Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-26261

Disconnecting a C++ signal from a QtScript slot while an event is still queued for the QtScript function causes a crash.

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P2: Important
    • 4.8.3, 5.0.0
    • 4.8.1, 4.8.2
    • Qt Script
    • None
    • This has been reproduced on ubuntu linux 11.10 with gcc 4.6.1 using qt-everywhere-opensource-src-4.8.1.zip compiled with ./configure --debug
      as well as qt-everywhere-opensource-src-4.8.2.tar compiled with ./configure -debug -fontconfig
    • c89315da2e836fe67c4228cfb73c25a68b0a3a95

    Description

      The summary actually describes the entire bug but is rare because the event is only queued if the signal is called from a separate thread. However, the script functions are never directly called from a different thread. I attached a unit test with 2 different ways of creating the connection which will each trigger a QFATAL when run due to assertion failure.

      Steps to reproduce:
      Connect a C++ signal to a Qt script function
      Call the signal that was connected from another thread so it is queued up to be executed when the event loop resumes.
      Disconnect the C++ signal from the Qt script function
      Reenter the event loop - the program will crash with a failed assertion

      Inspecting the source code suggests (though I am not sure that this is caused by a combination of decisions:
      1: Disconnecting a slot doesn't cancel events that have already been queued (you can receive them after calling disconnect)
      2: QtScript::QObjectConnectionManager assigns slot indexes dynamically - once the slot is disconnected, it "forgets" what that slot index applied to.
      Therefore when it receives the queued message it assumes it is invalid as it corresponds to no known slot index.

      This only occurs if the signal is sent from a different thread as signals sent in the same script automatically run using a directconnection (and are never queued).

      Stack trace:

      0	__kernel_vsyscall		0	0x130416	
      1	raise	/lib/i386-linux-gnu/libc.so.6	0	0x16fec8f	
      2	abort	/lib/i386-linux-gnu/libc.so.6	0	0x17022b5	
      3	qt_message_output	qglobal.cpp	2252	0x12f0177	
      4	qt_message	qglobal.cpp	2298	0x12f0316	
      5	qFatal	qglobal.cpp	2481	0x12f0742	
      6	qt_assert	qglobal.cpp	1999	0x12efd2e	
      7	QScript::QObjectConnectionManager::execute	qscriptqobject.cpp	2092	0x1c0e4a0	
      8	QScript::QObjectConnectionManager::qt_metacall	qscriptqobject.cpp	2066	0x1c0e33b	
      9	QMetaObject::metacall	qmetaobject.cpp	245	0x1422e94	
      10	QMetaCallEvent::placeMetaCall	qobject.cpp	527	0x14312b3	
      11	QObject::event	qobject.cpp	1195	0x1432318	
      12	QApplicationPrivate::notify_helper	qapplication.cpp	4554	0x6f8d42	
      13	QApplication::notify	qapplication.cpp	3936	0x6f6640	
      14	QCoreApplication::notifyInternal	qcoreapplication.cpp	876	0x141b4ca	
      15	QCoreApplication::sendEvent	qcoreapplication.h	231	0x256243	
      16	QCoreApplicationPrivate::sendPostedEvents	qcoreapplication.cpp	1500	0x141c3c6	
      17	QEventDispatcherUNIX::processEvents	qeventdispatcher_unix.cpp	898	0x1453e8d	
      18	QEventLoop::processEvents	qeventloop.cpp	149	0x1419049	
      19	QEventLoop::exec	qeventloop.cpp	204	0x14191b7	
      20	QThread::exec	qthread.cpp	501	0x12f9e95	
      

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            kenthans Kent Hansen (Inactive)
            matthewelveyprice Matthew Elvey Price
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes