Details
Description
For some reason, QNSView can be leaking or not deallocated in time. NSTextInputContext holds a weak reference to QNSView. If QCocoaWindow is deleted, QNSView's m_platformWindow will become NULL. But there is still a live NSView there. Then, NSTextInputContext might call into NSView (ComplexText) async later after QCococaWindow is deleted and crash at m_platformWindow->window().
This caused random crashes. It's hard to reproduce. Please guard NULL m_platformWindow like other mm files.
Callstack (selectedRange or attributedSubstringForProposedRange)
4 ...em/libsystem_platform.dylib 0x007fff7136c5fd __sigtramp + 29 5 ....framework/Versions/5/QtGui 0x0000010c908b74 __ZNK15QPlatformWindow6windowEv + 4 6 ...s/platforms/libqcocoa.dylib 0x0000013b8f6ee4 -[QNSView(ComplexText) selectedRange] + 52 7 ...framework/Versions/C/AppKit 0x007fff34bc6db5 -[NSTextInputContext(NSInputContext_WithCompletion) selectedRangeWithCompletionHandler:] + 92 8 ...framework/Versions/C/AppKit 0x007fff34a82602 -[NSTextInputContext handleTSMEvent:completionHandler:] + 1581 9 ...framework/Versions/C/AppKit 0x007fff34a81f65 __NSTSMEventHandler + 299 10 ...mework/Versions/A/HIToolbox 0x007fff361c78ef __ZL23DispatchEventToHandlersP14EventTargetRecP14OpaqueEventRefP14HandlerCallRec + 1254 11 ...mework/Versions/A/HIToolbox 0x007fff361c6d7d __ZL30SendEventToEventTargetInternalP14OpaqueEventRefP20OpaqueEventTargetRefP14HandlerCallRec + 329 12 ...mework/Versions/A/HIToolbox 0x007fff361c6c2d _SendEventToEventTargetWithOptions + 45 13 ...mework/Versions/A/HIToolbox 0x007fff3622391b _SendTSMEvent_WithCompletionHandler + 381 14 ...mework/Versions/A/HIToolbox 0x007fff363cf186 ___SendTextInputEvent_WithCompletionHandler_block_invoke + 489 15 ...mework/Versions/A/HIToolbox 0x007fff363cd96f _SendTextInputEvent_WithCompletionHandler + 1126 16 ...mework/Versions/A/HIToolbox 0x007fff3642e634 -[IMKInputSession _postEvent:completionHandler:] + 156 17 ...mework/Versions/A/HIToolbox 0x007fff3644180b -[IMKInputSession selectedRange_withCompletionHandler:] + 288 18 ...mework/Versions/A/HIToolbox 0x007fff3642eee1 ___49-[IMKInputSession imkxpc_selectedRangeWithReply:]_block_invoke + 453 19 ...k/Versions/A/CoreFoundation 0x007fff375d47fe ___CFRUNLOOP_IS_CALLING_OUT_TO_A_BLOCK__ + 12 20 ...k/Versions/A/CoreFoundation 0x007fff375d4742 ___CFRunLoopDoBlocks + 386 21 ...k/Versions/A/CoreFoundation 0x007fff375d364e ___CFRunLoopRun + 958 22 ...k/Versions/A/CoreFoundation 0x007fff375d2c33 _CFRunLoopRunSpecific + 466 23 ...mework/Versions/A/HIToolbox 0x007fff361eeaad _RunCurrentEventLoopInMode + 292 24 ...mework/Versions/A/HIToolbox 0x007fff361ee7c5 _ReceiveNextEventCommon + 584 25 ...mework/Versions/A/HIToolbox 0x007fff361ee569 __BlockUntilNextEventMatchingListInModeWithFilter + 64 26 ...framework/Versions/C/AppKit 0x007fff348373c9 __DPSNextEvent + 883 27 ...framework/Versions/C/AppKit 0x007fff34835c10 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 1352 28 ...framework/Versions/C/AppKit 0x007fff3482791e -[NSApplication run] + 658 29 ...s/platforms/libqcocoa.dylib 0x0000013b8fc62f __ZN21QCocoaEventDispatcher13processEventsE6QFlagsIN10QEventLoop17ProcessEventsFlagEE + 2495 30 ...framework/Versions/5/QtCore 0x0000010c2af79f __ZN10QEventLoop4execE6QFlagsINS_17ProcessEventsFlagEE + 431 31 ...framework/Versions/5/QtCore 0x0000010c2b3d12 __ZN16QCoreApplication4execEv + 130 32 ...ries/Neutron/NuBase10.dylib 0x00000127d41f56 __ZN13QTApplication4execEv + 18