Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-132926

Guard WinTimerInfo::obj with a QPointer

    XMLWordPrintable

Details

    • Windows

    Description

      A customer managed to trigger a crash in a complex application that contains nested event loops:

      MyApp.exe!QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject * receiver, QEvent * event) Zeile 1299 C++
MyApp.exe!QApplicationPrivate::notify_helper(QObject * receiver, QEvent * e) Zeile 3290 C++
MyApp.exe!QApplication::notify(QObject * receiver, QEvent * e) Zeile 3247 C++
MyApp.exe!QCoreApplication::notifyInternal2(QObject * receiver, QEvent * event) Zeile 1168 C++
[Inlineframe] MyApp.exe!QCoreApplication::sendEvent(QObject *) Zeile 1612 C++
> MyApp.exe!QEventDispatcherWin32::event(QEvent * e) Zeile 866 C++
MyApp.exe!QApplicationPrivate::notify_helper(QObject * receiver, QEvent * e) Zeile 3300 C++
MyApp.exe!QApplication::notify(QObject * receiver, QEvent * e) Zeile 3247 C++
MyApp.exe!QCoreApplication::notifyInternal2(QObject * receiver, QEvent * event) Zeile 1168 C++
[Inlineframe] MyApp.exe!QCoreApplication::sendEvent(QObject *) Zeile 1612 C++
MyApp.exe!QCoreApplicationPrivate::sendPostedEvents(QObject * receiver, int event_type, QThreadData * data) Zeile 1968 C++
[Inlineframe] MyApp.exe!QEventDispatcherWin32::sendPostedEvents() Zeile 899 C++
MyApp.exe!QWindowsGuiEventDispatcher::sendPostedEvents() Zeile 44 C++
MyApp.exe!QEventDispatcherWin32::processEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags) Zeile 470 C++
MyApp.exe!QWindowsGuiEventDispatcher::processEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags) Zeile 37 C++
[Inlineframe] MyApp.exe!QEventLoop::processEvents(QFlags<enum QEventLoop::ProcessEventsFlag>) Zeile 103 C++
MyApp.exe!QEventLoop::exec(QFlags<enum QEventLoop::ProcessEventsFlag> flags) Zeile 193 C++

       

      QEventDispatcherWin32::event() was called with a receiver that has already been destroyed:

      bool QEventDispatcherWin32::event(QEvent *e)
{
    Q_D(QEventDispatcherWin32);
    switch (e->type()) {
    case QEvent::ZeroTimerEvent: {
    QZeroTimerEvent *zte = static_cast<QZeroTimerEvent*>(e);
    WinTimerInfo *t = d->timerDict.value(zte->timerId());
    if (t) {
        t->inTimerEvent = true;

        QTimerEvent te(zte->timerId());
        QCoreApplication::sendEvent(t->obj, &te); // t->obj was a dangling pointer
        // ...

       

      Suggestion
      Make WinTimerInfo::obj a QPointer instead of a raw pointer

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-124496 QObject::timerEvent may be called before the timer elapsed

          • P1: Critical - Urgent and Important, will STOP the release if matched with set FixVersion field. This includes regressions from the last version that are not edge cases; Data loss; Build issues; All but the most unlikely crashes/lockups/hanging; Serious usability issues and embarrassing bugs & Bugs critical to a deliverable. This is the highest possible priority for requirements.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              thiago Thiago Macieira
              skoh-qt Sze Howe Koh
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes