Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-65552

Calling QChart::removeAllSeries during animation crashes

    XMLWordPrintable

    Details

    • Commits:
      4f66d1ffeecd95b4bf6666b71536c42dea7450ed

      Description

      Animation has a dangling pointer to deleted series, which can cause a crash.

      To reproduce, run attached example and keep clicking the view fast.

      Valgrind output:

      Invalid read of size 8
        in main in /home/jopoikel//testbarseries/main.cpp:11
        1: data in /home/jopoikel/work/qt/git/qtbase/src/corelib/tools/qscopedpointer.h:140
        2: qGetPtrHelper<QScopedPointer<QtCharts::QAbstractSeriesPrivate> > in /home/jopoikel/work/qt/git/qtbase/src/corelib/global/qglobal.h:999
        3: d_func in /home/jopoikel/work/qt/git/qtcharts/src/charts/barchart/qabstractbarseries.h:107
        4: QtCharts::QAbstractBarSeries::count() const in /home/jopoikel/work/qt/git/qtcharts/src/charts/barchart/qabstractbarseries.cpp:554
        5: QtCharts::AbstractBarChartItem::setLayout(QVector<QRectF> const&) in /home/jopoikel/work/qt/git/qtcharts/src/charts/barchart/abstractbarchartitem.cpp:153
        6: QtCharts::BarAnimation::updateCurrentValue(QVariant const&) in /home/jopoikel/work/qt/git/qtcharts/src/charts/animations/baranimation.cpp:76
        7: QVariantAnimationPrivate::setCurrentValueForProgress(double) in /home/jopoikel/work/qt/git/qtbase/src/corelib/animation/qvariantanimation.cpp:294
        8: QVariantAnimationPrivate::recalculateCurrentInterval(bool) in /home/jopoikel/work/qt/git/qtbase/src/corelib/animation/qvariantanimation.cpp:279
        9: QVariantAnimation::updateCurrentTime(int) in /home/jopoikel/work/qt/git/qtbase/src/corelib/animation/qvariantanimation.cpp:697
        10: QAbstractAnimation::setCurrentTime(int) in /home/jopoikel/work/qt/git/qtbase/src/corelib/animation/qabstractanimation.cpp:1332
        11: QAbstractAnimationPrivate::setState(QAbstractAnimation::State) in /home/jopoikel/work/qt/git/qtbase/src/corelib/animation/qabstractanimation.cpp:1018
        12: QAbstractAnimation::start(QAbstractAnimation::DeletionPolicy) in /home/jopoikel/work/qt/git/qtbase/src/corelib/animation/qabstractanimation.cpp:1367
        13: QtCharts::ChartAnimation::startChartAnimation() in /home/jopoikel/work/qt/git/qtcharts/src/charts/animations/chartanimation.cpp:52
        14: QtCharts::ChartAnimation::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) in /home/jopoikel/work/qt/5.9/qtcharts/src/charts/.moc/moc_chartanimation_p.cpp:72
        15: QMetaCallEvent::placeMetaCall(QObject*) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qobject.cpp:503
        16: QObject::event(QEvent*) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qobject.cpp:1246
        17: QAbstractAnimation::event(QEvent*) in /home/jopoikel/work/qt/git/qtbase/src/corelib/animation/qabstractanimation.cpp:1447
        18: QVariantAnimation::event(QEvent*) in /home/jopoikel/work/qt/git/qtbase/src/corelib/animation/qvariantanimation.cpp:654
        19: QApplicationPrivate::notify_helper(QObject*, QEvent*) in /home/jopoikel/work/qt/git/qtbase/src/widgets/kernel/qapplication.cpp:3722
        20: QApplication::notify(QObject*, QEvent*) in /home/jopoikel/work/qt/git/qtbase/src/widgets/kernel/qapplication.cpp:3094
        21: QCoreApplication::notifyInternal2(QObject*, QEvent*) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qcoreapplication.cpp:1018
        22: sendEvent in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qcoreapplication.h:233
        23: QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qcoreapplication.cpp:1678
        24: QCoreApplication::sendPostedEvents(QObject*, int) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qcoreapplication.cpp:1532
        25: postEventSourceDispatch(_GSource*, int (*)(void*), void*) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:276
        26: g_main_context_dispatch in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.2
        27: /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.2
        28: g_main_context_iteration in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.2
        29: QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:423
