Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-56027

Undefined behavior in QStandardItem when destroying the QStandardItemModel

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: P2: Important P2: Important
    • 5.6.3, 5.9.0 RC
    • 5.8
    • Widgets: Itemviews
    • None
    • 1) build qtbase 5.8 from git with ASAN and UBSAN (I'm using clang 3.8.1)
      2) build and run the {{tests/auto/gui/itemmodels/qstandarditem/tst_qstandarditem parent}} autotest, observe its output
    • 88b6abcebf29b455438d8da7db9fd5aa1aed2bf5

      When a QStandardItemModel is destroyed and the execution reaches the ~QObject() destructor, it goes on to clean all of the QObject children, including the top-level QStandardItemModel instances. Their respective destructors ~QStandardItemPrivate calls setModel(0) on all of their children.

      QStandardItemModel::setModel, however, calls back to the original model's invalidatePersistentIndex. This is undefined behavior because the ~QStandardItemModel has already finished, and that object is not even QObject anymore.

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            ogoffart Olivier Goffart (Woboq GmbH)
            jkt Jan Kundrát
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved:

                There are no open Gerrit changes