernel/qobject.cpp:3854
    #46 0x7ffff471cf74 in QMetaObject::activate(QObject*, int, int, void**) /home/ulf/dev/qt6dev-src/qtbase/src/corelib/kernel/qobject.cpp:4035
    #47 0x7ffff2b04b4d in QQmlVMEMetaObject::activate(QObject*, int, void**) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/qml/qqmlvmemetaobject.cpp:1349
    #48 0x7ffff2b011ce in QQmlVMEMetaObject::metaCall(QObject*, QMetaObject::Call, int, void**) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/qml/qqmlvmemetaobject.cpp:931
    #49 0x7ffff2b0250a in QQmlVMEMetaObject::metaCall(QObject*, QMetaObject::Call, int, void**) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/qml/qqmlvmemetaobject.cpp:1083
    #50 0x7ffff25eac46 in void QQmlPropertyData::doMetacall<(QMetaObject::Call)2>(QObject*, int, void**) const /home/ulf/dev/qt6dev/qtbase/include/QtQml/6.5.0/QtQml/private/../../../../../../../qt6dev-src/qtdeclarative/src/qml/qml/qqmlpropertydata_p.h:321
    #51 0x7ffff25e8d64 in QQmlPropertyData::writeProperty(QObject*, void*, QFlags<QQmlPropertyData::WriteFlag>) const /home/ulf/dev/qt6dev/qtbase/include/QtQml/6.5.0/QtQml/private/../../../../../../../qt6dev-src/qtdeclarative/src/qml/qml/qqmlpropertydata_p.h:341
    #52 0x7ffff264111a in bool GenericBinding<1>::doStore<bool>(bool, QQmlPropertyData const*, QFlags<QQmlPropertyData::WriteFlag>) const /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/qml/qqmlbinding.cpp:357
    #53 0x7ffff264111a in GenericBinding<1>::write(QV4::Value const&, bool, QFlags<QQmlPropertyData::WriteFlag>) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/qml/qqmlbinding.cpp:318
    #54 0x7ffff261a377 in QQmlNonbindingBinding::doUpdate(QQmlJavaScriptExpression::DeleteWatcher const&, QFlags<QQmlPropertyData::WriteFlag>, QV4::Scope&) (/home/ulf/dev/qt6dev/qtbase/lib/libQt6Qml.so.6+0x9d9377)
    #55 0x7ffff2610dd2 in QQmlBinding::update(QFlags<QQmlPropertyData::WriteFlag>) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/qml/qqmlbinding.cpp:163
    #56 0x7ffff2614e50 in QQmlBinding::expressionChanged() /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/qml/qqmlbinding.cpp:620
    #57 0x7ffff27d32dc in QQmlJavaScriptExpressionGuard_callback(QQmlNotifierEndpoint*, void**) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/qml/qqmljavascriptexpression.cpp:548
    #58 0x7ffff2872cb5 in QQmlNotifier::emitNotify(QQmlNotifierEndpoint*, void**) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/qml/qqmlnotifier.cpp:70
    #59 0x7ffff26d5069 in QQmlData::signalEmitted(QAbstractDeclarativeData*, QObject*, int, void**) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/qml/qqmlengine.cpp:344
    #60 0x7ffff472f9a2 in void doActivate<false>(QObject*, int, void**) /home/ulf/dev/qt6dev-src/qtbase/src/corelib/kernel/qobject.cpp:3854
    #61 0x7ffff471cf74 in QMetaObject::activate(QObject*, int, int, void**) /home/ulf/dev/qt6dev-src/qtbase/src/corelib/kernel/qobject.cpp:4035
    #62 0x7ffff2b04b4d in QQmlVMEMetaObject::activate(QObject*, int, void**) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/qml/qqmlvmemetaobject.cpp:1349
    #63 0x7ffff2b011ce in QQmlVMEMetaObject::metaCall(QObject*, QMetaObject::Call, int, void**) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/qml/qqmlvmemetaobject.cpp:931
    #64 0x7ffff2b0250a in QQmlVMEMetaObject::metaCall(QObject*, QMetaObject::Call, int, void**) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/qml/qqmlvmemetaobject.cpp:1083
    #65 0x7ffff25eac46 in void QQmlPropertyData::doMetacall<(QMetaObject::Call)2>(QObject*, int, void**) const /home/ulf/dev/qt6dev/qtbase/include/QtQml/6.5.0/QtQml/private/../../../../../../../qt6dev-src/qtdeclarative/src/qml/qml/qqmlpropertydata_p.h:321
    #66 0x7ffff25e8d64 in QQmlPropertyData::writeProperty(QObject*, void*, QFlags<QQmlPropertyData::WriteFlag>) const /home/ulf/dev/qt6dev/qtbase/include/QtQml/6.5.0/QtQml/private/../../../../../../../qt6dev-src/qtdeclarative/src/qml/qml/qqmlpropertydata_p.h:341
    #67 0x7ffff264111a in bool GenericBinding<1>::doStore<bool>(bool, QQmlPropertyData const*, QFlags<QQmlPropertyData::WriteFlag>) const /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/qml/qqmlbinding.cpp:357
    #68 0x7ffff264111a in GenericBinding<1>::write(QV4::Value const&, bool, QFlags<QQmlPropertyData::WriteFlag>) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/qml/qqmlbinding.cpp:318
    #69 0x7ffff261a377 in QQmlNonbindingBinding::doUpdate(QQmlJavaScriptExpression::DeleteWatcher const&, QFlags<QQmlPropertyData::WriteFlag>, QV4::Scope&) (/home/ulf/dev/qt6dev/qtbase/lib/libQt6Qml.so.6+0x9d9377)
    #70 0x7ffff2610dd2 in QQmlBinding::update(QFlags<QQmlPropertyData::WriteFlag>) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/qml/qqmlbinding.cpp:163
    #71 0x7ffff2614e50 in QQmlBinding::expressionChanged() /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/qml/qqmlbinding.cpp:620
    #72 0x7ffff27d32dc in QQmlJavaScriptExpressionGuard_callback(QQmlNotifierEndpoint*, void**) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/qml/qqmljavascriptexpression.cpp:548
    #73 0x7ffff2872cb5 in QQmlNotifier::emitNotify(QQmlNotifierEndpoint*, void**) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/qml/qqmlnotifier.cpp:70
    #74 0x7ffff26d5069 in QQmlData::signalEmitted(QAbstractDeclarativeData*, QObject*, int, void**) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/qml/qqmlengine.cpp:344
    #75 0x7ffff472f9a2 in void doActivate<false>(QObject*, int, void**) /home/ulf/dev/qt6dev-src/qtbase/src/corelib/kernel/qobject.cpp:3854
    #76 0x7ffff471cf02 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) /home/ulf/dev/qt6dev-src/qtbase/src/corelib/kernel/qobject.cpp:4022
    #77 0x7ffff74aebf2 in QTestRootObject::windowShownChanged() /home/ulf/dev/qt6dev/qtdeclarative/src/qmltest/QuickTest_autogen/include/moc_quicktest_p.cpp:241
    #78 0x7ffff74b5ef1 in QTestRootObject::setWindowShown(bool) (/home/ulf/dev/qt6dev/qtbase/lib/libQt6QuickTest.so.6+0x44ef1)
    #79 0x7ffff74a8039 in operator() /home/ulf/dev/qt6dev-src/qtdeclarative/src/qmltest/quicktest.cpp:641
    #80 0x7ffff74af9fc in call /home/ulf/dev/qt6dev-src/qtbase/src/corelib/kernel/qobjectdefs_impl.h:127
    #81 0x7ffff74af85a in call<QtPrivate::List<>, void> /home/ulf/dev/qt6dev-src/qtbase/src/corelib/kernel/qobjectdefs_impl.h:241
    #82 0x7ffff74af715 in impl /home/ulf/dev/qt6dev-src/qtbase/src/corelib/kernel/qobjectdefs_impl.h:408
    #83 0x7ffff462ed7b in QtPrivate::QSlotObjectBase::call(QObject*, void**) /home/ulf/dev/qt6dev-src/qtbase/src/corelib/kernel/qobjectdefs_impl.h:363
    #84 0x7ffff4708530 in QMetaCallEvent::placeMetaCall(QObject*) /home/ulf/dev/qt6dev-src/qtbase/src/corelib/kernel/qobject.cpp:608
    #85 0x7ffff470a682 in QObject::event(QEvent*) /home/ulf/dev/qt6dev-src/qtbase/src/corelib/kernel/qobject.cpp:1368
    #86 0x7ffff49c23c1 in QThread::event(QEvent*) /home/ulf/dev/qt6dev-src/qtbase/src/corelib/thread/qthread.cpp:1072
    #87 0x7ffff45e5413 in QCoreApplicationPrivate::notify_helper(QObject*, QEvent*) /home/ulf/dev/qt6dev-src/qtbase/src/corelib/kernel/qcoreapplication.cpp:1193
    #88 0x7ffff45e4bd8 in doNotify /home/ulf/dev/qt6dev-src/qtbase/src/corelib/kernel/qcoreapplication.cpp:1122
    #89 0x7ffff45e4a9f in QCoreApplication::notify(QObject*, QEvent*) /home/ulf/dev/qt6dev-src/qtbase/src/corelib/kernel/qcoreapplication.cpp:1105
    #90 0x7ffff59cfebc in QGuiApplication::notify(QObject*, QEvent*) /home/ulf/dev/qt6dev-src/qtbase/src/gui/kernel/qguiapplication.cpp:1928
    #91 0x7ffff45e48ab in QCoreApplication::notifyInternal2(QObject*, QEvent*) /home/ulf/dev/qt6dev-src/qtbase/src/corelib/kernel/qcoreapplication.cpp:1026
    #92 0x7ffff45e5fc0 in QCoreApplication::sendEvent(QObject*, QEvent*) /home/ulf/dev/qt6dev-src/qtbase/src/corelib/kernel/qcoreapplication.cpp:1442
    #93 0x7ffff45e85c8 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) /home/ulf/dev/qt6dev-src/qtbase/src/corelib/kernel/qcoreapplication.cpp:1804
    #94 0x7ffff45e7177 in QCoreApplication::sendPostedEvents(QObject*, int) /home/ulf/dev/qt6dev-src/qtbase/src/corelib/kernel/qcoreapplication.cpp:1663
    #95 0x7ffff4f07822 in postEventSourceDispatch /home/ulf/dev/qt6dev-src/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:243
    #96 0x7fffefd6ce6a in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x51e6a)
    #97 0x7fffefd6d117  (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x52117)
    #98 0x7fffefd6d1ce in g_main_context_iteration (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x521ce)
    #99 0x7ffff4f08d6f in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) /home/ulf/dev/qt6dev-src/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:393
    #100 0x7ffff69fac84 in QPAEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) /home/ulf/dev/qt6dev-src/qtbase/src/gui/platform/unix/qeventdispatcher_glib.cpp:87
    #101 0x7ffff460f984 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) /home/ulf/dev/qt6dev-src/qtbase/src/corelib/kernel/qeventloop.cpp:100
    #102 0x7ffff46102ef in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) /home/ulf/dev/qt6dev-src/qtbase/src/corelib/kernel/qeventloop.cpp:182
    #103 0x7ffff74ad9f2 in quick_test_main_with_setup(int, char**, char const*, char const*, QObject*) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qmltest/quicktest.cpp:649
    #104 0x7ffff74a8019 in quick_test_main(int, char**, char const*, char const*) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qmltest/quicktest.cpp:399
    #105 0x55555555ad7b in main /home/ulf/dev/qt6dev-src/qtdeclarative/tests/auto/quickcontrols2/controls/basic/tst_basic.cpp:12
    #106 0x7ffff3f08d09 in __libc_start_main ../csu/libc-start.c:308
    #107 0x555555558309 in _start (/home/ulf/dev/qt6dev/qtdeclarative/tests/auto/quickcontrols2/controls/basic/tst_basic+0x4309)

0x60f00019de68 is located 152 bytes inside of 176-byte region [0x60f00019ddd0,0x60f00019de80)
freed by thread T0 here:
    #0 0x7ffff7686467 in operator delete(void*, unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:172
    #1 0x7ffff37c85bc in QQuickStackElement::~QQuickStackElement() /home/ulf/dev/qt6dev-src/qtdeclarative/src/quicktemplates2/qquickstackelement.cpp:84
    #2 0x7ffff37e285e in void qDeleteAll<QList<QQuickStackElement*>::const_iterator>(QList<QQuickStackElement*>::const_iterator, QList<QQuickStackElement*>::const_iterator) /home/ulf/dev/qt6dev-src/qtbase/src/corelib/tools/qalgorithms.h:27
    #3 0x7ffff37dfc8a in void qDeleteAll<QList<QQuickStackElement*> >(QList<QQuickStackElement*> const&) /home/ulf/dev/qt6dev-src/qtbase/src/corelib/tools/qalgorithms.h:35
    #4 0x7ffff37ef9ad in QQuickStackViewPrivate::viewItemTransitionFinished(QQuickItemViewTransitionableItem*) /home/ulf/dev/qt6dev-src/qtdeclarative/src/quicktemplates2/qquickstackview_p.cpp:299
    #5 0x7ffff11b0117 in QQuickItemViewTransitioner::finishedTransition(QQuickItemViewTransitionJob*, QQuickItemViewTransitionableItem*) /home/ulf/dev/qt6dev-src/qtdeclarative/src/quick/items/qquickitemviewtransition.cpp:280
    #6 0x7ffff11af0d4 in QQuickItemViewTransitionJob::finished() /home/ulf/dev/qt6dev-src/qtdeclarative/src/quick/items/qquickitemviewtransition.cpp:103
    #7 0x7ffff0d402c6 in QQuickTransitionManager::complete() /home/ulf/dev/qt6dev-src/qtdeclarative/src/quick/util/qquicktransitionmanager.cpp:70
    #8 0x7ffff0d3ccf0 in ParallelAnimationWrapper::updateState(QAbstractAnimationJob::State, QAbstractAnimationJob::State) /home/ulf/dev/qt6dev-src/qtdeclarative/src/quick/util/qquicktransition.cpp:167
    #9 0x7ffff2c42f16 in QAbstractAnimationJob::setState(QAbstractAnimationJob::State) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/animations/qabstractanimationjob.cpp:344
    #10 0x7ffff2c4547e in QAbstractAnimationJob::stop() /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/animations/qabstractanimationjob.cpp:520
    #11 0x7ffff0d3d04b in QQuickTransitionInstance::stop() /home/ulf/dev/qt6dev-src/qtdeclarative/src/quick/util/qquicktransition.cpp:193
    #12 0x7ffff0d43247 in QQuickTransitionManager::cancel() /home/ulf/dev/qt6dev-src/qtdeclarative/src/quick/util/qquicktransitionmanager.cpp:225
    #13 0x7ffff11b2d40 in QQuickItemViewTransitionableItem::completeTransition(QQuickTransition*) /home/ulf/dev/qt6dev-src/qtdeclarative/src/quick/items/qquickitemviewtransition.cpp:486
    #14 0x7ffff37cb39c in QQuickStackElement::completeTransition(QQuickTransition*) /home/ulf/dev/qt6dev-src/qtdeclarative/src/quicktemplates2/qquickstackelement.cpp:298
    #15 0x7ffff37ef1cf in QQuickStackViewPrivate::completeTransition(QQuickStackElement*, QQuickTransition*, QQuickStackView::Status) /home/ulf/dev/qt6dev-src/qtdeclarative/src/quicktemplates2/qquickstackview_p.cpp:255
    #16 0x7ffff37eedb7 in QQuickStackViewPrivate::startTransition(QQuickStackTransition const&, QQuickStackTransition const&, bool) /home/ulf/dev/qt6dev-src/qtdeclarative/src/quicktemplates2/qquickstackview_p.cpp:227
    #17 0x7ffff37d4e96 in QQuickStackView::pop(QQmlV4Function*) /home/ulf/dev/qt6dev-src/qtdeclarative/src/quicktemplates2/qquickstackview.cpp:690
    #18 0x7ffff37d958c in QQuickStackView::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/ulf/dev/qt6dev/qtdeclarative/src/quicktemplates2/QuickTemplates2_autogen/include/moc_qquickstackview_p.cpp:453
    #19 0x7ffff37db2de in QQuickStackView::qt_metacall(QMetaObject::Call, int, void**) /home/ulf/dev/qt6dev/qtdeclarative/src/quicktemplates2/QuickTemplates2_autogen/include/moc_qquickstackview_p.cpp:614
    #20 0x7ffff2b025b3 in QQmlVMEMetaObject::metaCall(QObject*, QMetaObject::Call, int, void**) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/qml/qqmlvmemetaobject.cpp:1085
    #21 0x7ffff461a1d5 in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) /home/ulf/dev/qt6dev-src/qtbase/src/corelib/kernel/qmetaobject.cpp:286
    #22 0x7ffff28b9c35 in QQmlObjectOrGadget::metacall(QMetaObject::Call, int, void**) const /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/qml/qqmlobjectorgadget.cpp:14
    #23 0x7ffff23db276 in operator() /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:2319
    #24 0x7ffff23db5ee in operator()<QV4::QObjectMethod::callInternal(const QV4::Value*, const QV4::Value*, int) const::<lambda()> > /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:2303
    #25 0x7ffff23dc38a in QV4::QObjectMethod::callInternal(QV4::Value const*, QV4::Value const*, int) const /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:2313
    #26 0x7ffff23daee9 in QV4::QObjectMethod::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:2262
    #27 0x7ffff2176ec1 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const /home/ulf/dev/qt6dev/qtbase/include/QtQml/6.5.0/QtQml/private/../../../../../../../qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:169
    #28 0x7ffff2516d79 in QV4::Moth::VME::interpret(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*, char const*) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:860
    #29 0x7ffff2508fc2 in QV4::Moth::VME::exec(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:542

previously allocated by thread T0 here:
    #0 0x7ffff7685647 in operator new(unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:99
    #1 0x7ffff37c8e5d in QQuickStackElement::fromObject(QObject*, QQuickStackView*, QString*) /home/ulf/dev/qt6dev-src/qtdeclarative/src/quicktemplates2/qquickstackelement.cpp:113
    #2 0x7ffff37edd67 in QQuickStackViewPrivate::createElement(QV4::Value const&, QQmlRefPointer<QQmlContextData> const&, QString*) /home/ulf/dev/qt6dev-src/qtdeclarative/src/quicktemplates2/qquickstackview_p.cpp:148
    #3 0x7ffff37ecf65 in QQuickStackViewPrivate::parseElements(int, QQmlV4Function*, QList<QString>*) /home/ulf/dev/qt6dev-src/qtdeclarative/src/quicktemplates2/qquickstackview_p.cpp:93
    #4 0x7ffff37d35cb in QQuickStackView::push(QQmlV4Function*) /home/ulf/dev/qt6dev-src/qtdeclarative/src/quicktemplates2/qquickstackview.cpp:552
    #5 0x7ffff37d9524 in QQuickStackView::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/ulf/dev/qt6dev/qtdeclarative/src/quicktemplates2/QuickTemplates2_autogen/include/moc_qquickstackview_p.cpp:452
    #6 0x7ffff37db2de in QQuickStackView::qt_metacall(QMetaObject::Call, int, void**) /home/ulf/dev/qt6dev/qtdeclarative/src/quicktemplates2/QuickTemplates2_autogen/include/moc_qquickstackview_p.cpp:614
    #7 0x7ffff2b025b3 in QQmlVMEMetaObject::metaCall(QObject*, QMetaObject::Call, int, void**) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/qml/qqmlvmemetaobject.cpp:1085
    #8 0x7ffff461a1d5 in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) /home/ulf/dev/qt6dev-src/qtbase/src/corelib/kernel/qmetaobject.cpp:286
    #9 0x7ffff28b9c35 in QQmlObjectOrGadget::metacall(QMetaObject::Call, int, void**) const /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/qml/qqmlobjectorgadget.cpp:14
    #10 0x7ffff23db276 in operator() /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:2319
    #11 0x7ffff23db5ee in operator()<QV4::QObjectMethod::callInternal(const QV4::Value*, const QV4::Value*, int) const::<lambda()> > /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:2303
    #12 0x7ffff23dc38a in QV4::QObjectMethod::callInternal(QV4::Value const*, QV4::Value const*, int) const /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:2313
    #13 0x7ffff23daee9 in QV4::QObjectMethod::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:2262
    #14 0x7ffff2176ec1 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const /home/ulf/dev/qt6dev/qtbase/include/QtQml/6.5.0/QtQml/private/../../../../../../../qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:169
    #15 0x7ffff2516d79 in QV4::Moth::VME::interpret(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*, char const*) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:860
    #16 0x7ffff2508fc2 in QV4::Moth::VME::exec(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:542
    #17 0x7ffff22f6ea6 in QV4::ArrowFunction::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:542
    #18 0x7ffff2176ec1 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const /home/ulf/dev/qt6dev/qtbase/include/QtQml/6.5.0/QtQml/private/../../../../../../../qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:169
    #19 0x7ffff246bd77 in QV4::Runtime::CallElement::call(QV4::ExecutionEngine*, QV4::Value const&, QV4::Value const&, QV4::Value*, int) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4runtime.cpp:1509
    #20 0x7ffff251774d in QV4::Moth::VME::interpret(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*, char const*) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:866
    #21 0x7ffff2508fc2 in QV4::Moth::VME::exec(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:542
    #22 0x7ffff22f6ea6 in QV4::ArrowFunction::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:542
    #23 0x7ffff2176ec1 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const /home/ulf/dev/qt6dev/qtbase/include/QtQml/6.5.0/QtQml/private/../../../../../../../qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:169
    #24 0x7ffff246a0c1 in QV4::Runtime::CallQmlContextPropertyLookup::call(QV4::ExecutionEngine*, unsigned int, QV4::Value*, int) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4runtime.cpp:1398
    #25 0x7ffff251937e in QV4::Moth::VME::interpret(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*, char const*) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:890
    #26 0x7ffff2508fc2 in QV4::Moth::VME::exec(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:542
    #27 0x7ffff22f6ea6 in QV4::ArrowFunction::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:542
    #28 0x7ffff2176ec1 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const /home/ulf/dev/qt6dev/qtbase/include/QtQml/6.5.0/QtQml/private/../../../../../../../qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:169
    #29 0x7ffff246a0c1 in QV4::Runtime::CallQmlContextPropertyLookup::call(QV4::ExecutionEngine*, unsigned int, QV4::Value*, int) /home/ulf/dev/qt6dev-src/qtdeclarative/src/qml/jsruntime/qv4runtime.cpp:1398

SUMMARY: AddressSanitizer: heap-use-after-free /home/ulf/dev/qt6dev-src/qtdeclarative/src/quicktemplates2/qquickstackview_p.cpp:269 in QQuickStackViewPrivate::viewItemTransitionFinished(QQuickItemViewTransitionableItem*)
Shadow bytes around the buggy address:
  0x0c1e8002bb70: 00 00 00 00 00 00 fa fa fa fa fa fa fa fa fd fd
  0x0c1e8002bb80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c1e8002bb90: fd fd fd fa fa fa fa fa fa fa fa fa fd fd fd fd
  0x0c1e8002bba0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c1e8002bbb0: fd fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd
=>0x0c1e8002bbc0: fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd
  0x0c1e8002bbd0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c1e8002bbe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa fa
  0x0c1e8002bbf0: fa fa fa fa fa fa fd fd fd fd fd fd fd fd fd fd
  0x0c1e8002bc00: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa
  0x0c1e8002bc10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==45257==ABORTING

      Attachments

        Issue Links

          blocks

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-104884 Crash with ComponentBehavior: Bound and DelegateModel

          • P1: Critical - Urgent and Important, will STOP the release if matched with set FixVersion field. This includes regressions from the last version that are not edge cases; Data loss; Build issues; All but the most unlikely crashes/lockups/hanging; Serious usability issues and embarrassing bugs & Bugs critical to a deliverable. This is the highest possible priority for requirements.
          • Closed
          duplicates

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-98769 QML StackView heap-use-after-free on pop()

          • P1: Critical - Urgent and Important, will STOP the release if matched with set FixVersion field. This includes regressions from the last version that are not edge cases; Data loss; Build issues; All but the most unlikely crashes/lockups/hanging; Serious usability issues and embarrassing bugs & Bugs critical to a deliverable. This is the highest possible priority for requirements.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              qt.team.quick.subscriptions Qt Quick and Widgets Team
              ulherman Ulf Hermann
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes