Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-123484

[Reg 6.7 > 6.6.2] Crash in QJSValue copy constructor

    XMLWordPrintable

Details

    • Windows
    • c7995e6aa (dev), e594a9e73 (6.7)

    Description

      The crash is encountered in QQuickDesignerSupport:: allPropertyNames().

      else if (QQmlGadgetPtrWrapper *valueType
                   = QQmlGadgetPtrWrapper::instance(qmlEngine(object), metaProperty.metaType())) {
            valueType->setValue(metaProperty.read(object)); <-- crash
            propertyNameList.append(baseName + QQuickDesignerSupport::PropertyName(metaProperty.name()));
            propertyNameList.append(allPropertyNames(valueType,
                                                     baseName
                                                     + QQuickDesignerSupport::PropertyName(metaProperty.name())
                                                     + '.', inspectedObjects,
                                                     depth + 1));
}

      See QDS-12263 for details on the Qt Design Studio side.

      Stack trace:

      [Inline Frame] Qt6Core.dll!QtMetaTypePrivate::copyConstruct(const QtPrivate::QMetaTypeInterface *) Line 177	C++
 	[Inline Frame] Qt6Core.dll!?A0x9d6ae52b::clonePrivate(const QVariant::Private &) Line 312	C++
 	Qt6Core.dll!QVariant::QVariant(const QVariant & p) Line 544	C++
 	[Inline Frame] Qt6Core.dll!QtMetaTypePrivate::copyConstruct(const QtPrivate::QMetaTypeInterface *) Line 177	C++
 	[Inline Frame] Qt6Core.dll!QtMetaTypePrivate::construct(const QtPrivate::QMetaTypeInterface * iface, void *) Line 194	C++
 	Qt6Core.dll!QMetaType::construct(void * where, const void * copy) Line 712	C++
>	qml2puppet-4.5.0.exe!QmlDesigner::Internal::allPropertyNamesFork(QObject * object, const QByteArray & baseName, QList<QObject *> * inspectedObjects, int depth) Line 175	C++

      In every case of this crash the QVariant contained a QJSValue. The band-aid fix is to ignore QVariants containing a QJSValue. See: https://codereview.qt-project.org/c/qt-creator/qt-creator/+/549336

      While debugging I encountered another crash when call QVariant::convert on the variant containing the QJSValue:

      	Qt6Qml.dll!QV4::PersistentValueStorage::allocate() Line 172	C++
 	Qt6Qml.dll!QJSValuePrivate::encode(const QV4::Value & qv4Value) Line 156	C++
 	Qt6Qml.dll!QJSValue::QJSValue(const QJSValue & other) Line 258	C++

      The QML properties in question were properties like this one:

      property var model

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. QDS-12263 2D/3D broken, emulation layer crash in some of the examples

          • P1: Critical - Urgent and Important, will STOP the release if matched with set FixVersion field. This includes regressions from the last version that are not edge cases; Data loss; Build issues; All but the most unlikely crashes/lockups/hanging; Serious usability issues and embarrassing bugs & Bugs critical to a deliverable. This is the highest possible priority for requirements.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              ulherman Ulf Hermann
              thohartm Thomas Hartmann
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes