Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-122686

Crash when processing hover events modifies object tree

    XMLWordPrintable

Details

    • d00e890e5 (dev), 60e2292e1 (6.7), 6fb3c761b (6.6), e59a677a3 (tqtc/lts-6.5)

    Description

      Breakdown of the issue, which can be reproduces with the attached project:

      https://github.com/qt/qtdeclarative/blob/5a762ba09cdeb8df5cf54ce562bc60dfcc11c97f/src/quick/util/qquickdeliveryagent.cpp#L1007

      The function above iterates over “hoverItems”:

      https://github.com/qt/qtdeclarative/blob/5a762ba09cdeb8df5cf54ce562bc60dfcc11c97f/src/quick/util/qquickdeliveryagent_p_p.h#L76C5-L76C53

      If the current “hoverId” does not match it can make a call to "deliverHoverEventToItem" here:

      https://github.com/qt/qtdeclarative/blob/5a762ba09cdeb8df5cf54ce562bc60dfcc11c97f/src/quick/util/qquickdeliveryagent.cpp#L1053

      This function can have side effects, example a mouse area closes the current window synchronously on a hover leave event.
      The close event triggers a hide, which in turn calls “clearHover()” here:
      https://github.com/qt/qtdeclarative/blob/5a762ba09cdeb8df5cf54ce562bc60dfcc11c97f/src/quick/util/qquickdeliveryagent.cpp#L1345

      Which clears the flatmap that is currently being iterated over.
      It returns from this point:

      https://github.com/qt/qtdeclarative/blob/5a762ba09cdeb8df5cf54ce562bc60dfcc11c97f/src/quick/util/qquickdeliveryagent.cpp#L1053

      And attempts to erase the iterator, which is now invalid, corrupting the flatmap which may continue iterating.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-91272 [Regression]On Mouse Area press, deleting other overlapping mouse area crashes the Application

          • P1: Critical - Urgent and Important, will STOP the release if matched with set FixVersion field. This includes regressions from the last version that are not edge cases; Data loss; Build issues; All but the most unlikely crashes/lockups/hanging; Serious usability issues and embarrassing bugs & Bugs critical to a deliverable. This is the highest possible priority for requirements.
          • Closed
          For Gerrit Dashboard: QTBUG-122686
          # Subject Branch Project Status CR V
          542818,6 Hover event delivery: don't modify a list we are iterating dev qt/qtdeclarative Status: MERGED +2 0
          544331,2 Hover event delivery: don't modify a list we are iterating 6.7 qt/qtdeclarative Status: MERGED +2 0
          544401,2 Hover event delivery: don't modify a list we are iterating 6.6 qt/qtdeclarative Status: MERGED +2 0
          544642,2 Hover event delivery: don't modify a list we are iterating tqtc/lts-6.5 qt/tqtc-qtdeclarative Status: MERGED +2 0

          Activity

            People

              vhilshei Volker Hilsheimer
              vhilshei Volker Hilsheimer
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes