Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-36798

Regression: crash in QtQml

    XMLWordPrintable

Details

    • 60d66bea87b72e66e7c466e1c27f966762e1fd5a

    Description

      An application that works correctly in Qt 5.1 is crashing under Qt 5.2. The crash appears to be related to the following errors reported by memcheck:

      ==19695== Invalid read of size 4
==19695==    at 0x480D500: QFlagPointer<QQmlJavaScriptExpressionGuard>::operator*() const (qflagpointer_p.h:227)
==19695==    by 0x480D08E: QForwardFieldList<QQmlJavaScriptExpressionGuard, &(QQmlJavaScriptExpressionGuard::next)>::prepend(QQmlJavaScriptExpressionGuard*) (qfieldlist_p.h:155)
==19695==    by 0x480C23C: QQmlJavaScriptExpression::GuardCapture::captureProperty(QObject*, int, int) (qqmljavascriptexpression.cpp:260)
==19695==    by 0x471C1D2: QQmlEnginePrivate::captureProperty(QObject*, int, int) (qqmlengine_p.h:542)
==19695==    by 0x471408C: QV4::QObjectWrapper::getProperty(QObject*, QV4::ExecutionContext*, QQmlPropertyData*, bool) (qv4qobjectwrapper.cpp:388)
==19695==    by 0x4713AD0: QV4::QObjectWrapper::getQmlProperty(QV4::ExecutionContext*, QQmlContextData*, QV4::String*, QV4::QObjectWrapper::RevisionMode, bool*, bool) (qv4qobjectwrapper.cpp:333)
==19695==    by 0x4715C09: QV4::QObjectWrapper::get(QV4::Managed*, QV4::Referenced<QV4::String>, bool*) (qv4qobjectwrapper.cpp:672)
==19695==    by 0x4683B37: QV4::Object::get(QV4::Referenced<QV4::String>, bool*) (qv4object_p.h:283)
==19695==    by 0x46938DE: QV4::__qmljs_get_property(QV4::ExecutionContext*, QV4::ValueRef, QV4::Referenced<QV4::String>) (qv4runtime.cpp:687)
==19695==    by 0x10D51A15: ???
==19695==    by 0x46C3E10: QV4::SimpleScriptFunction::call(QV4::Managed*, QV4::CallData*) (qv4functionobject.cpp:586)
==19695==    by 0x4683D16: QV4::FunctionObject::call(QV4::CallData*) (qv4functionobject_p.h:133)
==19695==  Address 0x10c5fe38 is 24 bytes inside a block of size 88 free'd
==19695==    at 0x402ACFC: operator delete(void*) (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==19695==    by 0x4815D51: QQmlBinding::~QQmlBinding() (qqmlbinding.cpp:203)
==19695==    by 0x4816BF3: void QQmlAbstractBinding::default_destroy<QQmlBinding>(QQmlAbstractBinding*, QQmlAbstractBinding::DestroyMode) (qqmlabstractbinding_p.h:223)
==19695==    by 0x471C243: QQmlAbstractBinding::destroy(QQmlAbstractBinding::DestroyMode) (qqmlabstractbinding_p.h:104)
==19695==    by 0x4714845: QV4::QObjectWrapper::setProperty(QObject*, QV4::ExecutionContext*, QQmlPropertyData*, QV4::ValueRef) (qv4qobjectwrapper.cpp:489)
==19695==    by 0x4715A79: QV4::QObjectWrapper::setProperty(QV4::ExecutionContext*, int, QV4::ValueRef) (qv4qobjectwrapper.cpp:647)
==19695==    by 0x469724F: QV4::__qmljs_set_qobject_property(QV4::ExecutionContext*, QV4::ValueRef, int, QV4::ValueRef) (qv4runtime.cpp:1317)
==19695==    by 0x10D5191B: ???
==19695==    by 0x46C3E10: QV4::SimpleScriptFunction::call(QV4::Managed*, QV4::CallData*) (qv4functionobject.cpp:586)
==19695==    by 0x4683D16: QV4::FunctionObject::call(QV4::CallData*) (qv4functionobject_p.h:133)
==19695==    by 0x46952F5: QV4::__qmljs_call_activation_property(QV4::ExecutionContext*, QV4::Referenced<QV4::String>, QV4::CallDataRef) (qv4runtime.cpp:889)
==19695==    by 0x10D4FF48: ???
==19695== 
==19695== Invalid read of size 4
==19695==    at 0x480D54C: QFlagPointer<QQmlJavaScriptExpressionGuard>::operator=(QQmlJavaScriptExpressionGuard*) (qflagpointer_p.h:214)
==19695==    by 0x480D0A2: QForwardFieldList<QQmlJavaScriptExpressionGuard, &(QQmlJavaScriptExpressionGuard::next)>::prepend(QQmlJavaScriptExpressionGuard*) (qfieldlist_p.h:156)
==19695==    by 0x480C23C: QQmlJavaScriptExpression::GuardCapture::captureProperty(QObject*, int, int) (qqmljavascriptexpression.cpp:260)
==19695==    by 0x471C1D2: QQmlEnginePrivate::captureProperty(QObject*, int, int) (qqmlengine_p.h:542)
==19695==    by 0x471408C: QV4::QObjectWrapper::getProperty(QObject*, QV4::ExecutionContext*, QQmlPropertyData*, bool) (qv4qobjectwrapper.cpp:388)
==19695==    by 0x4713AD0: QV4::QObjectWrapper::getQmlProperty(QV4::ExecutionContext*, QQmlContextData*, QV4::String*, QV4::QObjectWrapper::RevisionMode, bool*, bool) (qv4qobjectwrapper.cpp:333)
==19695==    by 0x4715C09: QV4::QObjectWrapper::get(QV4::Managed*, QV4::Referenced<QV4::String>, bool*) (qv4qobjectwrapper.cpp:672)
==19695==    by 0x4683B37: QV4::Object::get(QV4::Referenced<QV4::String>, bool*) (qv4object_p.h:283)
==19695==    by 0x46938DE: QV4::__qmljs_get_property(QV4::ExecutionContext*, QV4::ValueRef, QV4::Referenced<QV4::String>) (qv4runtime.cpp:687)
==19695==    by 0x10D51A15: ???
==19695==    by 0x46C3E10: QV4::SimpleScriptFunction::call(QV4::Managed*, QV4::CallData*) (qv4functionobject.cpp:586)
==19695==    by 0x4683D16: QV4::FunctionObject::call(QV4::CallData*) (qv4functionobject_p.h:133)
==19695==  Address 0x10c5fe38 is 24 bytes inside a block of size 88 free'd
==19695==    at 0x402ACFC: operator delete(void*) (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==19695==    by 0x4815D51: QQmlBinding::~QQmlBinding() (qqmlbinding.cpp:203)
==19695==    by 0x4816BF3: void QQmlAbstractBinding::default_destroy<QQmlBinding>(QQmlAbstractBinding*, QQmlAbstractBinding::DestroyMode) (qqmlabstractbinding_p.h:223)
==19695==    by 0x471C243: QQmlAbstractBinding::destroy(QQmlAbstractBinding::DestroyMode) (qqmlabstractbinding_p.h:104)
==19695==    by 0x4714845: QV4::QObjectWrapper::setProperty(QObject*, QV4::ExecutionContext*, QQmlPropertyData*, QV4::ValueRef) (qv4qobjectwrapper.cpp:489)
==19695==    by 0x4715A79: QV4::QObjectWrapper::setProperty(QV4::ExecutionContext*, int, QV4::ValueRef) (qv4qobjectwrapper.cpp:647)
==19695==    by 0x469724F: QV4::__qmljs_set_qobject_property(QV4::ExecutionContext*, QV4::ValueRef, int, QV4::ValueRef) (qv4runtime.cpp:1317)
==19695==    by 0x10D5191B: ???
==19695==    by 0x46C3E10: QV4::SimpleScriptFunction::call(QV4::Managed*, QV4::CallData*) (qv4functionobject.cpp:586)
==19695==    by 0x4683D16: QV4::FunctionObject::call(QV4::CallData*) (qv4functionobject_p.h:133)
==19695==    by 0x46952F5: QV4::__qmljs_call_activation_property(QV4::ExecutionContext*, QV4::Referenced<QV4::String>, QV4::CallDataRef) (qv4runtime.cpp:889)
==19695==    by 0x10D4FF48: ???
==19695== 
==19695== Invalid write of size 4
==19695==    at 0x480D55B: QFlagPointer<QQmlJavaScriptExpressionGuard>::operator=(QQmlJavaScriptExpressionGuard*) (qflagpointer_p.h:214)
==19695==    by 0x480D0A2: QForwardFieldList<QQmlJavaScriptExpressionGuard, &(QQmlJavaScriptExpressionGuard::next)>::prepend(QQmlJavaScriptExpressionGuard*) (qfieldlist_p.h:156)
==19695==    by 0x480C23C: QQmlJavaScriptExpression::GuardCapture::captureProperty(QObject*, int, int) (qqmljavascriptexpression.cpp:260)
==19695==    by 0x471C1D2: QQmlEnginePrivate::captureProperty(QObject*, int, int) (qqmlengine_p.h:542)
==19695==    by 0x471408C: QV4::QObjectWrapper::getProperty(QObject*, QV4::ExecutionContext*, QQmlPropertyData*, bool) (qv4qobjectwrapper.cpp:388)
==19695==    by 0x4713AD0: QV4::QObjectWrapper::getQmlProperty(QV4::ExecutionContext*, QQmlContextData*, QV4::String*, QV4::QObjectWrapper::RevisionMode, bool*, bool) (qv4qobjectwrapper.cpp:333)
==19695==    by 0x4715C09: QV4::QObjectWrapper::get(QV4::Managed*, QV4::Referenced<QV4::String>, bool*) (qv4qobjectwrapper.cpp:672)
==19695==    by 0x4683B37: QV4::Object::get(QV4::Referenced<QV4::String>, bool*) (qv4object_p.h:283)
==19695==    by 0x46938DE: QV4::__qmljs_get_property(QV4::ExecutionContext*, QV4::ValueRef, QV4::Referenced<QV4::String>) (qv4runtime.cpp:687)
==19695==    by 0x10D51A15: ???
==19695==    by 0x46C3E10: QV4::SimpleScriptFunction::call(QV4::Managed*, QV4::CallData*) (qv4functionobject.cpp:586)
==19695==    by 0x4683D16: QV4::FunctionObject::call(QV4::CallData*) (qv4functionobject_p.h:133)
==19695==  Address 0x10c5fe38 is 24 bytes inside a block of size 88 free'd
==19695==    at 0x402ACFC: operator delete(void*) (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==19695==    by 0x4815D51: QQmlBinding::~QQmlBinding() (qqmlbinding.cpp:203)
==19695==    by 0x4816BF3: void QQmlAbstractBinding::default_destroy<QQmlBinding>(QQmlAbstractBinding*, QQmlAbstractBinding::DestroyMode) (qqmlabstractbinding_p.h:223)
==19695==    by 0x471C243: QQmlAbstractBinding::destroy(QQmlAbstractBinding::DestroyMode) (qqmlabstractbinding_p.h:104)
==19695==    by 0x4714845: QV4::QObjectWrapper::setProperty(QObject*, QV4::ExecutionContext*, QQmlPropertyData*, QV4::ValueRef) (qv4qobjectwrapper.cpp:489)
==19695==    by 0x4715A79: QV4::QObjectWrapper::setProperty(QV4::ExecutionContext*, int, QV4::ValueRef) (qv4qobjectwrapper.cpp:647)
==19695==    by 0x469724F: QV4::__qmljs_set_qobject_property(QV4::ExecutionContext*, QV4::ValueRef, int, QV4::ValueRef) (qv4runtime.cpp:1317)
==19695==    by 0x10D5191B: ???
==19695==    by 0x46C3E10: QV4::SimpleScriptFunction::call(QV4::Managed*, QV4::CallData*) (qv4functionobject.cpp:586)
==19695==    by 0x4683D16: QV4::FunctionObject::call(QV4::CallData*) (qv4functionobject_p.h:133)
==19695==    by 0x46952F5: QV4::__qmljs_call_activation_property(QV4::ExecutionContext*, QV4::Referenced<QV4::String>, QV4::CallDataRef) (qv4runtime.cpp:889)
==19695==    by 0x10D4FF48: ???

      I've been unable to create a simple test case to reproduce.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            mbrasser Michael Brasser
            mbrasser Michael Brasser
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes