Details
-
Bug
-
Resolution: Done
-
P1: Critical
-
6.4.0 Beta4
-
None
-
88aff6f851 (qt/qtdeclarative/dev) 793e19da03 (qt/qtdeclarative/6.4) c5e7d26580 (qt/qtdeclarative/6.4.0) 793e19da03 (qt/tqtc-qtdeclarative/6.4) c5e7d26580 (qt/tqtc-qtdeclarative/6.4.0)
Description
1 QIntrusiveListNode::remove() qintrusivelist_p.h 228 0x1043bc718 2 QIntrusiveList<QQuickPixmap, &(QQuickPixmap::dataListNode)>::remove(QQuickPixmap *) qintrusivelist_p.h 164 0x103544f34 3 QQuickPixmap::loadImageFromDevice(QQmlEngine *, QIODevice *, QUrl const&, QRect const&, QSize const&, QQuickImageProviderOptions const&, int, int)::$_2::operator()() const qquickpixmapcache.cpp 1765 0x1035579c0 4 QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, QQuickPixmap::loadImageFromDevice(QQmlEngine *, QIODevice *, QUrl const&, QRect const&, QSize const&, QQuickImageProviderOptions const&, int, int)::$_2>::call(QQuickPixmap::loadImageFromDevice(QQmlEngine *, QIODevice *, QUrl const&, QRect const&, QSize const&, QQuickImageProviderOptions const&, int, int)::$_2&, void * *) qobjectdefs_impl.h 127 0x10355797c 5 void QtPrivate::Functor<QQuickPixmap::loadImageFromDevice(QQmlEngine *, QIODevice *, QUrl const&, QRect const&, QSize const&, QQuickImageProviderOptions const&, int, int)::$_2, 0>::call<QtPrivate::List<>, void>(QQuickPixmap::loadImageFromDevice(QQmlEngine *, QIODevice *, QUrl const&, QRect const&, QSize const&, QQuickImageProviderOptions const&, int, int)::$_2&, void *, void * *) qobjectdefs_impl.h 241 0x103557928 6 QtPrivate::QFunctorSlotObject<QQuickPixmap::loadImageFromDevice(QQmlEngine *, QIODevice *, QUrl const&, QRect const&, QSize const&, QQuickImageProviderOptions const&, int, int)::$_2, 0, QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase *, QObject *, void * *, bool *) qobjectdefs_impl.h 408 0x1035578c4 7 QtPrivate::QSlotObjectBase::call(QObject *, void * *) qobjectdefs_impl.h 363 0x1021514c8 8 void doActivate<false>(QObject *, int, void * *) qobject.cpp 3972 0x10215a778 9 QMetaObject::activate(QObject *, QMetaObject const *, int, void * *) qobject.cpp 4032 0x102159504 10 QQuickPixmapReply::finished() qquickpixmapcache.moc 175 0x1035441c8 11 QQuickPixmapReply::event(QEvent *) qquickpixmapcache.cpp 1250 0x103544484 12 QCoreApplicationPrivate::notify_helper(QObject *, QEvent *) qcoreapplication.cpp 1193 0x1020dbbd0 13 doNotify(QObject *, QEvent *) qcoreapplication.cpp 1122 0x1020db5f4 14 QCoreApplication::notify(QObject *, QEvent *) qcoreapplication.cpp 1105 0x1020db6e8 15 QGuiApplication::notify(QObject *, QEvent *) qguiapplication.cpp 1928 0x1038d6584 16 QCoreApplication::notifyInternal2(QObject *, QEvent *) qcoreapplication.cpp 1026 0x1020db46c 17 QCoreApplication::sendEvent(QObject *, QEvent *) qcoreapplication.cpp 1442 0x1020dc258 18 QCoreApplicationPrivate::sendPostedEvents(QObject *, int, QThreadData *) qcoreapplication.cpp 1804 0x1020dd240 19 QCoreApplication::sendPostedEvents(QObject *, int) qcoreapplication.cpp 1663 0x1020dc068 20 QEventDispatcherCoreFoundation::processPostedEvents() qeventdispatcher_cf.mm 395 0x102308d6c 21 QIOSEventDispatcher::processPostedEvents() qioseventdispatcher.mm 436 0x1028700e8 22 RunLoopSource<QEventDispatcherCoreFoundation>::process(void *) qeventdispatcher_cf_p.h 111 0x10230cdc8 23 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (arm64e) /Users/rutledge/Library/Developer/Xcode/iOS DeviceSupport/15.4.1 (19E258) arm64e/Symbols/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation 0x194623f04 24 __CFRunLoopDoSource0 (arm64e) /Users/rutledge/Library/Developer/Xcode/iOS DeviceSupport/15.4.1 (19E258) arm64e/Symbols/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation 0x194634c90 25 __CFRunLoopDoSources0 (arm64e) /Users/rutledge/Library/Developer/Xcode/iOS DeviceSupport/15.4.1 (19E258) arm64e/Symbols/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation 0x19456e184 26 __CFRunLoopRun (arm64e) /Users/rutledge/Library/Developer/Xcode/iOS DeviceSupport/15.4.1 (19E258) arm64e/Symbols/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation 0x194573b4c 27 CFRunLoopRunSpecific (arm64e) /Users/rutledge/Library/Developer/Xcode/iOS DeviceSupport/15.4.1 (19E258) arm64e/Symbols/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation 0x1945876b8 28 GSEventRunModal (arm64e) /Users/rutledge/Library/Developer/Xcode/iOS DeviceSupport/15.4.1 (19E258) arm64e/Symbols/System/Library/PrivateFrameworks/GraphicsServices.framework/GraphicsServices 0x1b0621374 29 -[UIApplication _run] (arm64e) /Users/rutledge/Library/Developer/Xcode/iOS DeviceSupport/15.4.1 (19E258) arm64e/Symbols/System/Library/PrivateFrameworks/UIKitCore.framework/UIKitCore 0x196eece88 30 UIApplicationMain (arm64e) /Users/rutledge/Library/Developer/Xcode/iOS DeviceSupport/15.4.1 (19E258) arm64e/Symbols/System/Library/PrivateFrameworks/UIKitCore.framework/UIKitCore 0x196c6e5ec 31 qt_main_wrapper qioseventdispatcher.mm 206 0x10286e7b8 32 start (arm64e) /Users/rutledge/Library/Developer/Xcode/iOS DeviceSupport/15.4.1 (19E258) arm64e/Symbols/usr/lib/dyld 0x10b48dce4
void QIntrusiveListNode::remove() { if (_prev) *_prev = _next; if (_next) _next->_prev = _prev; // <-- here _prev = nullptr; _next = nullptr; }
But _next is not null.
Called from
if (oldD) { QObject::connect(d->reply, &QQuickPixmapReply::finished, [oldD, this]() { oldD->declarativePixmaps.remove(this); oldD->release(); }); }
Maybe it's in a worker thread.
Attachments
For Gerrit Dashboard: QTBUG-106357 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
430591,3 | WIP try to reproduce crash during pinch zoom | dev | qt/qtwebengine | Status: ABANDONED | -2 | 0 |
431304,2 | Avoid dangling pointers in handler for QQuickPixmapReply::finished | dev | qt/qtdeclarative | Status: MERGED | +2 | 0 |
431895,2 | Avoid dangling pointers in handler for QQuickPixmapReply::finished | 6.4.0 | qt/qtdeclarative | Status: MERGED | +2 | 0 |
431896,2 | Avoid dangling pointers in handler for QQuickPixmapReply::finished | 6.4 | qt/qtdeclarative | Status: MERGED | +2 | 0 |