Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-53251

Dangling NSMenuItem pointer in QCocoaMenu

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P1: Critical
    • 5.6.1
    • 5.6
    • QPA
    • None
    • macOS
    • 4e0b76d810fe370f6a5c6e0242c487f026e809d3

    Description

      QCocoaMenu::m_attachedItem can become invalid as soon as we delete this attached item in ~QCocoaMenuItem (and we never reset it).

      It can happen the next time we populate the menu and call menu delelgate's method:

      - (BOOL)menu:(NSMenu *)menu updateItem:(NSMenuItem *)item atIndex:(NSInteger)index shouldCancel:(BOOL)shouldCancel
      

      we also call itemSubmenu->setAttachedItem(item), this results in

      m_attachedItem.submenu = nil;
      

      where m_attachedItem is a dangling pointer.

      This was found while testing one of our examples (browser app) and owncloud client application (essentially it's using QSystemTrayIcon + QMenu) - in both cases 'the pattern' seems to be the similar:

      • browser updates its list of recently viewed pages - thus clearing/re-populating the menu again and again
      • the application re-populates the menu when sync status is changing.

      I'm attaching the reproducer, which is essentially an excerpt/snippet for this scenario, a bit contrived maybe but making the problem obvious (well, you have to click on this orange systray icon and open context menu, probably, several times).

      Attachments

        For Gerrit Dashboard: QTBUG-53251
        # Subject Branch Project Status CR V

        Activity

          People

            tpochep Timur Pocheptsov
            tpochep Timur Pocheptsov
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes