Details
-
Bug
-
Resolution: Unresolved
-
P1: Critical
-
None
-
6.9.1
-
None
-
macOS
Description
Sometimes QMainWindowLayout's destructor accesses QMainWindowLayout::statusbar (in QMainWindowLayout::itemAt) after statusbar has been deleted.
In our application we can always trigger the crash by opening 2 documents and exiting the program. Although I can't provide a minimal reproducible example here, it's pretty obvious from the code how it can happen (source locations refer to the 6.9.1 release):
- QMainWindowLayout::~QMainWindowLayout() deletes its statusbar in qmainwindowlayout.cpp:2732
- Right after that it calls qDeleteAll(bars) (line 2739) to delete all its QTabBar's
- Deleting a QTabBar notifies its parent (the QMainWindowLayout) to have itself removed from it (qobject.cpp:2268)
- The event is received in QLayout::widgetEvent() which ends up calling removeWidgetRecursively(this, child) in qlayout.cpp:530
- removeWidgetRecursively calls QMainWindowLayout::itemAt(0) in qlayout.cpp:473 which returns its statusbar in qmainwindowlayout.cpp:2235 which is already destructed at that point
- removeWidgetRecursively calls the QLayoutItem::widget() virtual method of the destructed statusbar (which was a QWidgetItemV2) which results in EXC_BAD_ACCESS.
See attached picture for call stack,