        30: QPAEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) in /home/jopoikel/work/qt/git/qtbase/src/platformsupport/eventdispatchers/qeventdispatcher_glib.cpp:122
        31: QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qeventloop.cpp:134
        32: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qeventloop.cpp:212
        33: QCoreApplication::exec() in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qcoreapplication.cpp:1291
        34: QGuiApplication::exec() in /home/jopoikel/work/qt/git/qtbase/src/gui/kernel/qguiapplication.cpp:1679
        35: QApplication::exec() in /home/jopoikel/work/qt/git/qtbase/src/widgets/kernel/qapplication.cpp:2910
        36: main in /home/jopoikel//testbarseries/main.cpp:11
      Address 0xe19a220 is 16 bytes inside a block of size 48 free'd  1: operator delete(void*) in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so
        2: QtCharts::DeclarativeBarSeries::~DeclarativeBarSeries() in /home/jopoikel/work/qt/git/qtcharts/src/chartsqml2/declarativebarseries.h:86
        3: QtCharts::QChart::removeAllSeries() in /home/jopoikel/work/qt/git/qtcharts/src/charts/qchart.cpp:303
        4: removeAllSeries in /home/jopoikel/work/qt/git/qtcharts/src/chartsqml2/declarativechart.h:180
        5: QtCharts::DeclarativeChart::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) in /home/jopoikel/work/qt/5.9/qtcharts/src/chartsqml2/.moc/moc_declarativechart.cpp:546
        6: QtCharts::DeclarativeChart::qt_metacall(QMetaObject::Call, int, void**) in /home/jopoikel/work/qt/5.9/qtcharts/src/chartsqml2/.moc/moc_declarativechart.cpp:921
        7: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qmetaobject.cpp:301
        8: QQmlObjectOrGadget::metacall(QMetaObject::Call, int, void**) const in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/qml/qqmlpropertycache.cpp:1713
        9: CallMethod(QQmlObjectOrGadget const&, int, int, int, int*, QV4::ExecutionEngine*, QV4::CallData*, QMetaObject::Call) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:1104
        10: CallPrecise(QQmlObjectOrGadget const&, QQmlPropertyData const&, QV4::ExecutionEngine*, QV4::CallData*, QMetaObject::Call) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:1352
        11: QV4::QObjectMethod::callInternal(QV4::CallData*, QV4::Scope&) const in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:1842
        12: QV4::QObjectMethod::call(QV4::Managed const*, QV4::Scope&, QV4::CallData*) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:1771
        13: call in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/jsruntime/qv4object_p.h:372
        14: QV4::Runtime::method_callProperty(QV4::ExecutionEngine*, int, QV4::CallData*) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/jsruntime/qv4runtime.cpp:1104
        15: /home/jopoikel/.cache/testlineseries/qmlcache/2fa2a6c8c2df56a7932cf8b7368b907b95cf99c7.qmlc
        16: QV4::ExecutionContext::simpleCall(QV4::Scope&, QV4::CallData*, QV4::Function*) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/jsruntime/qv4context.cpp:347
        17: QQmlJavaScriptExpression::evaluate(QV4::CallData*, bool*, QV4::Scope&) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/qml/qqmljavascriptexpression.cpp:223
        18: QQmlBoundSignalExpression::evaluate(void**) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/qml/qqmlboundsignal.cpp:223
        19: QQmlBoundSignal_callback(QQmlNotifierEndpoint*, void**) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/qml/qqmlboundsignal.cpp:355
        20: QQmlNotifier::emitNotify(QQmlNotifierEndpoint*, void**) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/qml/qqmlnotifier.cpp:106
        21: QQmlData::signalEmitted(QAbstractDeclarativeData*, QObject*, int, void**) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/qml/qqmlengine.cpp:843
        22: QMetaObject::activate(QObject*, int, int, void**) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qobject.cpp:3644
        23: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qobject.cpp:3628
        24: QQuickMouseArea::clicked(QQuickMouseEvent*) in /home/jopoikel/work/qt/5.9/qtdeclarative/src/quick/.moc/moc_qquickmousearea_p.cpp:662
        25: QQuickMouseArea::setPressed(Qt::MouseButton, bool, Qt::MouseEventSource) in /home/jopoikel/work/qt/git/qtdeclarative/src/quick/items/qquickmousearea.cpp:1240
        26: QQuickMouseArea::mouseReleaseEvent(QMouseEvent*) in /home/jopoikel/work/qt/git/qtdeclarative/src/quick/items/qquickmousearea.cpp:804
        27: QQuickItem::event(QEvent*) in /home/jopoikel/work/qt/git/qtdeclarative/src/quick/items/qquickitem.cpp:7756
        28: QApplicationPrivate::notify_helper(QObject*, QEvent*) in /home/jopoikel/work/qt/git/qtbase/src/widgets/kernel/qapplication.cpp:3722
        29: QApplication::notify(QObject*, QEvent*) in /home/jopoikel/work/qt/git/qtbase/src/widgets/kernel/qapplication.cpp:3094
        30: QCoreApplication::notifyInternal2(QObject*, QEvent*) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qcoreapplication.cpp:1018
        31: sendEvent in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qcoreapplication.h:233
        32: QQuickWindow::sendEvent(QQuickItem*, QEvent*) in /home/jopoikel/work/qt/git/qtdeclarative/src/quick/items/qquickwindow.cpp:2850
        33: QQuickWindowPrivate::deliverMouseEvent(QQuickPointerMouseEvent*) in /home/jopoikel/work/qt/git/qtdeclarative/src/quick/items/qquickwindow.cpp:1673
        34: QQuickWindowPrivate::deliverPointerEvent(QQuickPointerEvent*) in /home/jopoikel/work/qt/git/qtdeclarative/src/quick/items/qquickwindow.cpp:2193
        35: QQuickWindowPrivate::handleMouseEvent(QMouseEvent*) in /home/jopoikel/work/qt/git/qtdeclarative/src/quick/items/qquickwindow.cpp:2053
        36: QQuickWindow::mouseReleaseEvent(QMouseEvent*) in /home/jopoikel/work/qt/git/qtdeclarative/src/quick/items/qquickwindow.cpp:2031
        37: QWindow::event(QEvent*) in /home/jopoikel/work/qt/git/qtbase/src/gui/kernel/qwindow.cpp:2179
        38: QQuickWindow::event(QEvent*) in /home/jopoikel/work/qt/git/qtdeclarative/src/quick/items/qquickwindow.cpp:1610
        39: QApplicationPrivate::notify_helper(QObject*, QEvent*) in /home/jopoikel/work/qt/git/qtbase/src/widgets/kernel/qapplication.cpp:3722
        40: QApplication::notify(QObject*, QEvent*) in /home/jopoikel/work/qt/git/qtbase/src/widgets/kernel/qapplication.cpp:3094
        41: QCoreApplication::notifyInternal2(QObject*, QEvent*) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qcoreapplication.cpp:1018
        42: sendSpontaneousEvent in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qcoreapplication.h:236
        43: QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*) in /home/jopoikel/work/qt/git/qtbase/src/gui/kernel/qguiapplication.cpp:1949
        44: QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) in /home/jopoikel/work/qt/git/qtbase/src/gui/kernel/qguiapplication.cpp:1733
      Block was alloc'd at  1: operator new(unsigned long) in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so
        2: QtCharts::DeclarativeChart::createSeries(int, QString, QtCharts::QAbstractAxis*, QtCharts::QAbstractAxis*) in /home/jopoikel/work/qt/git/qtcharts/src/chartsqml2/declarativechart.cpp:1268
        3: QtCharts::DeclarativeChart::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) in /home/jopoikel/work/qt/5.9/qtcharts/src/chartsqml2/.moc/moc_declarativechart.cpp:537
        4: QtCharts::DeclarativeChart::qt_metacall(QMetaObject::Call, int, void**) in /home/jopoikel/work/qt/5.9/qtcharts/src/chartsqml2/.moc/moc_declarativechart.cpp:921
        5: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qmetaobject.cpp:301
        6: QQmlObjectOrGadget::metacall(QMetaObject::Call, int, void**) const in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/qml/qqmlpropertycache.cpp:1713
        7: CallMethod(QQmlObjectOrGadget const&, int, int, int, int*, QV4::ExecutionEngine*, QV4::CallData*, QMetaObject::Call) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:1086
        8: CallPrecise(QQmlObjectOrGadget const&, QQmlPropertyData const&, QV4::ExecutionEngine*, QV4::CallData*, QMetaObject::Call) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:1348
        9: CallOverloaded(QQmlObjectOrGadget const&, QQmlPropertyData const&, QV4::ExecutionEngine*, QV4::CallData*, QQmlPropertyCache const*, QMetaObject::Call) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:1422
        10: QV4::QObjectMethod::callInternal(QV4::CallData*, QV4::Scope&) const in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:1844
        11: QV4::QObjectMethod::call(QV4::Managed const*, QV4::Scope&, QV4::CallData*) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:1771
        12: call in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/jsruntime/qv4object_p.h:372
        13: QV4::Runtime::method_callProperty(QV4::ExecutionEngine*, int, QV4::CallData*) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/jsruntime/qv4runtime.cpp:1104
        14: /home/jopoikel/.cache/testlineseries/qmlcache/2fa2a6c8c2df56a7932cf8b7368b907b95cf99c7.qmlc
        15: QV4::ExecutionContext::simpleCall(QV4::Scope&, QV4::CallData*, QV4::Function*) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/jsruntime/qv4context.cpp:347
        16: QQmlJavaScriptExpression::evaluate(QV4::CallData*, bool*, QV4::Scope&) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/qml/qqmljavascriptexpression.cpp:223
        17: QQmlBoundSignalExpression::evaluate(void**) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/qml/qqmlboundsignal.cpp:223
        18: QQmlBoundSignal_callback(QQmlNotifierEndpoint*, void**) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/qml/qqmlboundsignal.cpp:355
        19: QQmlNotifier::emitNotify(QQmlNotifierEndpoint*, void**) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/qml/qqmlnotifier.cpp:106
        20: QQmlData::signalEmitted(QAbstractDeclarativeData*, QObject*, int, void**) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/qml/qqmlengine.cpp:843
        21: QMetaObject::activate(QObject*, int, int, void**) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qobject.cpp:3644
        22: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qobject.cpp:3628
        23: QQmlTimer::triggered() in /home/jopoikel/work/qt/5.9/qtdeclarative/src/qml/.moc/moc_qqmltimer_p.cpp:261
        24: QQmlTimer::event(QEvent*) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/types/qqmltimer.cpp:340
        25: QApplicationPrivate::notify_helper(QObject*, QEvent*) in /home/jopoikel/work/qt/git/qtbase/src/widgets/kernel/qapplication.cpp:3722
        26: QApplication::notify(QObject*, QEvent*) in /home/jopoikel/work/qt/git/qtbase/src/widgets/kernel/qapplication.cpp:3094
        27: QCoreApplication::notifyInternal2(QObject*, QEvent*) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qcoreapplication.cpp:1018
        28: sendEvent in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qcoreapplication.h:233
        29: QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qcoreapplication.cpp:1678
        30: QCoreApplication::sendPostedEvents(QObject*, int) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qcoreapplication.cpp:1532
        31: postEventSourceDispatch(_GSource*, int (*)(void*), void*) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:276
        32: g_main_context_dispatch in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.2
        33: /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.2
        34: g_main_context_iteration in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.2
        35: QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:423
        36: QPAEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) in /home/jopoikel/work/qt/git/qtbase/src/platformsupport/eventdispatchers/qeventdispatcher_glib.cpp:122
        37: QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qeventloop.cpp:134
        38: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qeventloop.cpp:212
        39: QCoreApplication::exec() in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qcoreapplication.cpp:1291
        40: QGuiApplication::exec() in /home/jopoikel/work/qt/git/qtbase/src/gui/kernel/qguiapplication.cpp:1679
        41: QApplication::exec() in /home/jopoikel/work/qt/git/qtbase/src/widgets/kernel/qapplication.cpp:2910
        42: main in /home/jopoikel//testbarseries/main.cpp:11
      

        Attachments

        For Gerrit Dashboard: QTBUG-65552
        # Subject Branch Project Status CR V

          Activity

            People

            • Assignee:
              mkalinow Maurice Kalinowski
              Reporter:
              poikelin Joni Poikelin
            • Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Gerrit Reviews

                There are no open Gerrit changes