Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-37346

[REG] Crash in QWidgetPrivate::setParent_sys() when nativeParent->d_func()->extra is NULL

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P1: Critical
    • 4.8.6
    • 4.8.6
    • None
    • Only tested using Windows 7, VC2013 compiler
      Using libraries self-compiled from a Git checkout of the 4.8 branch. The last commit in my checkout is 6eb9d1e37f2c316cdea441c838691fd5168a6919
    • a85849604239034742c47d5be628122bae825c9e (14.3.2014, 4.8.6)

    Description

      I believe that the fix for QTBUG-30276 is causing a crash in my application.

      I haven't been able to come up with a simplified example yet, but when I look at the crash in the debugger it's pretty clear what is happening.

      First, here is the call stack:

      0	QList<QPointer<QWidget> >::QList<QPointer<QWidget> >	qlist.h	122	0x650754b8	
      1	QForeachContainer<QList<QPointer<QWidget> > >::QForeachContainer<QList<QPointer<QWidget> > >	qglobal.h	2394	0x65075439	
      2	qForeachContainerNew<QList<QPointer<QWidget> > >	qglobal.h	2404	0x65075395	
      3	QWidgetPrivate::setParent_sys	qwidget_win.cpp	636	0x6506e9ca	
      4	QWidget::setParent	qwidget.cpp	10215	0x64ff775b	
      5	QWidget::setParent	qwidget.cpp	10161	0x64ff743f	
      6	QFocusFramePrivate::update	qfocusframe.cpp	73	0x65749c7e	
      7	QFocusFrame::setWidget	qfocusframe.cpp	235	0x657493f3	
      8	WMDialog::setErrorWidget	WMDialog.cpp	327	0x14354ffd9	
      9	ControlPropertiesDialog::generateCommand	ControlPropertiesDialog.cpp	539	0x143a51b43	
      10	WMCmdGenDialog::updateCommand	WMCmdGenDialog.cpp	547	0x14353a9b9	
      11	ControlPropertiesDialog::_updateDialogState	ControlPropertiesDialog.cpp	869	0x143a53230	
      12	ControlPropertiesDialog::qt_static_metacall	moc_ControlPropertiesDialog.cpp	66	0x145bc0bfb	
      13	QMetaObject::activate	qobject.cpp	3539	0x64bca799	
      14	QTimer::timeout	moc_qtimer.cpp	142	0x64c686d0	
      15	QTimer::timerEvent	qtimer.cpp	282	0x64be1935	
      16	QObject::event	qobject.cpp	1157	0x64bcc183	
      17	QApplicationPrivate::notify_helper	qapplication.cpp	4562	0x64f5bb06	
      18	QApplication::notify	qapplication.cpp	3944	0x64f564f5	
      19	IgorAppObject::notify	IgorAppObject.cpp	537	0x1432c7f50	
      20	QCoreApplication::notifyInternal	qcoreapplication.cpp	953	0x64ba985a	
      21	QCoreApplication::sendEvent	qcoreapplication.h	231	0x64bb23d3	
      22	QEventDispatcherWin32::event	qeventdispatcher_win.cpp	1151	0x64bff7db	
      23	QApplicationPrivate::notify_helper	qapplication.cpp	4562	0x64f5bb06	
      24	QApplication::notify	qapplication.cpp	3944	0x64f564f5	
      25	IgorAppObject::notify	IgorAppObject.cpp	537	0x1432c7f50	
      26	QCoreApplication::notifyInternal	qcoreapplication.cpp	953	0x64ba985a	
      27	QCoreApplication::sendEvent	qcoreapplication.h	231	0x64bb23d3	
      28	QCoreApplicationPrivate::sendPostedEvents	qcoreapplication.cpp	1577	0x64baa964	
      29	qt_internal_proc	qeventdispatcher_win.cpp	498	0x64bfdad4	
      30	UserCallWinProcCheckWow	USER32		0x77849bd1	
      31	DispatchMessageWorker	USER32		0x778498da	
      32	QEventDispatcherWin32::processEvents	qeventdispatcher_win.cpp	823	0x64bfe588	
      33	QGuiEventDispatcherWin32::processEvents	qapplication_win.cpp	1212	0x65049c55	
      34	QEventLoop::processEvents	qeventloop.cpp	150	0x64ba55b4	
      35	QEventLoop::exec	qeventloop.cpp	204	0x64ba5897	
      36	QDialog::exec	qdialog.cpp	563	0x6579fc9d	
      37	WMDialog::runDialog	WMDialog.cpp	1144	0x143550476	
      38	IgorAppObject::runWMDialogVariant	IgorAppObject.cpp	2660	0x1432cb7db	
      39	BuiltinActions::doCommand	BuiltinActions.cpp	3906	0x1432de9ed	
      40	BuiltinActions::doCommandFromSender	BuiltinActions.cpp	702	0x1432df165	
      41	BuiltinActions::qt_static_metacall	moc_BuiltinActions.cpp	69	0x145b94fb8	
      42	QMetaObject::activate	qobject.cpp	3539	0x64bca799	
      43	QAction::triggered	moc_qaction.cpp	271	0x64f2a51d	
      44	QAction::activate	qaction.cpp	1262	0x64f2994d	
      45	QMenuPrivate::activateCausedStack	qmenu.cpp	1040	0x656d99ad	
      46	QMenuPrivate::activateAction	qmenu.cpp	1133	0x656d989d	
      47	QMenu::mouseReleaseEvent	qmenu.cpp	2373	0x656d2b28	
      48	QWidget::event	qwidget.cpp	8377	0x64ffaa16	
      49	QMenu::event	qmenu.cpp	2482	0x656d47fd	
      50	QApplicationPrivate::notify_helper	qapplication.cpp	4562	0x64f5bb06	
      51	QApplication::notify	qapplication.cpp	4105	0x64f56e33	
      52	IgorAppObject::notify	IgorAppObject.cpp	537	0x1432c7f50	
      53	QCoreApplication::notifyInternal	qcoreapplication.cpp	953	0x64ba985a	
      54	QCoreApplication::sendSpontaneousEvent	qcoreapplication.h	234	0x64c730fc	
      55	QApplicationPrivate::sendMouseEvent	qapplication.cpp	3171	0x64f5d9d6	
      56	QETWidget::translateMouseEvent	qapplication_win.cpp	3295	0x650455fc	
      57	QtWndProc	qapplication_win.cpp	1709	0x65040e01	
      58	UserCallWinProcCheckWow	USER32		0x77849bd1	
      59	DispatchMessageWorker	USER32		0x778498da	
      60	QEventDispatcherWin32::processEvents	qeventdispatcher_win.cpp	823	0x64bfe588	
      61	QGuiEventDispatcherWin32::processEvents	qapplication_win.cpp	1212	0x65049c55	
      62	QEventLoop::processEvents	qeventloop.cpp	150	0x64ba55b4	
      63	QEventLoop::exec	qeventloop.cpp	204	0x64ba5897	
      64	QCoreApplication::exec	qcoreapplication.cpp	1225	0x64ba78dc	
      65	QApplication::exec	qapplication.cpp	3824	0x64f56108	
      66	main	IgorQtMain.cpp	497	0x145b86228	
      67	WinMain	Igor64		0x145d311b1	
      68	__tmainCRTStartup	crtexe.c	618	0x145d307b1	
      69	WinMainCRTStartup	crtexe.c	466	0x145d3052e	
      70	BaseThreadInitThunk	kernel32		0x7772652d	
      71	RtlUserThreadStart	ntdll		0x7795c541	
      

      In step 3 of the backtrace, in QWidgetPrivate::setParent_sys(), I see the following code added to fix QTBUG-30276:

      if (QWidget *nativeParent = q->internalWinId() ? q : q->nativeParentWidget()) {
          foreach (QWidget *w, nativeParent->d_func()->extra->oleDropWidgets) {
              if (w && q->isAncestorOf(w)) {
                  registeredDropChildren.push_back(w);
                  w->setAttribute(Qt::WA_DropSiteRegistered, false);
              }
          }
      }
      

      In the debugger, the value of nativeParent->d_func()->extra is NULL, so qForeachContainerNew() is getting passed garbage.

      I think the correct behavior would be to test that nativeParent->d_func()->extra is not NULL before dereferencing it.

      Attachments

        1. ErrorWidget.PNG
          32 kB
          Adam Light

        Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              kleint Friedemann Kleint
              aclight Adam Light
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes