Details
-
Bug
-
Resolution: Done
-
P1: Critical
-
5.3.0
-
None
-
32-bit MinGW on 64-bit Windows 7
Description
Commit https://qt.gitorious.org/qt/qtdeclarative/commit/156bb6ed1aafe96a1d5ea85e3ad8445d6e785bcb fixed a build issue caused by infidelities in MinGW's shell header files. With the exception of version 3 or later of the MinGW-w64 fork, the signature of SHParseDisplayName is incorrect and the type PIDLIST_ABSOLUTE is missing. The referenced commit fixed the build issue by adding an alternative code-path to shellNormalizeFileName() inside qtdeclarative/src/qml/qml/qqmlengine.cpp for affected versions of MinGW. However, the code-path contains a bug which causes it to intermittently crash when executed.
The correct type of the third argument to SHParseDisplayName() is a doubly indirect pointer to an ITEMIDLIST. The incorrect MinGW signature specifies only a single indirection and the alternative code-path conforms to this by actually supplying a pointer to an ITEMIDLIST rather than a pointer to a pointer. However, irrespective of the MinGW version, the implementation Windows really expects a pointer to a pointer and hence SHParseDisplayName() writes a pointer over the beginning of the supplied ITEMIDLIST. The code then intermittently crashes when the malformed ITEMIDLIST is passed to SHGetPathFromIDList().
From the stack track, this code appears to get executed at least when a QQmlEngine is loading the QML document. I detected this problem in the HsQML (http://www.gekkou.co.uk/software/hsqml/) test suite which executes many documents consecutively and it appears to occur about once for every couple of hundred QQmlEngines created.
I've attached a patch against 5.3.0 which fixes the problem by casting the correct type to match MinGW's signature.