Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-127455

QML ListView crashes in QQuickItemViewPrivate::itemGeometryChanged

    XMLWordPrintable

Details

    • 81c95fb65 (dev), 6c11f156d (6.8), 2bf8027ef (6.7), 479676950 (tqtc/lts-6.5)

    Description

      Consider the following code: https://invent.kde.org/nicolasfella/listtest

      It crashes as followed:

      ==431594==ERROR: AddressSanitizer: heap-use-after-free on address 0x507000108890 at pc 0x7fbdf4ce5268 bp 0x7ffd1626b2e0 sp 0x7ffd1626b2d8

READ of size 8 at 0x507000108890 thread T0

    #0 0x7fbdf4ce5267 in QWeakPointer<QObject>::internalData() const /home/nico/workspace/qt6/qtbase/src/corelib/tools/qsharedpointer_impl.h:752

    #1 0x7fbdf56d4b05 in QPointer<QQuickItem>::data() const /home/nico/workspace/qt6/qtbase/src/corelib/kernel/qpointer.h:74

    #2 0x7fbdf56d4b05 in bool operator==<QQuickItem>(QPointer<QQuickItem> const&, QQuickItem*) /home/nico/workspace/qt6/qtbase/src/corelib/kernel/qpointer.h:108

    #3 0x7fbdf56d4b05 in QQuickItemViewPrivate::itemGeometryChanged(QQuickItem*, QQuickGeometryChange, QRectF const&) /home/nico/workspace/qt6/qtdeclarative/src/quick/items/qquickitemview.cpp:1165

    #4 0x7fbdf571c956 in QQuickListViewPrivate::itemGeometryChanged(QQuickItem*, QQuickGeometryChange, QRectF const&) /home/nico/workspace/qt6/qtdeclarative/src/quick/items/qquicklistview.cpp:1593

    #5 0x7fbdf4d71193 in operator() /home/nico/workspace/qt6/qtdeclarative/src/quick/items/qquickitem.cpp:3882

    #6 0x7fbdf4d9257f in notifyChangeListeners<QQuickItem::geometryChange(const QRectF&, const QRectF&)::<lambda(const QQuickItemPrivate::ChangeListener&)> > /home/nico/workspace/qt6/qtdeclarative/src/quick/items/qquickitem_p.h:35
9

    #7 0x7fbdf4d943c2 in QQuickItem::geometryChange(QRectF const&, QRectF const&) /home/nico/workspace/qt6/qtdeclarative/src/quick/items/qquickitem.cpp:3880

    #8 0x7fbdf4d93aeb in QQuickItem::setWidth(double) /home/nico/workspace/qt6/qtdeclarative/src/quick/items/qquickitem.cpp:7301

    #9 0x7fbdf570ebaa in QQuickListViewPrivate::updateHighlight() /home/nico/workspace/qt6/qtdeclarative/src/quick/items/qquicklistview.cpp:1039

    #10 0x7fbdf56e0b9d in QQuickItemViewPrivate::updateCurrent(int) /home/nico/workspace/qt6/qtdeclarative/src/quick/items/qquickitemview.cpp:1686

    #11 0x7fbdf56e1320 in QQuickItemViewPrivate::regenerate(bool) /home/nico/workspace/qt6/qtdeclarative/src/quick/items/qquickitemview.cpp:1837

    #12 0x7fbdf56e165e in QQuickItemView::modelUpdated(QQmlChangeSet const&, bool) /home/nico/workspace/qt6/qtdeclarative/src/quick/items/qquickitemview.cpp:1220

    #13 0x7fbdf56e3cae in QQuickItemView::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/nico/workspace/qt6/qtdeclarative/src/quick/Quick_autogen/include/moc_qquickitemview_p.cpp:660

    #14 0x7fbdfe462c65 in void doActivate<false>(QObject*, int, void**) (/home/nico/kde/usr/lib64/libQt6Core.so.6+0x462c65) (BuildId: 62e0189840ad056882a5de113101d3c64edd508b)

    #15 0x7fbdfe441741 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) /home/nico/workspace/qt6/qtbase/src/corelib/kernel/qobject.cpp:4146

    #16 0x7fbdf46a223d in QQmlInstanceModel::modelUpdated(QQmlChangeSet const&, bool) /home/nico/workspace/qt6/qtdeclarative/src/qmlmodels/QmlModels_autogen/include/moc_qqmlobjectmodel_p.cpp:281

    #17 0x7fbdf475c3d4 in QQmlDelegateModelPrivate::emitModelUpdated(QQmlChangeSet const&, bool) /home/nico/workspace/qt6/qtdeclarative/src/qmlmodels/qqmldelegatemodel.cpp:1848

    #18 0x7fbdf476972e in QQmlDelegateModelGroupPrivate::emitModelUpdated(bool) /home/nico/workspace/qt6/qtdeclarative/src/qmlmodels/qqmldelegatemodel.cpp:2875

    #19 0x7fbdf476eff9 in QQmlDelegateModelPrivate::emitChanges() /home/nico/workspace/qt6/qtdeclarative/src/qmlmodels/qqmldelegatemodel.cpp:1893

    #20 0x7fbdf478b99b in QQmlDelegateModel::handleModelReset() /home/nico/workspace/qt6/qtdeclarative/src/qmlmodels/qqmldelegatemodel.cpp:1974

    #21 0x7fbdf478bd2f in operator() /home/nico/workspace/qt6/qtdeclarative/src/qmlmodels/qqmldelegatemodel.cpp:1922

    #22 0x7fbdf478bf3e in call /home/nico/workspace/qt6/qtbase/src/corelib/kernel/qobjectdefs_impl.h:137

    #23 0x7fbdf478bf3e in call<QtPrivate::List<>, void> /home/nico/workspace/qt6/qtbase/src/corelib/kernel/qobjectdefs_impl.h:345

    #24 0x7fbdf478bf3e in impl /home/nico/workspace/qt6/qtbase/src/corelib/kernel/qobjectdefs_impl.h:555

    #25 0x7fbdfe4627d3 in void doActivate<false>(QObject*, int, void**) (/home/nico/kde/usr/lib64/libQt6Core.so.6+0x4627d3) (BuildId: 62e0189840ad056882a5de113101d3c64edd508b)

    #26 0x7fbdfe441741 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) /home/nico/workspace/qt6/qtbase/src/corelib/kernel/qobject.cpp:4146

    #27 0x7fbdfe9cbcaa in QAbstractItemModel::modelReset(QAbstractItemModel::QPrivateSignal) /home/nico/workspace/qt6/qtbase/src/corelib/Core_autogen/include/moc_qabstractitemmodel.cpp:1113

    #28 0x7fbdfe9d24e9 in QAbstractItemModel::endResetModel() /home/nico/workspace/qt6/qtbase/src/corelib/itemmodels/qabstractitemmodel.cpp:3417

    #29 0x40b925 in ColumnSortModel::ColumnSortModel(QObject*)::{lambda()#1}::operator()() const (/home/nico/workspace/listtest/build/src/plasma-systemmonitor+0x40b925) (BuildId: 9de439c6342b6201fa36bf06cb2b9e4b6ebdd445)

    #30 0x40c136 in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, ColumnSortModel::ColumnSortModel(QObject*)::{lambda()#1}>::call(ColumnSortModel::ColumnSortModel(QObject*)::{lambda()#1}&, void**) (/hom
e/nico/workspace/listtest/build/src/plasma-systemmonitor+0x40c136) (BuildId: 9de439c6342b6201fa36bf06cb2b9e4b6ebdd445)

    #31 0x40c0a8 in void QtPrivate::FunctorCallable<ColumnSortModel::ColumnSortModel(QObject*)::{lambda()#1}>::call<QtPrivate::List<>, void>(ColumnSortModel::ColumnSortModel(QObject*)::{lambda()#1}&, void*, void**) (/home/nico/wor
kspace/listtest/build/src/plasma-systemmonitor+0x40c0a8) (BuildId: 9de439c6342b6201fa36bf06cb2b9e4b6ebdd445)

    #32 0x40c05f in QtPrivate::QCallableObject<ColumnSortModel::ColumnSortModel(QObject*)::{lambda()#1}, QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) (/home/nico/workspace/listtest/buil
d/src/plasma-systemmonitor+0x40c05f) (BuildId: 9de439c6342b6201fa36bf06cb2b9e4b6ebdd445)

    #33 0x7fbdfe434b1d in QtPrivate::QSlotObjectBase::call(QObject*, void**) /home/nico/workspace/qt6/qtbase/src/corelib/kernel/qobjectdefs_impl.h:469

    #34 0x7fbdfe434b1d in QMetaCallEvent::placeMetaCall(QObject*) /home/nico/workspace/qt6/qtbase/src/corelib/kernel/qobject.cpp:654

    #35 0x7fbdfe447307 in QObject::event(QEvent*) /home/nico/workspace/qt6/qtbase/src/corelib/kernel/qobject.cpp:1452

    #36 0x7fbdfe66223f in QThread::event(QEvent*) /home/nico/workspace/qt6/qtbase/src/corelib/thread/qthread.cpp:1127

    #37 0x7fbdfe35c927 in QCoreApplicationPrivate::notify_helper(QObject*, QEvent*) /home/nico/workspace/qt6/qtbase/src/corelib/kernel/qcoreapplication.cpp:1316

    #38 0x7fbdfe35cbc5 in doNotify /home/nico/workspace/qt6/qtbase/src/corelib/kernel/qcoreapplication.cpp:1243

    #39 0x7fbdfe35cc5c in QCoreApplication::notify(QObject*, QEvent*) /home/nico/workspace/qt6/qtbase/src/corelib/kernel/qcoreapplication.cpp:1226

    #40 0x7fbdff3fb4d8 in QGuiApplication::notify(QObject*, QEvent*) /home/nico/workspace/qt6/qtbase/src/gui/kernel/qguiapplication.cpp:1999

    #41 0x7fbdfe35cef0 in QCoreApplication::notifyInternal2(QObject*, QEvent*) /home/nico/workspace/qt6/qtbase/src/corelib/kernel/qcoreapplication.cpp:1142

    #42 0x7fbdfe35d07e in QCoreApplication::sendEvent(QObject*, QEvent*) /home/nico/workspace/qt6/qtbase/src/corelib/kernel/qcoreapplication.cpp:1583

    #43 0x7fbdfe35e3e1 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) /home/nico/workspace/qt6/qtbase/src/corelib/kernel/qcoreapplication.cpp:1941

    #44 0x7fbdfe35e6d6 in QCoreApplication::sendPostedEvents(QObject*, int) /home/nico/workspace/qt6/qtbase/src/corelib/kernel/qcoreapplication.cpp:1796

    #45 0x7fbdfeb16f79 in postEventSourceDispatch /home/nico/workspace/qt6/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:244

    #46 0x7fbdfd71275f in g_main_dispatch ../glib/gmain.c:3344

    #47 0x7fbdfd71275f in g_main_context_dispatch_unlocked ../glib/gmain.c:4152

    #48 0x7fbdfd7143a7 in g_main_context_iterate_unlocked ../glib/gmain.c:4217

    #49 0x7fbdfd714a5b in g_main_context_iteration ../glib/gmain.c:4282

    #50 0x7fbdfeb15509 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) /home/nico/workspace/qt6/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:394

    #51 0x7fbe001b6845 in QPAEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) /home/nico/workspace/qt6/qtbase/src/gui/platform/unix/qeventdispatcher_glib.cpp:87

    #52 0x7fbdfe379f33 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) /home/nico/workspace/qt6/qtbase/src/corelib/kernel/qeventloop.cpp:100

    #53 0x7fbdfe37b3db in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) /home/nico/workspace/qt6/qtbase/src/corelib/kernel/qeventloop.cpp:182

    #54 0x7fbdfe3650f0 in QCoreApplication::exec() /home/nico/workspace/qt6/qtbase/src/corelib/kernel/qcoreapplication.cpp:1486

    #55 0x7fbdff3ddfd3 in QGuiApplication::exec() /home/nico/workspace/qt6/qtbase/src/gui/kernel/qguiapplication.cpp:1931

    #56 0x40add8 in main (/home/nico/workspace/listtest/build/src/plasma-systemmonitor+0x40add8) (BuildId: 9de439c6342b6201fa36bf06cb2b9e4b6ebdd445)

    #57 0x7fbdfd82a1ef in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

    #58 0x7fbdfd82a2b8 in __libc_start_main_impl ../csu/libc-start.c:360

    #59 0x406614 in _start ../sysdeps/x86_64/start.S:115



0x507000108890 is located 16 bytes inside of 80-byte region [0x507000108880,0x5070001088d0)

freed by thread T0 here:

    #0 0x7fbe022fe1f8 in operator delete(void*, unsigned long) ../../../../libsanitizer/asan/asan_new_delete.cpp:164

    #1 0x7fbdf572550d in FxListItemSG::~FxListItemSG() /home/nico/workspace/qt6/qtdeclarative/src/quick/items/qquicklistview.cpp:237

    #2 0x7fbdf5726cfc in std::default_delete<FxViewItem>::operator()(FxViewItem*) const /usr/include/c++/13/bits/unique_ptr.h:99

    #3 0x7fbdf5726cfc in std::__uniq_ptr_impl<FxViewItem, std::default_delete<FxViewItem> >::reset(FxViewItem*) /usr/include/c++/13/bits/unique_ptr.h:211

    #4 0x7fbdf5726cfc in std::unique_ptr<FxViewItem, std::default_delete<FxViewItem> >::reset(FxViewItem*) /usr/include/c++/13/bits/unique_ptr.h:509

    #5 0x7fbdf5726cfc in std::enable_if<std::__and_<std::__and_<std::is_convertible<std::unique_ptr<FxListItemSG, std::default_delete<FxListItemSG> >::pointer, FxViewItem*>, std::__not_<std::is_array<FxListItemSG> > >, std::is_ass
ignable<std::default_delete<FxViewItem>&, std::default_delete<FxListItemSG>&&> >::value, std::unique_ptr<FxViewItem, std::default_delete<FxViewItem> >&>::type std::unique_ptr<FxViewItem, std::default_delete<FxViewItem> >::operator
=<FxListItemSG, std::default_delete<FxListItemSG> >(std::unique_ptr<FxListItemSG, std::default_delete<FxListItemSG> >&&) /usr/include/c++/13/bits/unique_ptr.h:432

    #6 0x7fbdf570d235 in QQuickListViewPrivate::createHighlight(bool) /home/nico/workspace/qt6/qtdeclarative/src/quick/items/qquicklistview.cpp:1014

    #7 0x7fbdf570ea8b in QQuickListViewPrivate::updateHighlight() /home/nico/workspace/qt6/qtdeclarative/src/quick/items/qquicklistview.cpp:1027

    #8 0x7fbdf56e0b9d in QQuickItemViewPrivate::updateCurrent(int) /home/nico/workspace/qt6/qtdeclarative/src/quick/items/qquickitemview.cpp:1686

    #9 0x7fbdf56e1320 in QQuickItemViewPrivate::regenerate(bool) /home/nico/workspace/qt6/qtdeclarative/src/quick/items/qquickitemview.cpp:1837

    #10 0x7fbdf56e165e in QQuickItemView::modelUpdated(QQmlChangeSet const&, bool) /home/nico/workspace/qt6/qtdeclarative/src/quick/items/qquickitemview.cpp:1220

    #11 0x7fbdf56e3cae in QQuickItemView::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/nico/workspace/qt6/qtdeclarative/src/quick/Quick_autogen/include/moc_qquickitemview_p.cpp:660

    #12 0x7fbdfe462c65 in void doActivate<false>(QObject*, int, void**) (/home/nico/kde/usr/lib64/libQt6Core.so.6+0x462c65) (BuildId: 62e0189840ad056882a5de113101d3c64edd508b)

    #13 0x7fbdfe441741 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) /home/nico/workspace/qt6/qtbase/src/corelib/kernel/qobject.cpp:4146

    #14 0x7fbdf46a223d in QQmlInstanceModel::modelUpdated(QQmlChangeSet const&, bool) /home/nico/workspace/qt6/qtdeclarative/src/qmlmodels/QmlModels_autogen/include/moc_qqmlobjectmodel_p.cpp:281

    #15 0x7fbdf475c3d4 in QQmlDelegateModelPrivate::emitModelUpdated(QQmlChangeSet const&, bool) /home/nico/workspace/qt6/qtdeclarative/src/qmlmodels/qqmldelegatemodel.cpp:1848

    #16 0x7fbdf476972e in QQmlDelegateModelGroupPrivate::emitModelUpdated(bool) /home/nico/workspace/qt6/qtdeclarative/src/qmlmodels/qqmldelegatemodel.cpp:2875

    #17 0x7fbdf476eff9 in QQmlDelegateModelPrivate::emitChanges() /home/nico/workspace/qt6/qtdeclarative/src/qmlmodels/qqmldelegatemodel.cpp:1893

    #18 0x7fbdf478b99b in QQmlDelegateModel::handleModelReset() /home/nico/workspace/qt6/qtdeclarative/src/qmlmodels/qqmldelegatemodel.cpp:1974

    #19 0x7fbdf478bd2f in operator() /home/nico/workspace/qt6/qtdeclarative/src/qmlmodels/qqmldelegatemodel.cpp:1922

    #20 0x7fbdf478bf3e in call /home/nico/workspace/qt6/qtbase/src/corelib/kernel/qobjectdefs_impl.h:137

    #21 0x7fbdf478bf3e in call<QtPrivate::List<>, void> /home/nico/workspace/qt6/qtbase/src/corelib/kernel/qobjectdefs_impl.h:345

    #22 0x7fbdf478bf3e in impl /home/nico/workspace/qt6/qtbase/src/corelib/kernel/qobjectdefs_impl.h:555

    #23 0x7fbdfe4627d3 in void doActivate<false>(QObject*, int, void**) (/home/nico/kde/usr/lib64/libQt6Core.so.6+0x4627d3) (BuildId: 62e0189840ad056882a5de113101d3c64edd508b)

    #24 0x7fbdfe441741 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) /home/nico/workspace/qt6/qtbase/src/corelib/kernel/qobject.cpp:4146

    #25 0x7fbdfe9cbcaa in QAbstractItemModel::modelReset(QAbstractItemModel::QPrivateSignal) /home/nico/workspace/qt6/qtbase/src/corelib/Core_autogen/include/moc_qabstractitemmodel.cpp:1113

    #26 0x7fbdfe9d24e9 in QAbstractItemModel::endResetModel() /home/nico/workspace/qt6/qtbase/src/corelib/itemmodels/qabstractitemmodel.cpp:3417

    #27 0x40b925 in ColumnSortModel::ColumnSortModel(QObject*)::{lambda()#1}::operator()() const (/home/nico/workspace/listtest/build/src/plasma-systemmonitor+0x40b925) (BuildId: 9de439c6342b6201fa36bf06cb2b9e4b6ebdd445)

    #28 0x40c136 in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, ColumnSortModel::ColumnSortModel(QObject*)::{lambda()#1}>::call(ColumnSortModel::ColumnSortModel(QObject*)::{lambda()#1}&, void**) (/hom
e/nico/workspace/listtest/build/src/plasma-systemmonitor+0x40c136) (BuildId: 9de439c6342b6201fa36bf06cb2b9e4b6ebdd445)

    #29 0x40c0a8 in void QtPrivate::FunctorCallable<ColumnSortModel::ColumnSortModel(QObject*)::{lambda()#1}>::call<QtPrivate::List<>, void>(ColumnSortModel::ColumnSortModel(QObject*)::{lambda()#1}&, void*, void**) (/home/nico/wor
kspace/listtest/build/src/plasma-systemmonitor+0x40c0a8) (BuildId: 9de439c6342b6201fa36bf06cb2b9e4b6ebdd445)

    #30 0x40c05f in QtPrivate::QCallableObject<ColumnSortModel::ColumnSortModel(QObject*)::{lambda()#1}, QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) (/home/nico/workspace/listtest/buil
d/src/plasma-systemmonitor+0x40c05f) (BuildId: 9de439c6342b6201fa36bf06cb2b9e4b6ebdd445)

    #31 0x7fbdfe434b1d in QtPrivate::QSlotObjectBase::call(QObject*, void**) /home/nico/workspace/qt6/qtbase/src/corelib/kernel/qobjectdefs_impl.h:469

    #32 0x7fbdfe434b1d in QMetaCallEvent::placeMetaCall(QObject*) /home/nico/workspace/qt6/qtbase/src/corelib/kernel/qobject.cpp:654

    #33 0x7fbdfe447307 in QObject::event(QEvent*) /home/nico/workspace/qt6/qtbase/src/corelib/kernel/qobject.cpp:1452

    #34 0x7fbdfe66223f in QThread::event(QEvent*) /home/nico/workspace/qt6/qtbase/src/corelib/thread/qthread.cpp:1127

    #35 0x7fbdfe35c927 in QCoreApplicationPrivate::notify_helper(QObject*, QEvent*) /home/nico/workspace/qt6/qtbase/src/corelib/kernel/qcoreapplication.cpp:1316



previously allocated by thread T0 here:

    #0 0x7fbe022fd2f8 in operator new(unsigned long) ../../../../libsanitizer/asan/asan_new_delete.cpp:95

    #1 0x7fbdf5726a5f in std::__detail::_MakeUniq<FxListItemSG>::__single_object std::make_unique<FxListItemSG, QQuickItem*&, QQuickListView* const&, bool>(QQuickItem*&, QQuickListView* const&, bool&&) /usr/include/c++/13/bits/uni
que_ptr.h:1070

    #2 0x7fbdf570c3de in QQuickListViewPrivate::createHighlight(bool) /home/nico/workspace/qt6/qtdeclarative/src/quick/items/qquicklistview.cpp:991

    #3 0x7fbdf570ea8b in QQuickListViewPrivate::updateHighlight() /home/nico/workspace/qt6/qtdeclarative/src/quick/items/qquicklistview.cpp:1027

    #4 0x7fbdf56d4e92 in QQuickItemViewPrivate::itemGeometryChanged(QQuickItem*, QQuickGeometryChange, QRectF const&) /home/nico/workspace/qt6/qtdeclarative/src/quick/items/qquickitemview.cpp:1161

    #5 0x7fbdf571c956 in QQuickListViewPrivate::itemGeometryChanged(QQuickItem*, QQuickGeometryChange, QRectF const&) /home/nico/workspace/qt6/qtdeclarative/src/quick/items/qquicklistview.cpp:1593

    #6 0x7fbdf4d71193 in operator() /home/nico/workspace/qt6/qtdeclarative/src/quick/items/qquickitem.cpp:3882

    #7 0x7fbdf4d9257f in notifyChangeListeners<QQuickItem::geometryChange(const QRectF&, const QRectF&)::<lambda(const QQuickItemPrivate::ChangeListener&)> > /home/nico/workspace/qt6/qtdeclarative/src/quick/items/qquickitem_p.h:35
9

    #8 0x7fbdf4d943c2 in QQuickItem::geometryChange(QRectF const&, QRectF const&) /home/nico/workspace/qt6/qtdeclarative/src/quick/items/qquickitem.cpp:3880

    #9 0x7fbdf4ed2a39 in QQuickText::geometryChange(QRectF const&, QRectF const&) /home/nico/workspace/qt6/qtdeclarative/src/quick/items/qquicktext.cpp:2648

    #10 0x7fbdf4d93aeb in QQuickItem::setWidth(double) /home/nico/workspace/qt6/qtdeclarative/src/quick/items/qquickitem.cpp:7301

    #11 0x7fbdf4dcb4a1 in QQuickItem::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/nico/workspace/qt6/qtdeclarative/src/quick/Quick_autogen/include/moc_qquickitem.cpp:1239

    #12 0x7fbdf4dcc100 in QQuickItem::qt_metacall(QMetaObject::Call, int, void**) /home/nico/workspace/qt6/qtdeclarative/src/quick/Quick_autogen/include/moc_qquickitem.cpp:1319

    #13 0x7fbdf4d70960 in QQuickImplicitSizeItem::qt_metacall(QMetaObject::Call, int, void**) /home/nico/workspace/qt6/qtdeclarative/src/quick/Quick_autogen/include/moc_qquickimplicitsizeitem_p.cpp:131

    #14 0x7fbdf4edadc2 in QQuickText::qt_metacall(QMetaObject::Call, int, void**) /home/nico/workspace/qt6/qtdeclarative/src/quick/Quick_autogen/include/moc_qquicktext_p.cpp:1081

    #15 0x7fbe016c4a82 in void QQmlPropertyData::doMetacall<(QMetaObject::Call)2>(QObject*, int, void**) const /home/nico/workspace/qt6/qtdeclarative/src/qml/qml/qqmlpropertydata_p.h:360

    #16 0x7fbe016c4d4d in QQmlPropertyData::writeProperty(QObject*, void*, QFlags<QQmlPropertyData::WriteFlag>) const /home/nico/workspace/qt6/qtdeclarative/src/qml/qml/qqmlpropertydata_p.h:378

    #17 0x7fbe01943400 in tryConvertAndAssign /home/nico/workspace/qt6/qtdeclarative/src/qml/qml/qqmlproperty.cpp:1397

    #18 0x7fbe01944128 in QQmlPropertyPrivate::write(QObject*, QQmlPropertyData const&, QVariant const&, QQmlRefPointer<QQmlContextData> const&, QFlags<QQmlPropertyData::WriteFlag>) /home/nico/workspace/qt6/qtdeclarative/src/qml/q
ml/qqmlproperty.cpp:1539

    #19 0x7fbe0194dab7 in QQmlPropertyPrivate::writeValueProperty(QObject*, QQmlPropertyData const&, QQmlPropertyData const&, QVariant const&, QQmlRefPointer<QQmlContextData> const&, QFlags<QQmlPropertyData::WriteFlag>) /home/nico
/workspace/qt6/qtdeclarative/src/qml/qml/qqmlproperty.cpp:1301

    #20 0x7fbe0194dbe1 in QQmlPropertyPrivate::writeValueProperty(QVariant const&, QFlags<QQmlPropertyData::WriteFlag>) /home/nico/workspace/qt6/qtdeclarative/src/qml/qml/qqmlproperty.cpp:1246

    #21 0x7fbe0194dd4a in QQmlPropertyPrivate::write(QQmlProperty const&, QVariant const&, QFlags<QQmlPropertyData::WriteFlag>) /home/nico/workspace/qt6/qtdeclarative/src/qml/qml/qqmlproperty.cpp:1844

    #22 0x7fbe0194de14 in QQmlProperty::write(QVariant const&) const /home/nico/workspace/qt6/qtdeclarative/src/qml/qml/qqmlproperty.cpp:1760

    #23 0x7fbe01b5182c in QQmlBind::eval() /home/nico/workspace/qt6/qtdeclarative/src/qml/types/qqmlbind.cpp:1090

    #24 0x7fbe01b52668 in QQmlBind::setObject(QObject*) /home/nico/workspace/qt6/qtdeclarative/src/qml/types/qqmlbind.cpp:489

    #25 0x7fbe01b578c6 in QQmlBind::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/nico/workspace/qt6/qtdeclarative/src/qml/Qml_autogen/include/moc_qqmlbind_p.cpp:186

