Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-123484

[Reg 6.7 > 6.6.2] Crash in QJSValue copy constructor

XMLWordPrintable

    • Windows
    • c7995e6aa (dev), e594a9e73 (6.7)

      The crash is encountered in QQuickDesignerSupport:: allPropertyNames().

      else if (QQmlGadgetPtrWrapper *valueType
                   = QQmlGadgetPtrWrapper::instance(qmlEngine(object), metaProperty.metaType())) {
            valueType->setValue(metaProperty.read(object)); <-- crash
            propertyNameList.append(baseName + QQuickDesignerSupport::PropertyName(metaProperty.name()));
            propertyNameList.append(allPropertyNames(valueType,
                                                     baseName
                                                     + QQuickDesignerSupport::PropertyName(metaProperty.name())
                                                     + '.', inspectedObjects,
                                                     depth + 1));
}

      See QDS-12263 for details on the Qt Design Studio side.

      Stack trace:

      [Inline Frame] Qt6Core.dll!QtMetaTypePrivate::copyConstruct(const QtPrivate::QMetaTypeInterface *) Line 177	C++
 	[Inline Frame] Qt6Core.dll!?A0x9d6ae52b::clonePrivate(const QVariant::Private &) Line 312	C++
 	Qt6Core.dll!QVariant::QVariant(const QVariant & p) Line 544	C++
 	[Inline Frame] Qt6Core.dll!QtMetaTypePrivate::copyConstruct(const QtPrivate::QMetaTypeInterface *) Line 177	C++
 	[Inline Frame] Qt6Core.dll!QtMetaTypePrivate::construct(const QtPrivate::QMetaTypeInterface * iface, void *) Line 194	C++
 	Qt6Core.dll!QMetaType::construct(void * where, const void * copy) Line 712	C++
>	qml2puppet-4.5.0.exe!QmlDesigner::Internal::allPropertyNamesFork(QObject * object, const QByteArray & baseName, QList<QObject *> * inspectedObjects, int depth) Line 175	C++

      In every case of this crash the QVariant contained a QJSValue. The band-aid fix is to ignore QVariants containing a QJSValue. See: https://codereview.qt-project.org/c/qt-creator/qt-creator/+/549336

      While debugging I encountered another crash when call QVariant::convert on the variant containing the QJSValue:

      	Qt6Qml.dll!QV4::PersistentValueStorage::allocate() Line 172	C++
 	Qt6Qml.dll!QJSValuePrivate::encode(const QV4::Value & qv4Value) Line 156	C++
 	Qt6Qml.dll!QJSValue::QJSValue(const QJSValue & other) Line 258	C++

      The QML properties in question were properties like this one:

      property var model

        For Gerrit Dashboard: QTBUG-123484
        # Subject Branch Project Status CR V
        549605,5 QQmlGadgetPtrWrapper: Consider QVariant as possible type 6.7 qt/qtdeclarative Status: MERGED +2 0
        550089,2 QQmlGadgetPtrWrapper: Consider QVariant as possible type dev qt/qtdeclarative Status: MERGED +2 0

            ulherman Ulf Hermann
            thohartm Thomas Hartmann
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved:

                There are no open Gerrit changes