Details
-
Bug
-
Resolution: Done
-
P1: Critical
-
5.6.2, 5.7.1
Description
Consider the following QML singleton declared in module "constants":
pragma Singleton import QtQuick 2.4 QtObject { readonly property string song: "Highway to Hell" }
We have a QML component that returns 2 callbacks:
import QtQuick 2.5 import constants 1.0 Item { id: root function crash() { return function() { return Sing.song; } } function work() { var s = Sing; return function() { return s.song; } } }
These callbacks can also be properties, with the same result.
Page.qml is loaded from Test.qml as follows:
import QtQuick 2.5 import constants 1.0 Rectangle { color: "white" width: 400 height: 400 Timer { id: _timer interval: 1000 repeat: true triggeredOnStart: true } Loader { id: ldr source: "Page.qml" active: false onLoaded: { var item = ldr.item; // var work = item.work(); var crash = item.crash(); _timer.triggered.connect(function() { // console.warn("work: ", item, work()); console.warn("crash: ", item, crash()); ldr.active = false; }); _timer.start(); } } Component.onCompleted: { console.warn(Sing.song); ldr.active = true; } }
This code causes the application to crash with segmentation fault on the second invocation of the callback, when the Page is destroyed:
% qmlscene -I . Test.qml qml: Highway to Hell qml: crash: Page_QMLTYPE_1(0x1795750) Highway to Hell zsh: segmentation fault qmlscene -I . Test.qml
If I uncomment "work" callback and comment "crash", the application works and the output is this:
% qmlscene -I . Test.qml qml: Highway to Hell qml: work: Page_QMLTYPE_1(0x2e99bb0) Highway to Hell qml: work: TypeError: Type error Highway to Hell qml: work: TypeError: Type error Highway to Hell qml: work: TypeError: Type error Highway to Hell ...
I have 5.6.2 compiled from sources, this is the backtrace:
#0 0x00007ffff701e700 in QV4::ExecutionEngine::qmlSingletonWrapper (this=0x7e4430, name=0x7fffe2d38450) at /home/ABusenius/qtdeclarative/src/qml/jsruntime/qv4engine.cpp:721 #1 0x00007ffff70fc4e6 in QV4::Runtime::getQmlSingleton (engine=0x7e4430, nameIndex=6) at /home/ABusenius/qtdeclarative/src/qml/jsruntime/qv4runtime.cpp:1471 #2 0x00007ffff7fc9992 in ?? () #3 0x00007ffff7ecfe70 in ?? () #4 0x00007ffff7ecfe70 in ?? () #5 0x00007fffe2d383e8 in ?? () #6 0xd1e1af7c21137e00 in ?? () #7 0x00007fffffffcb50 in ?? () #8 0x00007ffff7025526 in QV4::FunctionObject::function (this=0x7fffe2d383e8) at /home/ABusenius/qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:134 #9 0x00007ffff70671fc in QV4::SimpleScriptFunction::call (that=0x7ffff7e2e080, callData=0x7fffe2d383a8) at /home/ABusenius/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:576 #10 0x00007ffff6f99b34 in QV4::Object::call (this=0x7ffff7e2e080, d=0x7fffe2d383a8) at ../../include/QtQml/5.6.2/QtQml/private/../../../../../../qtdeclarative/src/qml/jsruntime/qv4object_p.h:326 #11 0x00007ffff70fa697 in QV4::Runtime::callValue (engine=0x7e4430, func=..., callData=0x7fffe2d383a8) at /home/ABusenius/qtdeclarative/src/qml/jsruntime/qv4runtime.cpp:1034 #12 0x00007ffff7fc96d7 in ?? () #13 0x00007ffff7ecfed0 in ?? () #14 0x00007ffff7ecfed0 in ?? () #15 0x00007fffe2d38360 in ?? () #16 0xd1e1af7c21137e00 in ?? () #17 0x00007fffffffcd60 in ?? () #18 0x00007ffff7025526 in QV4::FunctionObject::function (this=0xa348f0) at /home/ABusenius/qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:134 #19 0x00007ffff70671fc in QV4::SimpleScriptFunction::call (that=0x7fffe2d38318, callData=0x7fffe2d38320) at /home/ABusenius/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:576 #20 0x00007ffff6f99b34 in QV4::Object::call (this=0x7fffe2d38318, d=0x7fffe2d38320) at ../../include/QtQml/5.6.2/QtQml/private/../../../../../../qtdeclarative/src/qml/jsruntime/qv4object_p.h:326 #21 0x00007ffff70dbbd9 in QV4::QObjectSlotDispatcher::impl (which=1, this_=0xa348f0, r=0x966b60, metaArgs=0x7fffffffd080, ret=0x0) at /home/ABusenius/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:813 #22 0x00007ffff559cbfe in QMetaObject::activate(QObject*, int, int, void**) () from /home/abusenius/qt/5.6/gcc_64/bin/../lib/libQt5Core.so.5 #23 0x00007ffff724876d in QQmlTimer::triggered (this=0x966b60) at .moc/moc_qqmltimer_p.cpp:260
Attachments
Issue Links
- duplicates
-
QTBUG-62125 Crash in Qt.createComponent, Qt.createQmlObject
- Closed
- relates to
-
QTBUG-52724 Seg fault debugging with a view that changes its model within an asynchronous Loader
- Closed
- resulted in
-
QTBUG-63919 [REG 5.9.1 -> 5.9.2] application crashes when using QML-Debugger
- Closed
-
QTBUG-64563 Memory leak in ListView when using QQuickView
- Closed
-
QTBUG-65569 SwipeView crashes
- Closed
-
QTBUG-63729 [REG 5.9.1->5.9.2]: When an item loaded in a loader is destroyed then it can cause children to print warnings that referred to the parent
- Closed
For Gerrit Dashboard: QTBUG-61781 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
202502,20 | Fix crashes with closures created in QML components | 5.9 | qt/qtdeclarative | Status: MERGED | -2 | 0 |
202503,2 | WIP: Refcount QQmlContextData | wip/new-backend | qt/qtdeclarative | Status: ABANDONED | -2 | 0 |
221418,1 | Fix crashes with closures created in QML components | 5.6 | qt/qtdeclarative | Status: ABANDONED | 0 | 0 |