Details
-
Bug
-
Resolution: Invalid
-
P1: Critical
-
None
-
dev
-
None
-
Linux/X11
Description
I'm not actually sure why it crashes, and there is a good chance that this is machine dependent, since I haven't reproduced it on other machines.
Steps to reproduce:
- Open Qt Creator version 11.0.2 (or build qt creator yourself from origin/master, using qt-cmake from a recent origin/dev build of qt).
- Open qtdeclarative/CMakeLists.txt, and import an existing build of qtdeclarative.
- Open a QML file inside the editor (e.g, FileDialog.qml).
- Wait for the crash to happen.
Here is the backtrace:QVarLengthArray<char16_t>
Thread 139 "QmlJSEditor::In" received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7ffd3bfff6c0 (LWP 3040957)] 0x00007ffff4d2ce3e in operator() (__closure=0x0, i=0) at /home/oliver/qt/dev/qtbase/src/corelib/text/qstring.cpp:989 989 return UnrollTailLoop<3>::exec(qsizetype(size), [dst, str](qsizetype i) { dst[i] = uchar(str[i]); }); (gdb) info args __closure = 0x0 i = 0 (gdb) bt 3- A syntax error in expression, near `'. (gdb) bt 30 #0 0x00007ffff4d2ce3e in operator() (__closure=0x0, i=0) at /home/oliver/qt/dev/qtbase/src/corelib/text/qstring.cpp:989 #1 0x00007ffff4d3fbfd in operator() (__closure=0x7ffd3b800040, i=0) at /home/oliver/qt/dev/qtbase/src/corelib/text/qstring.cpp:342 #2 0x00007ffff4d46a68 in (anonymous namespace)::UnrollTailLoop<3>::exec<int, (anonymous namespace)::UnrollTailLoop<3>::exec<qt_from_latin1(char16_t*, char const*, size_t)::<lambda(qsizetype)>, long long int>(long long int, qt_from_lati n1(char16_t*, char const*, size_t)::<lambda(qsizetype)>)::<lambda(long long int)>, (anonymous namespace)::UnrollTailLoop<3>::exec<qt_from_latin1(char16_t*, char const*, size_t)::<lambda(qsizetype)>, long long int>(long long int, qt_from _latin1(char16_t*, char const*, size_t)::<lambda(qsizetype)>)::<lambda(long long int)>, long long int>(long long, int, struct {...}, struct {...}, long long) (count=3, returnIfExited=0, loopCheck=..., returnIfFailed=..., i=0) at /home/oliver/qt/dev/qtbase/src/corelib/text/qstring.cpp:329 #3 0x00007ffff4d3fc59 in (anonymous namespace)::UnrollTailLoop<3>::exec<qt_from_latin1(char16_t*, char const*, size_t)::<lambda(qsizetype)>, long long int>(long long, struct {...}) (count=3, code=...) at /home/oliver/qt/dev/qtbase/src/corelib/text/qstring.cpp:342 #4 0x00007ffff4d2d3f6 in qt_from_latin1 (dst=0x7ffd3b8003f8 u"", str=0x7ffff7bd55dd "://", size=3) at /home/oliver/qt/dev/qtbase/src/corelib/text/qstring.cpp:989 #5 0x00007ffff4d2d4ae in qt_from_latin1_to_qvla (str=...) at /home/oliver/qt/dev/qtbase/src/corelib/text/qstring.cpp:1011 #6 0x00007ffff4d3e3ab in QtPrivate::findString (haystack=..., from=0, needle=..., cs=Qt::CaseSensitive) at /home/oliver/qt/dev/qtbase/src/corelib/text/qstring.cpp:9712 #7 0x00007ffff78cc181 in QStringView::indexOf (this=0x7ffd3b800660, s=..., from=0, cs=Qt::CaseSensitive) at /home/oliver/qt/dev/qtbase/src/corelib/text/qstring.h:77 #8 0x00007ffff78bf648 in Utils::FilePath::schemeAndHostLength (path=...) at /home/oliver/qt/qt-creator/src/libs/utils/filepath.cpp:792 #9 0x00007ffff78bffe2 in Utils::doCleanPath (input_=...) at /home/oliver/qt/qt-creator/src/libs/utils/filepath.cpp:926 #10 0x00007ffff78c6d2e in Utils::FilePath::cleanPath (this=0x7ffd3b8009f0) at /home/oliver/qt/qt-creator/src/libs/utils/filepath.cpp:2137 #11 0x00007fffdf6be8f3 in QmlJS::modulePaths (name=..., version=..., importPaths=...) at /home/oliver/qt/qt-creator/src/libs/qmljs/qmljsutils.cpp:270 #12 0x00007fffdf60a201 in QmlJS::LinkPrivate::importLibrary (this=0x7ffd34005b50, doc=..., libraryPath=..., import=0x7ffd3b801050, targetObject=0x7ffd34331930, importPath=..., optional=true) at /home/oliver/qt/qt-creator/src/libs/qmljs/qmljslink.cpp:527
In the backtrace above, it looks like the cause is a null pointer dereference of "__closure", but I've executed the program multiple times, and __closure is sometimes a non-nullptr value too.
The lambda expression that is passed as an argument on line 990, is copying values from a const char* buffer to a char16_t* buffer. The char16_t* buffer is created from QVarLengthArray<char16_t>, which looks ok?