Details
-
Bug
-
Resolution: Done
-
P0: Blocker
-
4.5.0, 4.5.3, 4.6.0
-
None
-
Windows XP
-
293db01f907ad8644e8242055521e6b8e7c4dfec
Description
Attached is a sample program that demonstrates a crash in
QGraphicsScene::addItem() related to dynamic addition and removal of
QGraphicsWidget objects from a QGraphicsScene. At a high level, what we are
doing is adding children to a QGraphicsWidget, removing them, and then
restoring them later. If we remove the parent from the scene before removing
the children, the QGraphicsScenePrivate::tabFocusFirst member can end up
being a dangling pointer. The sample code shows how this can occur.
There are two different demonstrations of the behavior in the sample code.
The non-interactive version (the default) does everything in main() without
opening any windows. The interactive version (enabled by uncommenting the
#define for INTERACTIVE in main.cpp) requires user input to cause the right
sequence of steps that lead to the crash. In the interactive version, these
steps are as follows:
1. Click 'Add' to add the parents QGraphicsWidgets to the scene.
2. Click 'Show' to show the children.
NOTE: This actually simulates showing, hiding, and then showing again.
3. Click 'Remove' to remove the parents from the scene.
4. Click 'Add' to add new parents to the scene.
There should be a crash at this point.
Note that the sample code deliberately prevents the allocator from reusing
the address pointed to by QGraphicsScenePrivate::tabFocusFirst. The
allocator could happen to reuse that address when allocating a new
QGraphicsWidget, and that would hide the problematic behavior.
Is this a bug, or is there a requirement that the child QGraphicsWidget
objects be removed from the scene before their parent?