    #26 0x7fbe016c4cc5 in QQmlPropertyData::writeProperty(QObject*, void*, QFlags<QQmlPropertyData::WriteFlag>) const /home/nico/workspace/qt6/qtdeclarative/src/qml/qml/qqmlpropertydata_p.h:376

    #27 0x7fbe01700e9f in bool QObjectPointerBinding::compareAndSet<QObjectPointerBinding::write(QV4::Value const&, bool, QFlags<QQmlPropertyData::WriteFlag>)::{lambda()#1}>(QQmlMetaObject const&, QObject*, QQmlPropertyData const*
, QFlags<QQmlPropertyData::WriteFlag>, QObjectPointerBinding::write(QV4::Value const&, bool, QFlags<QQmlPropertyData::WriteFlag>)::{lambda()#1} const&) const /home/nico/workspace/qt6/qtdeclarative/src/qml/qml/qqmlbinding.cpp:817

    #28 0x7fbe016efd4b in QObjectPointerBinding::write(QV4::Value const&, bool, QFlags<QQmlPropertyData::WriteFlag>) /home/nico/workspace/qt6/qtdeclarative/src/qml/qml/qqmlbinding.cpp:804

    #29 0x7fbe016e718e in QQmlBinding::doUpdate(QQmlJavaScriptExpression::DeleteWatcher const&, QFlags<QQmlPropertyData::WriteFlag>, QV4::Scope&) /home/nico/workspace/qt6/qtdeclarative/src/qml/qml/qqmlbinding.cpp:701



SUMMARY: AddressSanitizer: heap-use-after-free /home/nico/workspace/qt6/qtbase/src/corelib/tools/qsharedpointer_impl.h:752 in QWeakPointer<QObject>::internalData() const

Shadow bytes around the buggy address:

  0x507000108600: fd fd fd fd fd fa fa fa fa fa 00 00 00 00 00 00

  0x507000108680: 00 00 00 04 fa fa fa fa fd fd fd fd fd fd fd fd

  0x507000108700: fd fd fa fa fa fa fd fd fd fd fd fd fd fd fd fa

  0x507000108780: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fa fa

  0x507000108800: fa fa 00 00 00 00 00 00 00 00 00 00 fa fa fa fa

=>0x507000108880: fd fd[fd]fd fd fd fd fd fd fd fa fa fa fa 00 00

  0x507000108900: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa

  0x507000108980: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

  0x507000108a00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

  0x507000108a80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

  0x507000108b00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

Shadow byte legend (one shadow byte represents 8 application bytes):

  Addressable:           00

  Partially addressable: 01 02 03 04 05 06 07  
  Heap left redzone:       fa

  Freed heap region:       fd

  Stack left redzone:      f1

  Stack mid redzone:       f2

  Stack right redzone:     f3

  Stack after return:      f5

  Stack use after scope:   f8

  Global redzone:          f9

  Global init order:       f6

  Poisoned by user:        f7

  Container overflow:      fc

  Array cookie:            ac

  Intra object redzone:    bb

  ASan internal:           fe

  Left alloca redzone:     ca

  Right alloca redzone:    cb

      This is happening with current dev and 6.7 branches

      Attachments

        For Gerrit Dashboard: QTBUG-127455
        # Subject Branch Project Status CR V
        583320,4 Fix invalid memory access during highlight creation in the item view dev qt/qtdeclarative Status: MERGED +2 0
        585180,2 Fix invalid memory access during highlight creation in the item view 6.8 qt/qtdeclarative Status: MERGED +2 0
        585239,2 Fix invalid memory access during highlight creation in the item view 6.7 qt/qtdeclarative Status: MERGED +2 0
        585486,2 Fix invalid memory access during highlight creation in the item view tqtc/lts-6.5 qt/tqtc-qtdeclarative Status: MERGED +2 0

        Activity

          People

            santhoshkumar Santhosh Kumar Selvaraj
            nicolasfella Nicolas Fella
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: