Loading...

Details

Type: Bug
Resolution: Done
Priority: P1: Critical
Fix Version/s: 5.4.0
Affects Version/s: 5.1.0
Component/s: QML: Declarative and Javascript Engine
Labels:
None

Commits:
9f22767784dc859283b321c47636ea708eef3bfe (qtdeclarative)

Description

Valgrind says
==27114== Invalid read of size 8
==27114== at 0x56293E0: QQmlContext::isValid() const (in /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5.3.0)
==27114== by 0x56DF243: QQmlDelegateModelPrivate::emitChanges() (in /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5.3.0)
==27114== by 0x56E5361: QQmlDelegateModel::_q_modelReset() (in /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5.3.0)
==27114== by 0x5707524: QQmlDelegateModel::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (in /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5.3.0)
==27114== by 0x5707AEE: QQmlDelegateModel::qt_metacall(QMetaObject::Call, int, void**) (in /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5.3.0)
==27114== by 0x63E29CC: QMetaObject::activate(QObject*, int, int, void**) (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.3.0)
==27114== by 0x6359EFD: QAbstractItemModel::endResetModel() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.3.0)
==27114== by 0x4031B2: MyModel::~MyModel() (main.cpp:17)
==27114== by 0x4043A6: QQmlPrivate::QQmlElement<MyModel>::~QQmlElement() (in /home/tsdgeos_work/test/test)
==27114== by 0x4043F7: QQmlPrivate::QQmlElement<MyModel>::~QQmlElement() (qqmlprivate.h:106)
==27114== by 0x63E136B: QObjectPrivate::deleteChildren() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.3.0)
==27114== by 0x63EA0EB: QObject::~QObject() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.3.0)
==27114== by 0x4FC74C5: QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() (in /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5.3.0)
==27114== by 0x505A169: QQuickView::~QQuickView() (in /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5.3.0)
==27114== by 0x505A1D8: QQuickView::~QQuickView() (in /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5.3.0)
==27114== by 0x402C17: main (main.cpp:36)
==27114== Address 0x1b6ac9f8 is 8 bytes inside a block of size 16 free'd
==27114== at 0x4C2C2BC: operator delete(void*) (vg_replace_malloc.c:503)
==27114== by 0x5629BF0: QQmlContextData::destroy() (in /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5.3.0)
==27114== by 0x560D238: QQmlPrivate::qdeclarativeelement_destructor(QObject*) (in /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5.3.0)
==27114== by 0x4FC74BD: QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() (in /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5.3.0)
==27114== by 0x505A169: QQuickView::~QQuickView() (in /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5.3.0)
==27114== by 0x505A1D8: QQuickView::~QQuickView() (in /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5.3.0)
==27114== by 0x402C17: main (main.cpp:36)
==27114==
==27114== Invalid read of size 8
==27114== at 0x56293E4: QQmlContext::isValid() const (in /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5.3.0)
==27114== by 0x56DF243: QQmlDelegateModelPrivate::emitChanges() (in /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5.3.0)
==27114== by 0x56E5361: QQmlDelegateModel::_q_modelReset() (in /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5.3.0)
==27114== by 0x5707524: QQmlDelegateModel::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (in /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5.3.0)
==27114== by 0x5707AEE: QQmlDelegateModel::qt_metacall(QMetaObject::Call, int, void**) (in /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5.3.0)
==27114== by 0x63E29CC: QMetaObject::activate(QObject*, int, int, void**) (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.3.0)
==27114== by 0x6359EFD: QAbstractItemModel::endResetModel() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.3.0)
==27114== by 0x4031B2: MyModel::~MyModel() (main.cpp:17)
==27114== by 0x4043A6: QQmlPrivate::QQmlElement<MyModel>::~QQmlElement() (in /home/tsdgeos_work/test/test)
==27114== by 0x4043F7: QQmlPrivate::QQmlElement<MyModel>::~QQmlElement() (qqmlprivate.h:106)
==27114== by 0x63E136B: QObjectPrivate::deleteChildren() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.3.0)
==27114== by 0x63EA0EB: QObject::~QObject() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.3.0)
==27114== by 0x4FC74C5: QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() (in /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5.3.0)
==27114== by 0x505A169: QQuickView::~QQuickView() (in /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5.3.0)
==27114== by 0x505A1D8: QQuickView::~QQuickView() (in /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5.3.0)
==27114== by 0x402C17: main (main.cpp:36)
==27114== Address 0x1bafa150 is 112 bytes inside a block of size 144 free'd
==27114== at 0x4C2C2BC: operator delete(void*) (vg_replace_malloc.c:503)
==27114== by 0x63EA11F: QObject::~QObject() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.3.0)
==27114== by 0x5629D48: QQmlContext::~QQmlContext() (in /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5.3.0)
==27114== by 0x5629BF0: QQmlContextData::destroy() (in /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5.3.0)
==27114== by 0x560D238: QQmlPrivate::qdeclarativeelement_destructor(QObject*) (in /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5.3.0)
==27114== by 0x4FC74BD: QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() (in /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5.3.0)
==27114== by 0x505A169: QQuickView::~QQuickView() (in /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5.3.0)
==27114== by 0x505A1D8: QQuickView::~QQuickView() (in /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5.3.0)
==27114== by 0x402C17: main (main.cpp:36)
==27114==
==27114== Invalid read of size 8
==27114== at 0x56293ED: QQmlContext::isValid() const (in /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5.3.0)
==27114== by 0x56DF243: QQmlDelegateModelPrivate::emitChanges() (in /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5.3.0)
==27114== by 0x56E5361: QQmlDelegateModel::_q_modelReset() (in /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5.3.0)
==27114== by 0x5707524: QQmlDelegateModel::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (in /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5.3.0)
==27114== by 0x5707AEE: QQmlDelegateModel::qt_metacall(QMetaObject::Call, int, void**) (in /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5.3.0)
==27114== by 0x63E29CC: QMetaObject::activate(QObject*, int, int, void**) (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.3.0)
==27114== by 0x6359EFD: QAbstractItemModel::endResetModel() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.3.0)
==27114== by 0x4031B2: MyModel::~MyModel() (main.cpp:17)
==27114== by 0x4043A6: QQmlPrivate::QQmlElement<MyModel>::~QQmlElement() (in /home/tsdgeos_work/test/test)
==27114== by 0x4043F7: QQmlPrivate::QQmlElement<MyModel>::~QQmlElement() (qqmlprivate.h:106)
==27114== by 0x63E136B: QObjectPrivate::deleteChildren() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.3.0)
==27114== by 0x63EA0EB: QObject::~QObject() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.3.0)
==27114== by 0x4FC74C5: QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() (in /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5.3.0)
==27114== by 0x505A169: QQuickView::~QQuickView() (in /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5.3.0)
==27114== by 0x505A1D8: QQuickView::~QQuickView() (in /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5.3.0)
==27114== by 0x402C17: main (main.cpp:36)
==27114== Address 0x1baf89d8 is 8 bytes inside a block of size 168 free'd
==27114== at 0x4C2C2BC: operator delete(void*) (vg_replace_malloc.c:503)
==27114== by 0x560D238: QQmlPrivate::qdeclarativeelement_destructor(QObject*) (in /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5.3.0)
==27114== by 0x4FC74BD: QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() (in /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5.3.0)
==27114== by 0x505A169: QQuickView::~QQuickView() (in /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5.3.0)
==27114== by 0x505A1D8: QQuickView::~QQuickView() (in /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5.3.0)
==27114== by 0x402C17: main (main.cpp:36)

on the attached code.

I understand emitting reset from the destructor is not very useful, but in the real world code we are just reusing the clean() function that is also called in other instances that is not the destructor so it is very handy that it does not crash (it didn't use to in Qt 5.2)

I'll attach main.cpp main.qml and test.pro

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

main.cpp
0.8 kB
20 Jun '14 17:05
main.qml
0.2 kB
20 Jun '14 17:05
test.pro
0.3 kB
20 Jun '14 17:05

Issue Links

replaces

QTBUG-33347 Instantiator: crash in QQmlDelegateModel when the QQmlContext is deleted out from under it

Closed

QTBUG-39682 Crash on exit because of QQmlApplicationEngine

Closed

QTBUG-28160 Regression: qtdeclarative example crashes qmlscene

Closed

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

For Gerrit Dashboard: QTBUG-39780
#	Subject	Branch	Project	Status	CR	V
88219,2	Fix crash in QQmlDelegateModel during destruction phase	dev	qt/qtdeclarative	Status: MERGED	+2	0

Valgrind reports read on deleted memory if model emits reset from destructor

Details

Description

Attachments

Attachments

Issue Links

Gerrit Reviews

Activity

People

Dates

Gerrit Reviews