Consider a short-lived process that produces some output.
Start this process via QProcess and call waitForFinished.
Then the following can happen:
- in QProcessPrivate::waitForFinished WaitForSingleObject returns WAIT_OBJECT_0
- drainOutputPipes is called and returns.
- The QWindowsPipeReader objects are still active, because the pipe has not been closed yet.
- _q_processDied() is called, which calls cleanup(), which calls QWindowsPipeReader::stop()
- QWindowsPipeReader::stop() sets readSequenceStarted to false, but doesn't cancel the I/O operation (should it rather?)
- waitForFinished() returns
- The QProcess object is destroyed with all its children.
- QWindowsPipeReader with readSequenceStarted==false but an active I/O operation is destroyed.
- The OVERLAPPED object and the read buffer in QWindowsPipeReader is destroyed.
- The active I/O operation modifies the (now destroyed) OVERLAPPED object and, potentially, the read buffer. BAM! The heap is a mess.
This issue originates from
We can only reproduce it on Windows 7.