Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-111995

Crash in QRhiImplementation::textureFormatInfo when using ColorAnimation on text containing emojis

    XMLWordPrintable

Details

    • e9c0b1506 (dev), 4983d26e0 (6.4), 292ad9322 (6.5)

    Description

      Crash happens occasionally when using ColorAnimation on text containing emojis. Unfortunately haven't been able to reproduce in a testcase.

      #0 0x0000007f97c777dc in (/lib/libQt6Gui.so.6.2.3 @ 0x003777dc) QRhiImplementation::textureFormatInfo(QRhiTexture::Format, QSize const&, unsigned int*, unsigned int*, unsigned int*) const() + 0x1c
      #1 0x0000007f97dc2788 in (/lib/libQt6Gui.so.6.2.3 @ 0x004c2788) QRhiGles2::enqueueSubresUpload(QGles2Texture*, QGles2CommandBuffer*, int, int, QRhiTextureSubresourceUploadDescription const&)() + 0x148
      #2 0x0000007f97dc30e0 in (/lib/libQt6Gui.so.6.2.3 @ 0x004c30e0) QRhiGles2::enqueueResourceUpdates(QRhiCommandBuffer*, QRhiResourceUpdateBatch*)() + 0x2c0
      #3 0x0000007f96e5ee04 in (/lib/libQt6Quick.so.6.2.3 @ 0x002cee04) QSGBatchRenderer::Renderer::prepareRenderPass(QSGBatchRenderer::Renderer::RenderPassContext*)() + 0x574
      #4 0x0000007f96e608a4 in (/lib/libQt6Quick.so.6.2.3 @ 0x002d08a4) QSGBatchRenderer::Renderer::render()() + 0x24
      #5 0x0000007f96e73c20 in (/lib/libQt6Quick.so.6.2.3 @ 0x002e3c20) QSGRenderer::renderScene()() + 0x70
      #6 0x0000007f96e28c84 in (/lib/libQt6Quick.so.6.2.3 @ 0x00298c84) QuickWindowPrivate::renderSceneGraph(QSize const&, QSize const&, QMatrix4x4 const&)() + 0x264
      #7 0x0000007f96fc70d0 in (/lib/libQt6Quick.so.6.2.3 @ 0x004370d0) QSGRenderThread::syncAndRender()() + 0x240
      #8 0x0000007f96fca220 in (/lib/libQt6Quick.so.6.2.3 @ 0x0043a220) QSGRenderThread::run()() + 0xd0
      #9 0x0000007f983d018c in (/lib/libQt6Core.so.6.2.3 @ 0x002e018c) QThreadPrivate::start(void*)() + 0x17c
      #10 0x0000007f8746d0a4 in (/lib/libc.so.6 @ 0x0007d0a4) start_thread + 0x2d4
      #11 0x0000007f874d4f9c in (/lib/libc.so.6 @ 0x000e4f9c) thread_start + 0xc
      

      Looking into the issue the crash is due to passing a deleted texture to QRhiImplementation::textureFormatInfo. This stale textures pointer comes from QRhiResourceUpdateBatchPrivate::textureOps in QRhiGles2::enqueueResourceUpdates. The underlying texture is from QSGRhiTextureGlyphCache when it calls QRhiResourceUpdateBatch::update. It looks like QSGRhiTextureGlyphCache's destructor is called, deleting the texture whilst it's still referenced in QRhiResourceUpdateBatchPrivate::textureOps. The QSGRhiTextureGlyphCache appears to be destroyed when its reference in QFontEngine is popped from QFontEngine::caches(which holds a QExplicitlySharedDataPointer to the QFontEngineGlyphCache) inside QFontEngine::setGlyphCache.

      Attachments

        For Gerrit Dashboard: QTBUG-111995
        # Subject Branch Project Status CR V

        Activity

          People

            lagocs Laszlo Agocs
            lbreeze Liam Breeze
            Votes:
            1 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes