Details
-
Bug
-
Resolution: Fixed
-
P1: Critical
-
5.15.14, 6.2.9, 6.5.2, 6.6.0 Beta2
-
None
-
Windows 10 22H2, MSVC 2019 x64
-
1d3385e (dev), c2c8369 (6.6), 13c59f7 (6.5), ffa28d9 (6.2)
Description
Code
import QtQuick 2.15 import QtQuick.Window 2.15 Window { id: root width: 640 height: 480 visible: true property int iteration: 0 Component { id: comp MyLargeObject { // Note: Putting many many property bindings in the object will // help to auto-trigger the garbage collector sooner Component.onDestruction: console.log("Object destroyed") } } Timer { interval: 100 repeat: true running: true onTriggered: { console.log("Iteration", ++iteration) comp.createObject() } } }
Steps to reproduce
- Build the attached project in Debug mode
- Run the application through the QML Debugger (in Qt Creator, click "Debug" > "Start Debugging" > "Start Debugging of Startup Project")
- Watch the console output and wait for the garbage collector to activate (you should see a bunch of "Object destroyed" messages in stdout within ~20 iterations)
If the garbage collector has activated multiple times but you still don't get a crash, try the following steps:
- Drag the app window around by its title bar
- Close the app window to quit
- Restart the debugger and repeat the test
Outcomes
The steps above should trigger an assertion or a segfault. Sample messages from Qt 6.5.2:
ASSERT: "c->sender == q_ptr" in file C:\Users\qt\work\qt\qtbase\src\corelib\kernel\qobject.cpp, line 305 C:\Users\qt\work\qt\qtbase\src\corelib\kernel\qobject.cpp: 305
Exception at 0x7ffed2df7e60, code: 0xc0000005: read access violation at: 0xffffffffffffffff, flags=0x0 (first chance) in Qt6Qmld!QV4::Value::fromHeapObject
(While trying to create and simplify the reproducer, the exact crash toggled between the two)
Notes
- The same test doesn't trigger a crash if the QML Debugger is not attached
- The crash does not occur if the garbage collector doesn't delete the objects (for example, if we give the objects a parent: `comp.createObject(root)`)