Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-136689

Crash in QImageData constructor due to race-condition

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • P1: Critical
    • None
    • 6.7.3
    • GUI: Painting
    • None
    • macOS, Windows

    Description

      Found this among our users' crash reports on Sentry

      Application Specific Information:
Fatal Error: EXC_BAD_ACCESS / KERN_INVALID_ADDRESS / 0x2a9

Thread 104707 Crashed:
0   QtGui                           0x1080b4fa8         QScreen::logicalDotsPerInchX (qscreen.cpp:235)
1   QtGui                           0x10824a27c         qt_defaultDpiX (qfont.cpp:119)
2   QtGui                           0x108015b04         [inlined] QImageData::QImageData (qimage.cpp:94)
3   QtGui                           0x108015b04         [inlined] QImageData::QImageData (qimage.cpp:99)
4   QtGui                           0x108015b04         [inlined] std::__1::make_unique[abi:un170006]<T> (unique_ptr.h:689)
5   QtGui                           0x108015b04         QImageData::create (qimage.cpp:123)
6   QtGui                           0x10801aaa0         [inlined] QImage::QImage (qimage.cpp:819)
7   QtGui                           0x10801aaa0         [inlined] QImage::QImage (qimage.cpp:818)
8   QtGui                           0x10801aaa0         [inlined] QImage::QImage (qimage.cpp:803)
9   QtGui                           0x10801aaa0         QImage::convertToFormat_helper (qimage.cpp:2210)
10  QtQuick                         0x10751e7b8         [inlined] QImage::convertToFormat (qimage.h:125)
11  QtQuick                         0x10751e7b8         QQuickDefaultTextureFactory::QQuickDefaultTextureFactory (qquickpixmapcache.cpp:125)
12  QtQuick                         0x1075224b4         QQuickPixmapReader::processJob (qquickpixmapcache.cpp:916)
13  QtQuick                         0x1075210d0         QQuickPixmapReader::processJobs (qquickpixmapcache.cpp:861)
14  QtQuick                         0x1075209d4         ReaderThreadExecutionEnforcer::event (qquickpixmapcache.cpp:759)
15  QtCore                          0x108d2ba18         QCoreApplicationPrivate::notify_helper (qcoreapplication.cpp:1326)
16  QtCore                          0x108d2b4c8         QCoreApplication::notifyInternal2 (qcoreapplication.cpp:1152)
17  QtCore                          0x108d2c484         [inlined] QCoreApplication::sendEvent (qcoreapplication.cpp:1593)
18  QtCore                          0x108d2c484         QCoreApplicationPrivate::sendPostedEvents (qcoreapplication.cpp:1951)
19  QtCore                          0x108ea1c04         QEventDispatcherUNIX::processEvents (qeventdispatcher_unix.cpp:415)
20  QtCore                          0x108d34de4         [inlined] QEventLoop::processEvents (qeventloop.cpp:100)
21  QtCore                          0x108d34de4         QEventLoop::exec (qeventloop.cpp:182)
22  QtCore                          0x108e0f7fc         QThread::exec (qthread.cpp:586)
23  QtQuick                         0x1075233d8         QQuickPixmapReader::run (qquickpixmapcache.cpp:1163)
24  QtCore                          0x108e9fd70         [inlined] QThreadPrivate::start::lambda::operator() (qthread_unix.cpp:323)
25  QtCore                          0x108e9fd70         [inlined] (anonymous namespace)::terminate_on_exception<T> (qthread_unix.cpp:259)
26  QtCore                          0x108e9fd70         QThreadPrivate::start (qthread_unix.cpp:282)
27  libsystem_pthread.dylib         0x19db4c2e0         _pthread_deallocate
28  libsystem_pthread.dylib         0x19db470f8         pthread_key_init_np

      A crash occurred in qt_defaultDpiX() when accessing a screen variable that is apparently destroyed at the same time in the UI thread (e.g. when disconnecting an external monitor).

      Q_GUI_EXPORT int qt_defaultDpiX()
{
    if (QCoreApplication::instance()->testAttribute(Qt::AA_Use96Dpi))
        return 96;

    if (qt_is_tty_app)
        return 75;

    if (const QScreen *screen = QGuiApplication::primaryScreen())
        return qRound(screen->logicalDotsPerInchX());  <------ CRASH

    //PI has not been initialised, or it is being initialised. Give a default dpi
    return 100;
}

      Main thread:

        libsystem_kernel    0x19db0aed0  null
  QtCore              0x108ea42dc  QBasicMutex::lockInternal (qmutex.cpp:666)
  QtCore              0x108ea42dc  QBasicMutex::lockInternal (qmutex.cpp:653)
  QtQuick             0x107523150  QBasicMutex::lock (qmutex.h:41)
  QtQuick             0x107523150  QMutexLocker<T>::QMutexLocker (qmutex.h:223)
  QtQuick             0x107523150  QMutexLocker<T>::QMutexLocker (qmutex.h:220)
  QtQuick             0x107523150  QQuickPixmapReader::cancel (qquickpixmapcache.cpp:1115)
  QtQuick             0x107523c10  QQuickPixmapData::release (qquickpixmapcache.cpp:1458)
  QtQuick             0x107528ecc  QQuickPixmap::clear (qquickpixmapcache.cpp:1998)
  QtQuick             0x10737a978  QQuickImageBase::loadPixmap (qquickimagebase.cpp:292)
  QtQml               0x107a3711c  QQmlPropertyData::writeProperty (qqmlpropertydata_p.h:376)
  QtQml               0x107acd7dc  tryConvertAndAssign (qqmlproperty.cpp:1434)
  QtQml               0x107acd7dc  QQmlPropertyPrivate::write (qqmlproperty.cpp:1544)
  QtQml               0x107a33f70  QQmlBinding::slowWrite (qqmlbinding.cpp:547)
  QtQml               0x107a3bca4  GenericBinding<T>::write (qqmlbinding.cpp:275)
  QtQml               0x107a347c8  QQmlBinding::doUpdate (qqmlbinding.cpp:708)
  QtQml               0x107a3271c  QQmlBinding::update (qqmlbinding.cpp:165)
  QtQml               0x107aae6d8  QQmlNotifier::emitNotify (qqmlnotifier.cpp:70)
  QtCore              0x108d76a8c  doActivate<T> (qobject.cpp:3976)
  QtQuick             0x1073cc99c  QQuickScreenInfo::devicePixelRatioChanged (moc_qquickscreen_p.cpp:485)
  QtQuick             0x1073cc99c  QQuickScreenInfo::setWrappedScreen (qquickscreen.cpp:350)
  QtQuick             0x1073cde50  QQuickScreenAttached::screenChanged (qquickscreen.cpp:418)
  QtQuick             0x1073cde50  QQuickScreenAttached::qt_static_metacall (moc_qquickscreen_p.cpp:591)
  QtQuick             0x1073cde50  QQuickScreenAttached::qt_metacall (moc_qquickscreen_p.cpp:619)
  QtCore              0x108d76ef4  doActivate<T> (qobject.cpp:4112)
  QtGui               0x1080c0e34  QWindow::screenChanged (moc_qwindow.cpp:817)
  QtGui               0x1080c0e34  QWindowPrivate::emitScreenChangedRecursion (qwindow.cpp:496)
  QtGui               0x1080cae58  QWindowSystemInterface::handleScreenRemoved (qwindowsysteminterface.cpp:770)
  libqcocoa           0x107d103e4  QCocoaScreen::remove (qcocoascreen.mm:186)
  libqcocoa           0x107d0ea34  QCocoaScreen::updateScreens (qcocoascreen.mm:139)
  libqcocoa           0x107d255d4  QCocoaWindow::windowDidChangeScreen (qcocoawindow.mm:1354)
  QtCore              0x108d36e44  QMetaMethodInvoker::invokeImpl (qmetaobject.cpp:2754)
  QtCore              0x108d3b6e0  QMetaMethod::invokeImpl (qmetaobject.cpp:2593)
  libqcocoa           0x107d28a88  QMetaMethod::invoke<T> (qmetaobject.h:148)
  libqcocoa           0x107d28a88  QMetaMethod::invoke<T> (qmetaobject.h:160)
  libqcocoa           0x107d28a88  qRegisterNotificationCallbacks (qcocoawindow.mm:88)
...

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            vgt Eirik Aavitsland
            studiosus Vladimir Belyavsky
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:

              Gerrit Reviews

                There are no open Gerrit changes