Details
-
Bug
-
Resolution: Duplicate
-
P2: Important
-
None
-
5.15.4
-
None
-
MacOS Monterey/12.5, 2018 Intel Mac Mini
-
macOS
Description
Qt crashes when a child window is deleted while the MacOS/X Accessibility Keyboard is active. Steps-to-reproduce are below, and a toy program that can be used to reproduce/analyze the problem is attached available at https://public.msli.com/lcs/jaf/toy_program_to_reproduce_bab_305.zip . The problem is 100% reproducible on my machine.
README.txt from the .zip file is below, for convenience and searchability:
This toy program demonstrates a bug involving Qt and MacOS/X's on-screen keyboard in Qt 5.15.4
STEPS TO REPRODUCE:
1. Compile this program under MacOS/X (I'm on a 2018 Intel Mac Mini running Monterey/12.5, if that's important)
2. Press Command-Alt-F5 to bring up MacOS/X's "Accessibility Shortcuts" dialog
3. In the dialog, click the "Accessibility Keyboard" checkbox to make the MacOS/X on-screen keyboard appear
4. Click the "Done" button in the dialog to dismiss the dialog
5. Run the compiled program
6. In the "BAB-305 #1" window that appears, click the "Show Child Window" button to make a "BAB-305 #2" window appear.
7. In the "BAB-305 #2" window that appears, click the "Show Child Window" button to make a "BAB-305 #3" window appear.
8. Now click the red close-box at the upper left of either "BAB-305 #1" or "BAB-305 #2"
9. Watch the program crash, with a stack trace like the one shown below.
10. Try again without the on-screen keyboard present; note that without that entry condition, the program does not crash.
The problem seems to be that the functions in plugins/platforms/cocoa/qnsview_compextext.mm dereference m_platformWindow
without first checking to see if it is a NULL Pointer, and the when the on-screen keyboard is present, the QPlatformWindow
object sometimes gets destroyed in such a way that m_platformWindow is in fact a NULL pointer when those functions get called
shortly afterwards.
I was able to avoid the crashes by adding a line like this:
if (m_platformWindow.data() == NULL) return selectedRange;
to the top of the (NSRange)selectedRange function, although I don't know if that's the right fix, or if similar fixes
need to be applied elsewhere as well.
----------
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 QtGui 0x104687624 QPlatformWindow::window() const + 4
1 libqcocoa.dylib 0x102fcd868 -[QNSView(ComplexText) selectedRange] + 120
2 AppKit 0x7ff82198e1b1 -[NSTextInputContext(NSInputContext_WithCompletion) selectedRangeWithCompletionHandler:] + 92
3 AppKit 0x7ff821869d3c -[NSTextInputContext handleTSMEvent:completionHandler:] + 1611
4 AppKit 0x7ff821869680 _NSTSMEventHandler + 299
5 HIToolbox 0x7ff8278ab34d DispatchEventToHandlers(EventTargetRec*, OpaqueEventRef*, HandlerCallRec*) + 1365
6 HIToolbox 0x7ff8278aa79c SendEventToEventTargetInternal(OpaqueEventRef*, OpaqueEventTargetRef*, HandlerCallRec*) + 333
7 HIToolbox 0x7ff8278aa63d SendEventToEventTargetWithOptions + 45
8 HIToolbox 0x7ff8279057e3 SendTSMEvent_WithCompletionHandler + 442
9 HIToolbox 0x7ff827ab398b TrySendTextInput_SendEvent_WithContinuationHandler + 402
10 HIToolbox 0x7ff827ab21e2 SendTextInputEvent_WithCompletionHandler + 1175
11 HIToolbox 0x7ff827b13321 -[IMKInputSession _postEvent:completionHandler:] + 156
12 HIToolbox 0x7ff827b259e0 -[IMKInputSession selectedRange_withCompletionHandler:] + 285
13 HIToolbox 0x7ff827b13bae __49-[IMKInputSession imkxpc_selectedRangeWithReply:]_block_invoke + 453
14 CoreFoundation 0x7ff81ec24d41 _CFRUNLOOP_IS_CALLING_OUT_TO_A_BLOCK_ + 12
15 CoreFoundation 0x7ff81ec24bec __CFRunLoopDoBlocks + 445
16 CoreFoundation 0x7ff81ec2389a __CFRunLoopRun + 878
17 CoreFoundation 0x7ff81ec22e6c CFRunLoopRunSpecific + 562
18 HIToolbox 0x7ff8279161b3 -[IMKInputSessionXPCInvocation invocationAwaitXPCReply] + 743
19 HIToolbox 0x7ff827917ac7 -[IMKInputSession deactivate] + 1364
20 HIToolbox 0x7ff827917566 IMKInputSessionDeactivate + 36
21 HIToolbox 0x7ff827917532 DeactivateInputMethodInstance + 58
22 HIToolbox 0x7ff827917434 utDeactivateAllSelectedIMInDocIterator + 82
23 CoreFoundation 0x7ff81ebe9e37 CFArrayApplyFunction + 67
24 HIToolbox 0x7ff8278f0267 utDeactivateAllSelectedIMInDoc + 132
25 HIToolbox 0x7ff8278efc0f MyDeactivateTSMDocument + 364
26 HIToolbox 0x7ff8278efa7e DeactivateTSMDocument + 75
27 AppKit 0x7ff821858cf2 -[NSTextInputContext deactivate] + 254
28 AppKit 0x7ff821661c0a +[NSTextInputContext currentInputContext_withFirstResponderSync:] + 294
29 libqcocoa.dylib 0x102fea276 QCocoaInputContext::focusObjectChanged(QObject*) + 182
30 QtCore 0x104f01583 void doActivate<false>(QObject*, int, void**) + 1427
31 QtGui 0x104697e8b QGuiApplicationPrivate::processActivatedEvent(QWindowSystemInterfacePrivate::ActivatedWindowEvent*) + 843
32 QtGui 0x10467b72a void QWindowSystemInterface::handleWindowActivated<QWindowSystemInterface::SynchronousDelivery>(QWindow*, Qt::FocusReason) + 186
33 libqcocoa.dylib 0x102fbc36e QCocoaWindow::windowDidBecomeKey() + 238
34 QtCore 0x104edac30 QMetaMethod::invoke(QObject*, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) const + 1472
35 libqcocoa.dylib 0x102fbfb04 invocation function for block in qRegisterNotificationCallbacks() + 2420
36 Foundation 0x7ff81fa5644d -[__NSObserver _doit:] + 287
37 CoreFoundation 0x7ff81ec1a76c _CFNOTIFICATIONCENTER_IS_CALLING_OUT_TO_AN_OBSERVER_ + 12
38 CoreFoundation 0x7ff81ecb7b62 ___CFXRegistrationPost_block_invoke + 49
39 CoreFoundation 0x7ff81ecb7ae0 _CFXRegistrationPost + 496
40 CoreFoundation 0x7ff81ebec3a8 _CFXNotificationPost + 735
41 Foundation 0x7ff81fa2a7ae -[NSNotificationCenter postNotificationName:object:userInfo:] + 82
42 AppKit 0x7ff8217fef24 -[NSWindow becomeKeyWindow] + 1369
43 AppKit 0x7ff821792d31 -[NSWindow _changeKeyAndMainLimitedOK:] + 995
44 AppKit 0x7ff8218c9788 -[NSWindow _orderOutAndCalcKeyWithCounter:stillVisible:docWindow:] + 1156
45 AppKit 0x7ff8216abc37 NSPerformVisuallyAtomicChange + 132
46 AppKit 0x7ff8218c9251 -[NSWindow _doWindowOrderOutWithWithKeyCalc:forCounter:orderingDone:docWindow:] + 80
47 AppKit 0x7ff8218c8c30 -[NSWindow _reallyDoOrderWindowOutRelativeTo:findKey:forCounter:force:isModal:] + 410
48 AppKit 0x7ff821794c94 -[NSWindow _reallyDoOrderWindow:relativeTo:findKey:forCounter:force:isModal:] + 183
49 AppKit 0x7ff821793c7c -[NSWindow _doOrderWindow:relativeTo:findKey:forCounter:force:isModal:] + 289
50 AppKit 0x7ff821793af9 -[NSWindow orderWindow:relativeTo:] + 152
51 libqcocoa.dylib 0x102fb8830 QCocoaWindow::setVisible(bool) + 1040
52 QtGui 0x10469efb5 QWindowPrivate::setVisible(bool) + 965
53 QtWidgets 0x10331fca5 QWidgetPrivate::hide_sys() + 229
54 QtWidgets 0x103321a26 QWidgetPrivate::hide_helper() + 150
55 QtWidgets 0x103321eca QWidgetPrivate::setVisible(bool) + 250
56 QtWidgets 0x103311c93 QWidgetPrivate::close_helper(QWidgetPrivate::CloseMode) + 275
57 QtWidgets 0x10331181e QWidget::~QWidget() + 798
58 bab_305 0x102b9b8f5 MainWindow::~MainWindow() + 101
59 bab_305 0x102b9b8d0 MainWindow::~MainWindow() + 64
60 QtCore 0x104ef9800 QObject::event(QEvent*) + 800
61 QtWidgets 0x103323535 QWidget::event(QEvent*) + 4677
62 QtWidgets 0x103433054 QMainWindow::event(QEvent*) + 276
63 QtWidgets 0x1032e8e76 QApplicationPrivate::notify_helper(QObject*, QEvent*) + 262
64 QtWidgets 0x1032ea230 QApplication::notify(QObject*, QEvent*) + 480
65 QtCore 0x104ed0ba7 QCoreApplication::notifyInternal2(QObject*, QEvent*) + 167
66 QtCore 0x104ed1cb8 QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) + 792
67 libqcocoa.dylib 0x102fd3982 QCocoaEventDispatcherPrivate::processPostedEvents() + 322
68 libqcocoa.dylib 0x102fd40a8 QCocoaEventDispatcherPrivate::postedEventsSourceCallback(void*) + 40
69 CoreFoundation 0x7ff81ec251ab _CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION_ + 17
70 CoreFoundation 0x7ff81ec25113 __CFRunLoopDoSource0 + 180
71 CoreFoundation 0x7ff81ec24e8d __CFRunLoopDoSources0 + 242
72 CoreFoundation 0x7ff81ec238a8 __CFRunLoopRun + 892
73 CoreFoundation 0x7ff81ec22e6c CFRunLoopRunSpecific + 562
74 HIToolbox 0x7ff8278d15e6 RunCurrentEventLoopInMode + 292
75 HIToolbox 0x7ff8278d1213 ReceiveNextEventCommon + 283
76 HIToolbox 0x7ff8278d10e5 _BlockUntilNextEventMatchingListInModeWithFilter + 70
77 AppKit 0x7ff82165cfad _DPSNextEvent + 927
78 AppKit 0x7ff82165b66a -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 1394
79 AppKit 0x7ff82164dd19 -[NSApplication run] + 586
80 libqcocoa.dylib 0x102fd2d54 QCocoaEventDispatcher::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) + 2116
81 QtCore 0x104ecd197 QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) + 471
82 QtCore 0x104ed1142 QCoreApplication::exec() + 130
83 bab_305 0x102b9bae3 main + 147
84 dyld 0x1045a952e start + 462
Attachments
Issue Links
- duplicates
-
-
- Closed
-