Details
P1: Critical Description
Have no reproducer, just see such crashes among our users crash reports.
Unhandled exception thrown: read access violation.
this->**m_binding** was nullptr.
Call stack:
> Qt6WebEngineCore.dll!QtWebEngineCore::Compositor::Observer::compositor() Line 100 C++ Qt6WebEngineCore.dll!QtWebEngineCore::RenderWidgetHostViewQtDelegateItem::onBeforeRendering() Line 401 C++ [Inline Frame] Qt6Core.dll!QtPrivate::QSlotObjectBase::call(QObject *) Line 374 C++ Qt6Core.dll!doActivate<0>(QObject * sender, int signal_index, void * * argv) Line 4036 C++ Qt6Core.dll!QMetaObject::activate(QObject * sender, const QMetaObject * m, int local_signal_index, void * * argv) Line 4097 C++ [Inline Frame] Qt6Quick.dll!QQuickWindow::beforeRendering() Line 853 C++ Qt6Quick.dll!QQuickWindowPrivate::renderSceneGraph() Line 637 C++ Qt6Quick.dll!QSGRenderThread::syncAndRender() Line 736 C++ Qt6Quick.dll!QSGRenderThread::run() Line 942 C++ Qt6Core.dll!QThreadPrivate::start(void * arg) Line 292 C++ [External Code]
Looks like a race. I guess
if (!m_binding)
return nullptr;
should be guarded by the mutex as well.
Attachments
| For Gerrit Dashboard: QTBUG-118455 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 513400,2 | Compositor: fix potential nullptr access | dev | qt/qtwebengine | Status: MERGED | +2 | 0 |
| 515842,2 | Compositor: fix potential nullptr access | 6.6 | qt/qtwebengine | Status: MERGED | +2 | 0 |
| 515999,2 | Compositor: fix potential nullptr access | 6.5 | qt/qtwebengine | Status: MERGED | +2 | 0 |