Details
-
Bug
-
Resolution: Done
-
P2: Important
-
5.2.0, 5.2.1
-
None
-
60d66bea87b72e66e7c466e1c27f966762e1fd5a
Description
An application that works correctly in Qt 5.1 is crashing under Qt 5.2. The crash appears to be related to the following errors reported by memcheck:
==19695== Invalid read of size 4 ==19695== at 0x480D500: QFlagPointer<QQmlJavaScriptExpressionGuard>::operator*() const (qflagpointer_p.h:227) ==19695== by 0x480D08E: QForwardFieldList<QQmlJavaScriptExpressionGuard, &(QQmlJavaScriptExpressionGuard::next)>::prepend(QQmlJavaScriptExpressionGuard*) (qfieldlist_p.h:155) ==19695== by 0x480C23C: QQmlJavaScriptExpression::GuardCapture::captureProperty(QObject*, int, int) (qqmljavascriptexpression.cpp:260) ==19695== by 0x471C1D2: QQmlEnginePrivate::captureProperty(QObject*, int, int) (qqmlengine_p.h:542) ==19695== by 0x471408C: QV4::QObjectWrapper::getProperty(QObject*, QV4::ExecutionContext*, QQmlPropertyData*, bool) (qv4qobjectwrapper.cpp:388) ==19695== by 0x4713AD0: QV4::QObjectWrapper::getQmlProperty(QV4::ExecutionContext*, QQmlContextData*, QV4::String*, QV4::QObjectWrapper::RevisionMode, bool*, bool) (qv4qobjectwrapper.cpp:333) ==19695== by 0x4715C09: QV4::QObjectWrapper::get(QV4::Managed*, QV4::Referenced<QV4::String>, bool*) (qv4qobjectwrapper.cpp:672) ==19695== by 0x4683B37: QV4::Object::get(QV4::Referenced<QV4::String>, bool*) (qv4object_p.h:283) ==19695== by 0x46938DE: QV4::__qmljs_get_property(QV4::ExecutionContext*, QV4::ValueRef, QV4::Referenced<QV4::String>) (qv4runtime.cpp:687) ==19695== by 0x10D51A15: ??? ==19695== by 0x46C3E10: QV4::SimpleScriptFunction::call(QV4::Managed*, QV4::CallData*) (qv4functionobject.cpp:586) ==19695== by 0x4683D16: QV4::FunctionObject::call(QV4::CallData*) (qv4functionobject_p.h:133) ==19695== Address 0x10c5fe38 is 24 bytes inside a block of size 88 free'd ==19695== at 0x402ACFC: operator delete(void*) (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==19695== by 0x4815D51: QQmlBinding::~QQmlBinding() (qqmlbinding.cpp:203) ==19695== by 0x4816BF3: void QQmlAbstractBinding::default_destroy<QQmlBinding>(QQmlAbstractBinding*, QQmlAbstractBinding::DestroyMode) (qqmlabstractbinding_p.h:223) ==19695== by 0x471C243: QQmlAbstractBinding::destroy(QQmlAbstractBinding::DestroyMode) (qqmlabstractbinding_p.h:104) ==19695== by 0x4714845: QV4::QObjectWrapper::setProperty(QObject*, QV4::ExecutionContext*, QQmlPropertyData*, QV4::ValueRef) (qv4qobjectwrapper.cpp:489) ==19695== by 0x4715A79: QV4::QObjectWrapper::setProperty(QV4::ExecutionContext*, int, QV4::ValueRef) (qv4qobjectwrapper.cpp:647) ==19695== by 0x469724F: QV4::__qmljs_set_qobject_property(QV4::ExecutionContext*, QV4::ValueRef, int, QV4::ValueRef) (qv4runtime.cpp:1317) ==19695== by 0x10D5191B: ??? ==19695== by 0x46C3E10: QV4::SimpleScriptFunction::call(QV4::Managed*, QV4::CallData*) (qv4functionobject.cpp:586) ==19695== by 0x4683D16: QV4::FunctionObject::call(QV4::CallData*) (qv4functionobject_p.h:133) ==19695== by 0x46952F5: QV4::__qmljs_call_activation_property(QV4::ExecutionContext*, QV4::Referenced<QV4::String>, QV4::CallDataRef) (qv4runtime.cpp:889) ==19695== by 0x10D4FF48: ??? ==19695== ==19695== Invalid read of size 4 ==19695== at 0x480D54C: QFlagPointer<QQmlJavaScriptExpressionGuard>::operator=(QQmlJavaScriptExpressionGuard*) (qflagpointer_p.h:214) ==19695== by 0x480D0A2: QForwardFieldList<QQmlJavaScriptExpressionGuard, &(QQmlJavaScriptExpressionGuard::next)>::prepend(QQmlJavaScriptExpressionGuard*) (qfieldlist_p.h:156) ==19695== by 0x480C23C: QQmlJavaScriptExpression::GuardCapture::captureProperty(QObject*, int, int) (qqmljavascriptexpression.cpp:260) ==19695== by 0x471C1D2: QQmlEnginePrivate::captureProperty(QObject*, int, int) (qqmlengine_p.h:542) ==19695== by 0x471408C: QV4::QObjectWrapper::getProperty(QObject*, QV4::ExecutionContext*, QQmlPropertyData*, bool) (qv4qobjectwrapper.cpp:388) ==19695== by 0x4713AD0: QV4::QObjectWrapper::getQmlProperty(QV4::ExecutionContext*, QQmlContextData*, QV4::String*, QV4::QObjectWrapper::RevisionMode, bool*, bool) (qv4qobjectwrapper.cpp:333) ==19695== by 0x4715C09: QV4::QObjectWrapper::get(QV4::Managed*, QV4::Referenced<QV4::String>, bool*) (qv4qobjectwrapper.cpp:672) ==19695== by 0x4683B37: QV4::Object::get(QV4::Referenced<QV4::String>, bool*) (qv4object_p.h:283) ==19695== by 0x46938DE: QV4::__qmljs_get_property(QV4::ExecutionContext*, QV4::ValueRef, QV4::Referenced<QV4::String>) (qv4runtime.cpp:687) ==19695== by 0x10D51A15: ??? ==19695== by 0x46C3E10: QV4::SimpleScriptFunction::call(QV4::Managed*, QV4::CallData*) (qv4functionobject.cpp:586) ==19695== by 0x4683D16: QV4::FunctionObject::call(QV4::CallData*) (qv4functionobject_p.h:133) ==19695== Address 0x10c5fe38 is 24 bytes inside a block of size 88 free'd ==19695== at 0x402ACFC: operator delete(void*) (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==19695== by 0x4815D51: QQmlBinding::~QQmlBinding() (qqmlbinding.cpp:203) ==19695== by 0x4816BF3: void QQmlAbstractBinding::default_destroy<QQmlBinding>(QQmlAbstractBinding*, QQmlAbstractBinding::DestroyMode) (qqmlabstractbinding_p.h:223) ==19695== by 0x471C243: QQmlAbstractBinding::destroy(QQmlAbstractBinding::DestroyMode) (qqmlabstractbinding_p.h:104) ==19695== by 0x4714845: QV4::QObjectWrapper::setProperty(QObject*, QV4::ExecutionContext*, QQmlPropertyData*, QV4::ValueRef) (qv4qobjectwrapper.cpp:489) ==19695== by 0x4715A79: QV4::QObjectWrapper::setProperty(QV4::ExecutionContext*, int, QV4::ValueRef) (qv4qobjectwrapper.cpp:647) ==19695== by 0x469724F: QV4::__qmljs_set_qobject_property(QV4::ExecutionContext*, QV4::ValueRef, int, QV4::ValueRef) (qv4runtime.cpp:1317) ==19695== by 0x10D5191B: ??? ==19695== by 0x46C3E10: QV4::SimpleScriptFunction::call(QV4::Managed*, QV4::CallData*) (qv4functionobject.cpp:586) ==19695== by 0x4683D16: QV4::FunctionObject::call(QV4::CallData*) (qv4functionobject_p.h:133) ==19695== by 0x46952F5: QV4::__qmljs_call_activation_property(QV4::ExecutionContext*, QV4::Referenced<QV4::String>, QV4::CallDataRef) (qv4runtime.cpp:889) ==19695== by 0x10D4FF48: ??? ==19695== ==19695== Invalid write of size 4 ==19695== at 0x480D55B: QFlagPointer<QQmlJavaScriptExpressionGuard>::operator=(QQmlJavaScriptExpressionGuard*) (qflagpointer_p.h:214) ==19695== by 0x480D0A2: QForwardFieldList<QQmlJavaScriptExpressionGuard, &(QQmlJavaScriptExpressionGuard::next)>::prepend(QQmlJavaScriptExpressionGuard*) (qfieldlist_p.h:156) ==19695== by 0x480C23C: QQmlJavaScriptExpression::GuardCapture::captureProperty(QObject*, int, int) (qqmljavascriptexpression.cpp:260) ==19695== by 0x471C1D2: QQmlEnginePrivate::captureProperty(QObject*, int, int) (qqmlengine_p.h:542) ==19695== by 0x471408C: QV4::QObjectWrapper::getProperty(QObject*, QV4::ExecutionContext*, QQmlPropertyData*, bool) (qv4qobjectwrapper.cpp:388) ==19695== by 0x4713AD0: QV4::QObjectWrapper::getQmlProperty(QV4::ExecutionContext*, QQmlContextData*, QV4::String*, QV4::QObjectWrapper::RevisionMode, bool*, bool) (qv4qobjectwrapper.cpp:333) ==19695== by 0x4715C09: QV4::QObjectWrapper::get(QV4::Managed*, QV4::Referenced<QV4::String>, bool*) (qv4qobjectwrapper.cpp:672) ==19695== by 0x4683B37: QV4::Object::get(QV4::Referenced<QV4::String>, bool*) (qv4object_p.h:283) ==19695== by 0x46938DE: QV4::__qmljs_get_property(QV4::ExecutionContext*, QV4::ValueRef, QV4::Referenced<QV4::String>) (qv4runtime.cpp:687) ==19695== by 0x10D51A15: ??? ==19695== by 0x46C3E10: QV4::SimpleScriptFunction::call(QV4::Managed*, QV4::CallData*) (qv4functionobject.cpp:586) ==19695== by 0x4683D16: QV4::FunctionObject::call(QV4::CallData*) (qv4functionobject_p.h:133) ==19695== Address 0x10c5fe38 is 24 bytes inside a block of size 88 free'd ==19695== at 0x402ACFC: operator delete(void*) (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==19695== by 0x4815D51: QQmlBinding::~QQmlBinding() (qqmlbinding.cpp:203) ==19695== by 0x4816BF3: void QQmlAbstractBinding::default_destroy<QQmlBinding>(QQmlAbstractBinding*, QQmlAbstractBinding::DestroyMode) (qqmlabstractbinding_p.h:223) ==19695== by 0x471C243: QQmlAbstractBinding::destroy(QQmlAbstractBinding::DestroyMode) (qqmlabstractbinding_p.h:104) ==19695== by 0x4714845: QV4::QObjectWrapper::setProperty(QObject*, QV4::ExecutionContext*, QQmlPropertyData*, QV4::ValueRef) (qv4qobjectwrapper.cpp:489) ==19695== by 0x4715A79: QV4::QObjectWrapper::setProperty(QV4::ExecutionContext*, int, QV4::ValueRef) (qv4qobjectwrapper.cpp:647) ==19695== by 0x469724F: QV4::__qmljs_set_qobject_property(QV4::ExecutionContext*, QV4::ValueRef, int, QV4::ValueRef) (qv4runtime.cpp:1317) ==19695== by 0x10D5191B: ??? ==19695== by 0x46C3E10: QV4::SimpleScriptFunction::call(QV4::Managed*, QV4::CallData*) (qv4functionobject.cpp:586) ==19695== by 0x4683D16: QV4::FunctionObject::call(QV4::CallData*) (qv4functionobject_p.h:133) ==19695== by 0x46952F5: QV4::__qmljs_call_activation_property(QV4::ExecutionContext*, QV4::Referenced<QV4::String>, QV4::CallDataRef) (qv4runtime.cpp:889) ==19695== by 0x10D4FF48: ???
I've been unable to create a simple test case to reproduce.