Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-109597

Seg fault in QQmlObjectCreator::finalize when creating QML object with initial bindings

    XMLWordPrintable

Details

    • Linux/X11
    • 4dfcaa7ee (dev), eebb73c2c (6.4), 18e9d3df8 (tqtc/lts-6.2), d6c0207a1 (6.5)

    Description

      Using the following C++ class:

      class X : public QObject {
          Q_OBJECT
          QML_ELEMENT
          Q_PROPERTY(int x READ x WRITE setX BINDABLE bindableX)
          Q_OBJECT_BINDABLE_PROPERTY(X, int, _xProp)
      
      public:
          int x() const { return _xProp.value(); }
          void setX(int x) { _xProp.setValue(x); }
          QBindable<int> bindableX() const { return &_xProp; }
      };

      And the following QML code:

      import BT
      import QtQuick
      
      Item {
          property int v: 0
          property X xthing: X {
              x: v
          }
      }
      

      An invalid read occurs in QQmlObjectCreator::finalize, because the qmlBinding variable is deleted by the pop: https://code.qt.io/cgit/qt/qtdeclarative.git/tree/src/qml/qml/qqmlobjectcreator.cpp?h=6.4.1#n1412

      This causes a seg fault when running under GDB (and when running normally for more complex code). The valgrind log and GDB backtrace is attached.

      Attachments

        1. gdb-bt.txt
          3 kB
        2. valgrind-log.txt
          31 kB
        For Gerrit Dashboard: QTBUG-109597
        # Subject Branch Project Status CR V

        Activity

          People

            ulherman Ulf Hermann
            matsjoyce Matthew Joyce
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes