Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-52724

Seg fault debugging with a view that changes its model within an asynchronous Loader

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P1: Critical
    • 5.9.2
    • 5.6.0, 5.7.0, 5.7.1, 5.8.0, 5.9.0, 5.9.1
    • QML: Declarative and Javascript Engine
    • None
    • Ubuntu 15.10 x64
    • e22b624d9ab1f36021adb9cdbfa9b37054282bb8

    Description

      If a Loader has asynchronous set to true and its source component changes the contents of a list of Items being used as a model in its Component.onCompleted event, then there can be a segfault when QQmlEngineDebugServiceImpl builds its object list.

      It's probably much easier to understand by an example project. Please find one that reproduces this issue attached! Interestingly, this doesn't occur in 5.5.1 (or earlier).

      It seems like there might be a race condition between QQmlEngineDebugServiceImpl and Loader (and its source component's Component.onCompleted event). Here's a stack trace from a debug build of Qt, but it can segfault in a number of different places.

      1 QMetaObjectPrivate::get qmetaobject_p.h 180 0x7ffff6ccd52d
      2 QObject::connect qobject.cpp 2646 0x7ffff6cfd4a3
      3 QQmlDebugService::idForObject qqmldebugservice.cpp 160 0x7ffff73f548c
      4 QQmlEngineDebugServiceImpl::storeObjectIds qqmlenginedebugservice.cpp 318 0x7fffe80c15eb
      5 QQmlEngineDebugServiceImpl::buildObjectList qqmlenginedebugservice.cpp 333 0x7fffe80c1720
      6 QQmlEngineDebugServiceImpl::buildObjectList qqmlenginedebugservice.cpp 349 0x7fffe80c17cb
      7 QQmlEngineDebugServiceImpl::buildObjectList qqmlenginedebugservice.cpp 349 0x7fffe80c17cb
      8 QQmlEngineDebugServiceImpl::buildObjectList qqmlenginedebugservice.cpp 349 0x7fffe80c17cb
      9 QQmlEngineDebugServiceImpl::buildObjectList qqmlenginedebugservice.cpp 349 0x7fffe80c17cb
      10 QQmlEngineDebugServiceImpl::buildObjectList qqmlenginedebugservice.cpp 349 0x7fffe80c17cb
      11 QQmlEngineDebugServiceImpl::buildObjectList qqmlenginedebugservice.cpp 349 0x7fffe80c17cb
      12 QQmlEngineDebugServiceImpl::processMessage qqmlenginedebugservice.cpp 484 0x7fffe80c24fd
      13 QQmlEngineDebugServiceImpl::qt_static_metacall moc_qqmlenginedebugservice.cpp 80 0x7fffe80ed8dc
      14 QMetaCallEvent::placeMetaCall qobject.cpp 495 0x7ffff6cf91e5
      15 QObject::event qobject.cpp 1256 0x7ffff6cfa3ab
      16 QCoreApplicationPrivate::notify_helper qcoreapplication.cpp 1149 0x7ffff6cbc6c6
      17 doNotify qcoreapplication.cpp 1090 0x7ffff6cbc2f0
      18 QCoreApplication::notify qcoreapplication.cpp 1076 0x7ffff6cbc254
      19 QGuiApplication::notify qguiapplication.cpp 1607 0x7ffff7760de0
      20 QCoreApplication::notifyInternal2 qcoreapplication.cpp 1015 0x7ffff6cbc1d1
      ... <More>

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-61781 Crash when accessing a QML singleton from anonymous function

          • P1: Critical - Urgent and Important, will STOP the release if matched with set FixVersion field. This includes regressions from the last version that are not edge cases; Data loss; Build issues; All but the most unlikely crashes/lockups/hanging; Serious usability issues and embarrassing bugs & Bugs critical to a deliverable. This is the highest possible priority for requirements.
          • Closed
          For Gerrit Dashboard: QTBUG-52724
          # Subject Branch Project Status CR V
          221418,1 Fix crashes with closures created in QML components 5.6 qt/qtdeclarative Status: ABANDONED 0 0

          Activity

            People

              ulherman Ulf Hermann
              molesmoke Jeremy Powell
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes