Loading...

Details

Type: Bug
Resolution: Incomplete
Priority: Not Evaluated
Fix Version/s: None
Affects Version/s: 4.7.4, 4.8.0
Component/s: (Inactive) GUI: QWS Integration (Qt4), GUI: Painting, QPA: DirectFB
Labels:
None
Environment:

Hide
Ubuntu 11.04, framebuffer only. Occurs with both 4.8.0rc1 and 4.7.4. Doesn't occur when "gtk" is selected as the style.

configure -embedded -fast -opensource -optimized-qmake -no-exceptions -no-multimedia -no-phonon -no-phonon-backend -no-webkit -no-opengl -qvfb -confirm-license -qt-mouse-pc -qt-mouse-linuxtp -qt-mouse-linuxinput -qt-mouse-tslib -qt-mouse-qvfb -debug -nomake demos -nomake examples -nomake docs -no-qt3support -no-xmlpatterns -no-declarative -no-script -no-scripttools -no-pch

Show
Ubuntu 11.04, framebuffer only. Occurs with both 4.8.0rc1 and 4.7.4. Doesn't occur when "gtk" is selected as the style. configure -embedded -fast -opensource -optimized-qmake -no-exceptions -no-multimedia -no-phonon -no-phonon-backend -no-webkit -no-opengl -qvfb -confirm-license -qt-mouse-pc -qt-mouse-linuxtp -qt-mouse-linuxinput -qt-mouse-tslib -qt-mouse-qvfb -debug -nomake demos -nomake examples -nomake docs -no-qt3support -no-xmlpatterns -no-declarative -no-script -no-scripttools -no-pch

Description

In the first line of QRasterPaintEngine::fillRect(const QRectF &r, const QBrush &brush), the pointer to the state-object is retrieved. Apparently, this pointer can be 0, but no check is made. This causes the code to blow up further along. Checking the result of state() before using it avoids the crash, but I'm not sure if this is really the root cause of the problem:

  void QRasterPaintEngine::fillRect(const QRectF &r, const QBrush &brush)
  {
  #ifdef QT_DEBUG_DRAW
      qDebug() << "QRasterPaintEngine::fillRecct(): " << r << brush;
  #endif
      QRasterPaintEngineState *s = state();
+     if(!s)
+         return;
 
      ensureBrush(brush);
      if (!s->brushData.blend)
          return;

      fillRect(r, &s->brushData);
  }

We tried (unsuccessfully) to reproduce this problem under Windows and X11. Also, valgrind isn't of much help. It seems to be in the framebuffer code somewhere. What we did notice is that if we use a different style (starting the application with "-style gtk" added to the arguments) the crash is avoided.

In this case, we are trying to paint a QComboBox in a TableView widget in the right-most column. This usually works without a hitch, but apparently this is a corner-case. The stacktrace from gdb:

#0  0x01179d20 in QScopedPointer<QBrushData, QBrushDataPointerDeleter>::data (this=0x238)
    at ../../include/QtCore/../../src/corelib/tools/qscopedpointer.h:135
#1  0x01179f72 in operator==<QBrushData, QBrushDataPointerDeleter> (lhs=..., rhs=...) at ../../include/QtCore/../../src/corelib/tools/qscopedpointer.h:176
#2  0x0123ddec in qbrush_fast_equals (a=..., b=...) at ../../include/QtGui/private/../../../src/gui/painting/qpainter_p.h:95
#3  0x0123e252 in QRasterPaintEngine::ensureBrush (this=0x9dd6a18, brush=...)
    at ../../include/QtGui/private/../../../src/gui/painting/qpaintengine_raster_p.h:273
#4  0x0123243a in QRasterPaintEngine::fillRect (this=0x9dd6a18, r=..., brush=...) at painting/qpaintengine_raster.cpp:1804
#5  0x011ba2d7 in QPainter::fillRect (this=0xbfee79e4, r=..., brush=...) at painting/qpainter.cpp:7136
#6  0x01417901 in QCommonStyle::drawPrimitive (this=0x9dcf300, pe=QStyle::PE_PanelItemViewRow, opt=0xbfee77d8, p=0xbfee79e4, widget=0xa0edad8)
    at styles/qcommonstyle.cpp:768
#7  0x014c58e4 in QWindowsStyle::drawPrimitive (this=0x9dcf300, pe=QStyle::PE_PanelItemViewRow, opt=0xbfee77d8, p=0xbfee79e4, w=0xa0edad8)
    at styles/qwindowsstyle.cpp:1792
#8  0x0147ba70 in QPlastiqueStyle::drawPrimitive (this=0x9dcf300, element=QStyle::PE_PanelItemViewRow, option=0xbfee77d8, painter=0xbfee79e4, 
    widget=0xa0edad8) at styles/qplastiquestyle.cpp:1991
#9  0x01455704 in QStyleSheetStyle::drawPrimitive (this=0xa0f2190, pe=QStyle::PE_PanelItemViewRow, opt=0xbfee77d8, p=0xbfee79e4, w=0xa0edad8)
    at styles/qstylesheetstyle.cpp:4439
#10 0x0168caea in QTableViewPrivate::drawCell (this=0xa0f3ce0, painter=0xbfee79e4, option=..., index=...) at itemviews/qtableview.cpp:927
#11 0x0168e6dd in QTableView::paintEvent (this=0xa0edad8, event=0xbfee8298) at itemviews/qtableview.cpp:1414
#12 0x010ade34 in QWidget::event (this=0xa0edad8, event=0xbfee8298) at kernel/qwidget.cpp:8496
#13 0x0152e996 in QFrame::event (this=0xa0edad8, e=0xbfee8298) at widgets/qframe.cpp:557
#14 0x015c012f in QAbstractScrollArea::viewportEvent (this=0xa0edad8, e=0xbfee8298) at widgets/qabstractscrollarea.cpp:1043
#15 0x01658082 in QAbstractItemView::viewportEvent (this=0xa0edad8, event=0xbfee8298) at itemviews/qabstractitemview.cpp:1644
#16 0x015c0d23 in QAbstractScrollAreaPrivate::viewportEvent (this=0xa0f3ce0, event=0xbfee8298) at widgets/qabstractscrollarea_p.h:100
#17 0x015c0dd6 in QAbstractScrollAreaFilter::eventFilter (this=0xa0f4f68, o=0xa0f4088, e=0xbfee8298) at widgets/qabstractscrollarea_p.h:116
#18 0x0067c931 in QCoreApplicationPrivate::sendThroughObjectEventFilters (this=0x9dbe5b8, receiver=0xa0f4088, event=0xbfee8298)
    at kernel/qcoreapplication.cpp:986
#19 0x0105b234 in QApplicationPrivate::notify_helper (this=0x9dbe5b8, receiver=0xa0f4088, e=0xbfee8298) at kernel/qapplication.cpp:4514
#20 0x0105b0cd in QApplication::notify (this=0xbfeea5a0, receiver=0xa0f4088, e=0xbfee8298) at kernel/qapplication.cpp:4483
#21 0x0067c6f1 in QCoreApplication::notifyInternal (this=0xbfeea5a0, receiver=0xa0f4088, event=0xbfee8298) at kernel/qcoreapplication.cpp:876
#22 0x0105d6ff in QCoreApplication::sendSpontaneousEvent (receiver=0xa0f4088, event=0xbfee8298)
    at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:234
#23 0x010a6db5 in QWidgetPrivate::drawWidget (this=0xa0f40a0, pdev=0x9e92874, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x9e928e0)
    at kernel/qwidget.cpp:5573
#24 0x010a7991 in QWidgetPrivate::paintSiblingsRecursive (this=0xa0f3ce0, pdev=0x9e92874, siblings=..., index=0, rgn=..., offset=..., flags=4, 
    sharedPainter=0x0, backingStore=0x9e928e0) at kernel/qwidget.cpp:5782
#25 0x010a712c in QWidgetPrivate::drawWidget (this=0xa0f3ce0, pdev=0x9e92874, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x9e928e0)
    at kernel/qwidget.cpp:5626
#26 0x010a7991 in QWidgetPrivate::paintSiblingsRecursive (this=0xa0f39f8, pdev=0x9e92874, siblings=..., index=0, rgn=..., offset=..., flags=4, 
    sharedPainter=0x0, backingStore=0x9e928e0) at kernel/qwidget.cpp:5782
#27 0x010a712c in QWidgetPrivate::drawWidget (this=0xa0f39f8, pdev=0x9e92874, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x9e928e0)
    at kernel/qwidget.cpp:5626
#28 0x010a7991 in QWidgetPrivate::paintSiblingsRecursive (this=0xa0f10a0, pdev=0x9e92874, siblings=..., index=0, rgn=..., offset=..., flags=4, 
    sharedPainter=0x0, backingStore=0x9e928e0) at kernel/qwidget.cpp:5782
#29 0x010a712c in QWidgetPrivate::drawWidget (this=0xa0f10a0, pdev=0x9e92874, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x9e928e0)
    at kernel/qwidget.cpp:5626
#30 0x010a7991 in QWidgetPrivate::paintSiblingsRecursive (this=0xa0f0ef0, pdev=0x9e92874, siblings=..., index=0, rgn=..., offset=..., flags=4, 
    sharedPainter=0x0, backingStore=0x9e928e0) at kernel/qwidget.cpp:5782
#31 0x010a712c in QWidgetPrivate::drawWidget (this=0xa0f0ef0, pdev=0x9e92874, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x9e928e0)
    at kernel/qwidget.cpp:5626
#32 0x010a7991 in QWidgetPrivate::paintSiblingsRecursive (this=0xa0eaf58, pdev=0x9e92874, siblings=..., index=1, rgn=..., offset=..., flags=4, 
    sharedPainter=0x0, backingStore=0x9e928e0) at kernel/qwidget.cpp:5782
#33 0x010a712c in QWidgetPrivate::drawWidget (this=0xa0eaf58, pdev=0x9e92874, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x9e928e0)
    at kernel/qwidget.cpp:5626
#34 0x010a7991 in QWidgetPrivate::paintSiblingsRecursive (this=0xa0e3438, pdev=0x9e92874, siblings=..., index=1, rgn=..., offset=..., flags=4, 
    sharedPainter=0x0, backingStore=0x9e928e0) at kernel/qwidget.cpp:5782
#35 0x010a712c in QWidgetPrivate::drawWidget (this=0xa0e3438, pdev=0x9e92874, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x9e928e0)
    at kernel/qwidget.cpp:5626
#36 0x010a7991 in QWidgetPrivate::paintSiblingsRecursive (this=0xa0e3248, pdev=0x9e92874, siblings=..., index=0, rgn=..., offset=..., flags=4, 
    sharedPainter=0x0, backingStore=0x9e928e0) at kernel/qwidget.cpp:5782
#37 0x010a712c in QWidgetPrivate::drawWidget (this=0xa0e3248, pdev=0x9e92874, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x9e928e0)
    at kernel/qwidget.cpp:5626
#38 0x010a7991 in QWidgetPrivate::paintSiblingsRecursive (this=0xa0d5548, pdev=0x9e92874, siblings=..., index=0, rgn=..., offset=..., flags=4, 
    sharedPainter=0x0, backingStore=0x9e928e0) at kernel/qwidget.cpp:5782
#39 0x010a712c in QWidgetPrivate::drawWidget (this=0xa0d5548, pdev=0x9e92874, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x9e928e0)
    at kernel/qwidget.cpp:5626
#40 0x010a7991 in QWidgetPrivate::paintSiblingsRecursive (this=0x9e96600, pdev=0x9e92874, siblings=..., index=4, rgn=..., offset=..., flags=4, 
    sharedPainter=0x0, backingStore=0x9e928e0) at kernel/qwidget.cpp:5782
#41 0x010a712c in QWidgetPrivate::drawWidget (this=0x9e96600, pdev=0x9e92874, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x9e928e0)
    at kernel/qwidget.cpp:5626
#42 0x010a7991 in QWidgetPrivate::paintSiblingsRecursive (this=0x9e93050, pdev=0x9e92874, siblings=..., index=0, rgn=..., offset=..., flags=4, 
    sharedPainter=0x0, backingStore=0x9e928e0) at kernel/qwidget.cpp:5782
#43 0x010a712c in QWidgetPrivate::drawWidget (this=0x9e93050, pdev=0x9e92874, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x9e928e0)
    at kernel/qwidget.cpp:5626
#44 0x010a7991 in QWidgetPrivate::paintSiblingsRecursive (this=0x9e92ae8, pdev=0x9e92874, siblings=..., index=0, rgn=..., offset=..., flags=4, 
    sharedPainter=0x0, backingStore=0x9e928e0) at kernel/qwidget.cpp:5782
#45 0x010a712c in QWidgetPrivate::drawWidget (this=0x9e92ae8, pdev=0x9e92874, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x9e928e0)
    at kernel/qwidget.cpp:5626
#46 0x010a7991 in QWidgetPrivate::paintSiblingsRecursive (this=0x9e8f7f0, pdev=0x9e92874, siblings=..., index=4, rgn=..., offset=..., flags=4, 
    sharedPainter=0x0, backingStore=0x9e928e0) at kernel/qwidget.cpp:5782
#47 0x010a712c in QWidgetPrivate::drawWidget (this=0x9e8f7f0, pdev=0x9e92874, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x9e928e0)
    at kernel/qwidget.cpp:5626
#48 0x010a7991 in QWidgetPrivate::paintSiblingsRecursive (this=0x9e8f3c0, pdev=0x9e92874, siblings=..., index=2, rgn=..., offset=..., flags=4, 
    sharedPainter=0x0, backingStore=0x9e928e0) at kernel/qwidget.cpp:5782
#49 0x010a712c in QWidgetPrivate::drawWidget (this=0x9e8f3c0, pdev=0x9e92874, rgn=..., offset=..., flags=5, sharedPainter=0x0, backingStore=0x9e928e0)
    at kernel/qwidget.cpp:5626
#50 0x012a629d in QWidgetBackingStore::sync (this=0x9e928e0) at painting/qbackingstore.cpp:1373
#51 0x0109ee95 in QWidgetPrivate::syncBackingStore (this=0x9e8f3c0) at kernel/qwidget.cpp:1890
#52 0x010ae2c9 in QWidget::event (this=0x9e82718, event=0xa0d7730) at kernel/qwidget.cpp:8643
#53 0x080742ea in MainScreenWidget::event (this=0x9e82718, ev=0xa0d7730) at view/src/mainscreenwidget.cpp:1000
#54 0x0105b258 in QApplicationPrivate::notify_helper (this=0x9dbe5b8, receiver=0x9e82718, e=0xa0d7730) at kernel/qapplication.cpp:4518
#55 0x0105b0cd in QApplication::notify (this=0xbfeea5a0, receiver=0x9e82718, e=0xa0d7730) at kernel/qapplication.cpp:4483
#56 0x0067c6f1 in QCoreApplication::notifyInternal (this=0xbfeea5a0, receiver=0x9e82718, event=0xa0d7730) at kernel/qcoreapplication.cpp:876
#57 0x0813294d in QCoreApplication::sendEvent (receiver=0x9e82718, event=0xa0d7730)
    at /usr/local/Trolltech/QtEmbedded-4.8.0/include/QtCore/qcoreapplication.h:231
#58 0x0067d547 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x9dbe688) at kernel/qcoreapplication.cpp:1497
#59 0x006afea7 in QEventDispatcherUNIX::processEvents (this=0x9dbf088, flags=...) at kernel/qeventdispatcher_unix.cpp:898
#60 0x010de366 in QEventDispatcherQWS::processEvents (this=0x9dbf088, flags=...) at kernel/qeventdispatcher_qws.cpp:132
#61 0x0067a60d in QEventLoop::processEvents (this=0xbfeea4cc, flags=...) at kernel/qeventloop.cpp:149
#62 0x0067a77f in QEventLoop::exec (this=0xbfeea4cc, flags=...) at kernel/qeventloop.cpp:200
#63 0x0067cd44 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1148
#64 0x01058af6 in QApplication::exec () at kernel/qapplication.cpp:3779
#65 0x0805d380 in main (argc=3, argv=0xbfeea6c4) at src/main.cpp:48

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

qpaintengine_raster.cpp.patch
0.5 kB
17 Oct '11 11:37

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Missing QRasterPaintEngineState causes crash in QRasterPaintEngine::fillRect(const QRectF &r, const QBrush &brush) using QWS

Details

Description

Attachments

Attachments

Gerrit Reviews

Activity

People

Dates

Gerrit Reviews