Details
-
Bug
-
Resolution: Done
-
P1: Critical
-
4.7.4, 4.8.0, 5.0.0 Beta 1, 5.0.0
-
Windows XP, Linux Ubuntu x86, OSX
Qt 4.8
Linux, Qt 5
Description
Note: this issue seems to have been triggered in Qt Creator by change: http://codereview.qt-project.org/#change,12027 . The crash appears on all Desktop platforms. We will most likely temporarily revert the commit in Qt Creator in order to circumvent the trouble.
QDeclarativeGridView crashes in the WelcomeScreen of Qt Creator.
The crash seems to depend on the screen size and the size of the GridView. Also the number of items in the model and the type of the model play a role.
This is the reason why we cannot provide a reliable isolated test case.
stack trace:
0 QScopedPointer<QObjectData,QScopedPointerDeleter<QObjectData> >::data qscopedpointer.h 135 0x670399fa 1 qGetPtrHelper<QScopedPointer<QObjectData,QScopedPointerDeleter<QObjectData> > > qglobal.h 2428 0x6702438b 2 QObject::d_func qobject.h 115 0x670317e3 3 QMetaObject::activate qobject.cpp 3456 0x672100a8 4 QDeclarativeGridViewAttached::add moc_qdeclarativegridview_p.cpp 666 0x2d5b28a 5 QDeclarativeGridViewAttached::emitAdd qdeclarativegridview_p.h 262 0x2b60b6f 6 QDeclarativeGridView::itemsInserted qdeclarativegridview.cpp 2905 0x2b5bcd0 7 QDeclarativeGridView::qt_static_metacall moc_qdeclarativegridview_p.cpp 287 0x2d5a492 8 QMetaObject::activate qobject.cpp 3547 0x67210484 9 QDeclarativeVisualModel::itemsInserted moc_qdeclarativevisualitemmodel_p.cpp 154 0x2d6a0b1 10 QDeclarativeVisualDataModel::_q_itemsInserted qdeclarativevisualitemmodel.cpp 1281 0x2bb65c2 11 QDeclarativeVisualDataModel::_q_rowsInserted qdeclarativevisualitemmodel.cpp 1364 0x2bb6ab3 12 QDeclarativeVisualDataModel::qt_static_metacall moc_qdeclarativevisualitemmodel_p.cpp 403 0x2d6a5fe 13 QMetaObject::activate qobject.cpp 3547 0x67210484 14 QAbstractItemModel::rowsInserted moc_qabstractitemmodel.cpp 197 0x6728b5a6 15 QAbstractItemModel::endInsertRows qabstractitemmodel.cpp 2434 0x671de361 16 QSortFilterProxyModelPrivate::insert_source_items qsortfilterproxymodel.cpp 696 0x65833686 17 QSortFilterProxyModelPrivate::source_items_inserted qsortfilterproxymodel.cpp 807 0x65833c04 18 QSortFilterProxyModelPrivate::_q_sourceRowsInserted qsortfilterproxymodel.cpp 1281 0x6583562d 19 QSortFilterProxyModel::qt_static_metacall moc_qsortfilterproxymodel.cpp 114 0x658395d9 20 QMetaObject::activate qobject.cpp 3547 0x67210484 21 QAbstractItemModel::rowsInserted moc_qabstractitemmodel.cpp 197 0x6728b5a6 22 QAbstractItemModel::endInsertRows qabstractitemmodel.cpp 2434 0x671de361 23 QtSupport::Internal::ExamplesListModel::addItems exampleslistmodel.cpp 345 0x3954a0d 24 QtSupport::Internal::ExamplesListModel::readNewsItems exampleslistmodel.cpp 255 0x39538d0 25 QtSupport::Internal::ExamplesListModel::helpInitialized exampleslistmodel.cpp 411 0x395507f 26 QtSupport::Internal::ExamplesListModel::qt_static_metacall moc_exampleslistmodel.cpp 65 0x395de79 27 QMetaObject::activate qobject.cpp 3547 0x67210484 28 Core::HelpManager::setupFinished moc_helpmanager.cpp 113 0xe8fa0a 29 Core::HelpManager::setupHelpManager helpmanager.cpp 425 0xe4b4cb 30 Core::HelpManager::qt_static_metacall moc_helpmanager.cpp 69 0xe8f8f1 31 QMetaObject::activate qobject.cpp 3547 0x67210484 32 Core::ICore::coreOpened moc_icore.cpp 123 0xe8b98a 33 Core::Internal::MainWindow::extensionsInitialized mainwindow.cpp 371 0xd49762 34 Core::Internal::CorePlugin::extensionsInitialized coreplugin.cpp 106 0xdfa886 35 ExtensionSystem::Internal::PluginSpecPrivate::initializeExtensions pluginspec.cpp 1012 0x1001e06b 36 ExtensionSystem::Internal::PluginManagerPrivate::loadPlugin pluginmanager.cpp 1053 0x10011089 37 ExtensionSystem::Internal::PluginManagerPrivate::loadPlugins pluginmanager.cpp 945 0x1001012d 38 ExtensionSystem::PluginManager::loadPlugins pluginmanager.cpp 329 0x1000ca92 39 main main.cpp 374 0x40647f 40 __tmainCRTStartup crtexe.c 586 0x40b018 41 mainCRTStartup crtexe.c 403 0x40ae5f 42 BaseProcessStart kernel32 0x7c817077
The reason for the crash lies in QDeclarativeGridView::itemsInserted()
// everything is in order now - emit add() signal for (int j = 0; j < added.count(); ++j) added.at(j)->attached->emitAdd();
debugger context:
added.count() == 32
j == 31
The last item of added has been deleted by setCurrentIndex(0).
Since the last item has been deleted we access a dangling pointer and crash.
setCurrentIndex(0);
calls
d->layout();
this one calls
q->refill();
and this one finally calls
d->refill();
The deletion of the item is done in releaseItem(item);.
The reason for the crash is that we have two conditions:
item->rowPos() > bufferTo + rowSize()*(columns - item->colPos()/colSize())/(columns+1))
and
rowPos <= to + d->rowSize()*(d->columns - (colPos/d->colSize()))/qreal(d->columns)
The conditions are off by one.
If the two conditions match, the crash disappears.
Attachments
Issue Links
- is required for
-
QTCREATORBUG-6803 Crash on launch if Welcomecomescreen/examples was opened
- Closed