Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-132494

Crash in mapPropertyKey (invalid ExecutionEngine)

    XMLWordPrintable

Details

    • Linux/Wayland

    Description

      In my application (merkuro calendar) I get a crash deep in the js runtime as soon as I click on any calendar entry. I tried to investigate this a bit and in the mapPropertyKey with qDebug debugging and qKey is equal to "color" and mapping->engine() is equal to 0xd (so likely an offset to nullptr)

      The crash is very likely a regression in Qt. I am encountering this with qtdeclarative compiled from source / dev 0033e3f7f1f6e413e107f9060f236f3696b1d3f5

      This is the backtrace, I get:

      #0 mapPropertyKey (mapping=0x7fffb41be938, key=0x7fffb41be930) at /home/carl/kde6/src/qtdeclarative/src/qml/jsruntime/qv4variantassociationobject.cpp:67
      #1 0x00007ffff40de656 in operator()<QMap<QString, QVariant> > (__closure=0x7ffffffe5c20, association=<optimized out>) at /home/carl/kde6/src/qtdeclarative/src/qml/jsruntime/qv4variantassociationobject.cpp:351
      #2 std::_invoke_impl<long long unsigned int, QV4::VariantAssociationObject::getElement(const QString&, bool*) const::<lambda(auto:47*)>&, QMap<QString, QVariant>*> (_f=...) at /usr/include/c++/14/bits/invoke.h:61
      #3 std::_invoke<QV4::VariantAssociationObject::getElement(const QString&, bool*) const::<lambda(auto:47*)>&, QMap<QString, QVariant>*> (_fn=...) at /usr/include/c++/14/bits/invoke.h:96
      #4 std::invoke<QV4::VariantAssociationObject::getElement(const QString&, bool*) const::<lambda(auto:47*)>&, QMap<QString, QVariant>*> (__fn=...) at /usr/include/c++/14/functional:120
      #5 visitVariantAssociation<long long unsigned int, QV4::VariantAssociationObject::getElement(const QString&, bool*) const::<lambda(auto:47*)>&, QV4::VariantAssociationObject::getElement(const QString&, bool*) const::<lambda(auto:47*)>&> (association=<optimized out>, mapCallable=..., hashCallable=...) at /home/carl/kde6/src/qtdeclarative/src/qml/jsruntime/qv4variantassociationobject.cpp:37
      #6 visitVariantAssociation<long long unsigned int, QV4::VariantAssociationObject::getElement(const QString&, bool*) const::<lambda(auto:47*)> > (association=<optimized out>, callable=...)
      at /home/carl/kde6/src/qtdeclarative/src/qml/jsruntime/qv4variantassociationobject.cpp:61
      #7 QV4::VariantAssociationObject::getElement (this=this@entry=0x7fffb41be920, key=Python Exception <class 'gdb.error'>: Invalid reinterpret_cast
      , hasProperty=hasProperty@entry=0x0) at /home/carl/kde6/src/qtdeclarative/src/qml/jsruntime/qv4variantassociationobject.cpp:336
      #8 0x00007ffff40decd7 in QV4::VariantAssociationObject::virtualGet (that=0x7fffb41be920, id=..., hasProperty=0x0) at /home/carl/kde6/src/qtdeclarative/src/qml/jsruntime/qv4variantassociationobject.cpp:197
      #9 0x00007ffff403d391 in QV4::Object::get (this=0x7fffb41be920, name=<optimized out>, hasProperty=0x0, receiver=0x7fffb41be920) at /home/carl/kde6/src/qtdeclarative/src/qml/jsruntime/qv4string_p.h:140
      #10 QV4::Lookup::getterFallback (lookup=<optimized out>, engine=0x555555bb5d90, object=<optimized out>) at /home/carl/kde6/src/qtdeclarative/src/qml/jsruntime/qv4lookup.cpp:241
      #11 0x00007fff940a2cef in ??? ()
      #12 0x0000000000000000 in ??? ()

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            diseraluca Luca Di Sera
            carl Carl Schwan
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes