Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-111995

Crash in QRhiImplementation::textureFormatInfo when using ColorAnimation on text containing emojis

    XMLWordPrintable

Details

    • e9c0b1506 (dev), 4983d26e0 (6.4), 292ad9322 (6.5)

    Description

      Crash happens occasionally when using ColorAnimation on text containing emojis. Unfortunately haven't been able to reproduce in a testcase.

      #0 0x0000007f97c777dc in (/lib/libQt6Gui.so.6.2.3 @ 0x003777dc) QRhiImplementation::textureFormatInfo(QRhiTexture::Format, QSize const&, unsigned int*, unsigned int*, unsigned int*) const() + 0x1c
#1 0x0000007f97dc2788 in (/lib/libQt6Gui.so.6.2.3 @ 0x004c2788) QRhiGles2::enqueueSubresUpload(QGles2Texture*, QGles2CommandBuffer*, int, int, QRhiTextureSubresourceUploadDescription const&)() + 0x148
#2 0x0000007f97dc30e0 in (/lib/libQt6Gui.so.6.2.3 @ 0x004c30e0) QRhiGles2::enqueueResourceUpdates(QRhiCommandBuffer*, QRhiResourceUpdateBatch*)() + 0x2c0
#3 0x0000007f96e5ee04 in (/lib/libQt6Quick.so.6.2.3 @ 0x002cee04) QSGBatchRenderer::Renderer::prepareRenderPass(QSGBatchRenderer::Renderer::RenderPassContext*)() + 0x574
#4 0x0000007f96e608a4 in (/lib/libQt6Quick.so.6.2.3 @ 0x002d08a4) QSGBatchRenderer::Renderer::render()() + 0x24
#5 0x0000007f96e73c20 in (/lib/libQt6Quick.so.6.2.3 @ 0x002e3c20) QSGRenderer::renderScene()() + 0x70
#6 0x0000007f96e28c84 in (/lib/libQt6Quick.so.6.2.3 @ 0x00298c84) QuickWindowPrivate::renderSceneGraph(QSize const&, QSize const&, QMatrix4x4 const&)() + 0x264
#7 0x0000007f96fc70d0 in (/lib/libQt6Quick.so.6.2.3 @ 0x004370d0) QSGRenderThread::syncAndRender()() + 0x240
#8 0x0000007f96fca220 in (/lib/libQt6Quick.so.6.2.3 @ 0x0043a220) QSGRenderThread::run()() + 0xd0
#9 0x0000007f983d018c in (/lib/libQt6Core.so.6.2.3 @ 0x002e018c) QThreadPrivate::start(void*)() + 0x17c
#10 0x0000007f8746d0a4 in (/lib/libc.so.6 @ 0x0007d0a4) start_thread + 0x2d4
#11 0x0000007f874d4f9c in (/lib/libc.so.6 @ 0x000e4f9c) thread_start + 0xc

      Looking into the issue the crash is due to passing a deleted texture to QRhiImplementation::textureFormatInfo. This stale textures pointer comes from QRhiResourceUpdateBatchPrivate::textureOps in QRhiGles2::enqueueResourceUpdates. The underlying texture is from QSGRhiTextureGlyphCache when it calls QRhiResourceUpdateBatch::update. It looks like QSGRhiTextureGlyphCache's destructor is called, deleting the texture whilst it's still referenced in QRhiResourceUpdateBatchPrivate::textureOps. The QSGRhiTextureGlyphCache appears to be destroyed when its reference in QFontEngine is popped from QFontEngine::caches(which holds a QExplicitlySharedDataPointer to the QFontEngineGlyphCache) inside QFontEngine::setGlyphCache.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            lagocs Laszlo Agocs
            lbreeze Liam Breeze
            Votes:
            1 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes