Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-65552

Calling QChart::removeAllSeries during animation crashes

    XMLWordPrintable

Details

    • 4f66d1ffeecd95b4bf6666b71536c42dea7450ed

    Description

      Animation has a dangling pointer to deleted series, which can cause a crash.

      To reproduce, run attached example and keep clicking the view fast.

      Valgrind output:

      Invalid read of size 8
  in main in /home/jopoikel//testbarseries/main.cpp:11
  1: data in /home/jopoikel/work/qt/git/qtbase/src/corelib/tools/qscopedpointer.h:140
  2: qGetPtrHelper<QScopedPointer<QtCharts::QAbstractSeriesPrivate> > in /home/jopoikel/work/qt/git/qtbase/src/corelib/global/qglobal.h:999
  3: d_func in /home/jopoikel/work/qt/git/qtcharts/src/charts/barchart/qabstractbarseries.h:107
  4: QtCharts::QAbstractBarSeries::count() const in /home/jopoikel/work/qt/git/qtcharts/src/charts/barchart/qabstractbarseries.cpp:554
  5: QtCharts::AbstractBarChartItem::setLayout(QVector<QRectF> const&) in /home/jopoikel/work/qt/git/qtcharts/src/charts/barchart/abstractbarchartitem.cpp:153
  6: QtCharts::BarAnimation::updateCurrentValue(QVariant const&) in /home/jopoikel/work/qt/git/qtcharts/src/charts/animations/baranimation.cpp:76
  7: QVariantAnimationPrivate::setCurrentValueForProgress(double) in /home/jopoikel/work/qt/git/qtbase/src/corelib/animation/qvariantanimation.cpp:294
  8: QVariantAnimationPrivate::recalculateCurrentInterval(bool) in /home/jopoikel/work/qt/git/qtbase/src/corelib/animation/qvariantanimation.cpp:279
  9: QVariantAnimation::updateCurrentTime(int) in /home/jopoikel/work/qt/git/qtbase/src/corelib/animation/qvariantanimation.cpp:697
  10: QAbstractAnimation::setCurrentTime(int) in /home/jopoikel/work/qt/git/qtbase/src/corelib/animation/qabstractanimation.cpp:1332
  11: QAbstractAnimationPrivate::setState(QAbstractAnimation::State) in /home/jopoikel/work/qt/git/qtbase/src/corelib/animation/qabstractanimation.cpp:1018
  12: QAbstractAnimation::start(QAbstractAnimation::DeletionPolicy) in /home/jopoikel/work/qt/git/qtbase/src/corelib/animation/qabstractanimation.cpp:1367
  13: QtCharts::ChartAnimation::startChartAnimation() in /home/jopoikel/work/qt/git/qtcharts/src/charts/animations/chartanimation.cpp:52
  14: QtCharts::ChartAnimation::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) in /home/jopoikel/work/qt/5.9/qtcharts/src/charts/.moc/moc_chartanimation_p.cpp:72
  15: QMetaCallEvent::placeMetaCall(QObject*) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qobject.cpp:503
  16: QObject::event(QEvent*) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qobject.cpp:1246
  17: QAbstractAnimation::event(QEvent*) in /home/jopoikel/work/qt/git/qtbase/src/corelib/animation/qabstractanimation.cpp:1447
  18: QVariantAnimation::event(QEvent*) in /home/jopoikel/work/qt/git/qtbase/src/corelib/animation/qvariantanimation.cpp:654
  19: QApplicationPrivate::notify_helper(QObject*, QEvent*) in /home/jopoikel/work/qt/git/qtbase/src/widgets/kernel/qapplication.cpp:3722
  20: QApplication::notify(QObject*, QEvent*) in /home/jopoikel/work/qt/git/qtbase/src/widgets/kernel/qapplication.cpp:3094
  21: QCoreApplication::notifyInternal2(QObject*, QEvent*) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qcoreapplication.cpp:1018
  22: sendEvent in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qcoreapplication.h:233
  23: QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qcoreapplication.cpp:1678
  24: QCoreApplication::sendPostedEvents(QObject*, int) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qcoreapplication.cpp:1532
  25: postEventSourceDispatch(_GSource*, int (*)(void*), void*) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:276
  26: g_main_context_dispatch in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.2
  27: /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.2
  28: g_main_context_iteration in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.2
  29: QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:423
  30: QPAEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) in /home/jopoikel/work/qt/git/qtbase/src/platformsupport/eventdispatchers/qeventdispatcher_glib.cpp:122
  31: QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qeventloop.cpp:134
  32: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qeventloop.cpp:212
  33: QCoreApplication::exec() in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qcoreapplication.cpp:1291
  34: QGuiApplication::exec() in /home/jopoikel/work/qt/git/qtbase/src/gui/kernel/qguiapplication.cpp:1679
  35: QApplication::exec() in /home/jopoikel/work/qt/git/qtbase/src/widgets/kernel/qapplication.cpp:2910
  36: main in /home/jopoikel//testbarseries/main.cpp:11
Address 0xe19a220 is 16 bytes inside a block of size 48 free'd  1: operator delete(void*) in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so
  2: QtCharts::DeclarativeBarSeries::~DeclarativeBarSeries() in /home/jopoikel/work/qt/git/qtcharts/src/chartsqml2/declarativebarseries.h:86
  3: QtCharts::QChart::removeAllSeries() in /home/jopoikel/work/qt/git/qtcharts/src/charts/qchart.cpp:303
  4: removeAllSeries in /home/jopoikel/work/qt/git/qtcharts/src/chartsqml2/declarativechart.h:180
  5: QtCharts::DeclarativeChart::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) in /home/jopoikel/work/qt/5.9/qtcharts/src/chartsqml2/.moc/moc_declarativechart.cpp:546
  6: QtCharts::DeclarativeChart::qt_metacall(QMetaObject::Call, int, void**) in /home/jopoikel/work/qt/5.9/qtcharts/src/chartsqml2/.moc/moc_declarativechart.cpp:921
  7: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qmetaobject.cpp:301
  8: QQmlObjectOrGadget::metacall(QMetaObject::Call, int, void**) const in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/qml/qqmlpropertycache.cpp:1713
  9: CallMethod(QQmlObjectOrGadget const&, int, int, int, int*, QV4::ExecutionEngine*, QV4::CallData*, QMetaObject::Call) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:1104
  10: CallPrecise(QQmlObjectOrGadget const&, QQmlPropertyData const&, QV4::ExecutionEngine*, QV4::CallData*, QMetaObject::Call) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:1352
  11: QV4::QObjectMethod::callInternal(QV4::CallData*, QV4::Scope&) const in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:1842
  12: QV4::QObjectMethod::call(QV4::Managed const*, QV4::Scope&, QV4::CallData*) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:1771
  13: call in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/jsruntime/qv4object_p.h:372
  14: QV4::Runtime::method_callProperty(QV4::ExecutionEngine*, int, QV4::CallData*) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/jsruntime/qv4runtime.cpp:1104
  15: /home/jopoikel/.cache/testlineseries/qmlcache/2fa2a6c8c2df56a7932cf8b7368b907b95cf99c7.qmlc
  16: QV4::ExecutionContext::simpleCall(QV4::Scope&, QV4::CallData*, QV4::Function*) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/jsruntime/qv4context.cpp:347
  17: QQmlJavaScriptExpression::evaluate(QV4::CallData*, bool*, QV4::Scope&) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/qml/qqmljavascriptexpression.cpp:223
  18: QQmlBoundSignalExpression::evaluate(void**) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/qml/qqmlboundsignal.cpp:223
  19: QQmlBoundSignal_callback(QQmlNotifierEndpoint*, void**) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/qml/qqmlboundsignal.cpp:355
  20: QQmlNotifier::emitNotify(QQmlNotifierEndpoint*, void**) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/qml/qqmlnotifier.cpp:106
  21: QQmlData::signalEmitted(QAbstractDeclarativeData*, QObject*, int, void**) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/qml/qqmlengine.cpp:843
  22: QMetaObject::activate(QObject*, int, int, void**) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qobject.cpp:3644
  23: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qobject.cpp:3628
  24: QQuickMouseArea::clicked(QQuickMouseEvent*) in /home/jopoikel/work/qt/5.9/qtdeclarative/src/quick/.moc/moc_qquickmousearea_p.cpp:662
  25: QQuickMouseArea::setPressed(Qt::MouseButton, bool, Qt::MouseEventSource) in /home/jopoikel/work/qt/git/qtdeclarative/src/quick/items/qquickmousearea.cpp:1240
  26: QQuickMouseArea::mouseReleaseEvent(QMouseEvent*) in /home/jopoikel/work/qt/git/qtdeclarative/src/quick/items/qquickmousearea.cpp:804
  27: QQuickItem::event(QEvent*) in /home/jopoikel/work/qt/git/qtdeclarative/src/quick/items/qquickitem.cpp:7756
  28: QApplicationPrivate::notify_helper(QObject*, QEvent*) in /home/jopoikel/work/qt/git/qtbase/src/widgets/kernel/qapplication.cpp:3722
  29: QApplication::notify(QObject*, QEvent*) in /home/jopoikel/work/qt/git/qtbase/src/widgets/kernel/qapplication.cpp:3094
  30: QCoreApplication::notifyInternal2(QObject*, QEvent*) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qcoreapplication.cpp:1018
  31: sendEvent in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qcoreapplication.h:233
  32: QQuickWindow::sendEvent(QQuickItem*, QEvent*) in /home/jopoikel/work/qt/git/qtdeclarative/src/quick/items/qquickwindow.cpp:2850
  33: QQuickWindowPrivate::deliverMouseEvent(QQuickPointerMouseEvent*) in /home/jopoikel/work/qt/git/qtdeclarative/src/quick/items/qquickwindow.cpp:1673
  34: QQuickWindowPrivate::deliverPointerEvent(QQuickPointerEvent*) in /home/jopoikel/work/qt/git/qtdeclarative/src/quick/items/qquickwindow.cpp:2193
  35: QQuickWindowPrivate::handleMouseEvent(QMouseEvent*) in /home/jopoikel/work/qt/git/qtdeclarative/src/quick/items/qquickwindow.cpp:2053
  36: QQuickWindow::mouseReleaseEvent(QMouseEvent*) in /home/jopoikel/work/qt/git/qtdeclarative/src/quick/items/qquickwindow.cpp:2031
  37: QWindow::event(QEvent*) in /home/jopoikel/work/qt/git/qtbase/src/gui/kernel/qwindow.cpp:2179
  38: QQuickWindow::event(QEvent*) in /home/jopoikel/work/qt/git/qtdeclarative/src/quick/items/qquickwindow.cpp:1610
  39: QApplicationPrivate::notify_helper(QObject*, QEvent*) in /home/jopoikel/work/qt/git/qtbase/src/widgets/kernel/qapplication.cpp:3722
  40: QApplication::notify(QObject*, QEvent*) in /home/jopoikel/work/qt/git/qtbase/src/widgets/kernel/qapplication.cpp:3094
  41: QCoreApplication::notifyInternal2(QObject*, QEvent*) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qcoreapplication.cpp:1018
  42: sendSpontaneousEvent in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qcoreapplication.h:236
  43: QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*) in /home/jopoikel/work/qt/git/qtbase/src/gui/kernel/qguiapplication.cpp:1949
  44: QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) in /home/jopoikel/work/qt/git/qtbase/src/gui/kernel/qguiapplication.cpp:1733
Block was alloc'd at  1: operator new(unsigned long) in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so
  2: QtCharts::DeclarativeChart::createSeries(int, QString, QtCharts::QAbstractAxis*, QtCharts::QAbstractAxis*) in /home/jopoikel/work/qt/git/qtcharts/src/chartsqml2/declarativechart.cpp:1268
  3: QtCharts::DeclarativeChart::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) in /home/jopoikel/work/qt/5.9/qtcharts/src/chartsqml2/.moc/moc_declarativechart.cpp:537
  4: QtCharts::DeclarativeChart::qt_metacall(QMetaObject::Call, int, void**) in /home/jopoikel/work/qt/5.9/qtcharts/src/chartsqml2/.moc/moc_declarativechart.cpp:921
  5: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qmetaobject.cpp:301
  6: QQmlObjectOrGadget::metacall(QMetaObject::Call, int, void**) const in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/qml/qqmlpropertycache.cpp:1713
  7: CallMethod(QQmlObjectOrGadget const&, int, int, int, int*, QV4::ExecutionEngine*, QV4::CallData*, QMetaObject::Call) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:1086
  8: CallPrecise(QQmlObjectOrGadget const&, QQmlPropertyData const&, QV4::ExecutionEngine*, QV4::CallData*, QMetaObject::Call) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:1348
  9: CallOverloaded(QQmlObjectOrGadget const&, QQmlPropertyData const&, QV4::ExecutionEngine*, QV4::CallData*, QQmlPropertyCache const*, QMetaObject::Call) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:1422
  10: QV4::QObjectMethod::callInternal(QV4::CallData*, QV4::Scope&) const in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:1844
  11: QV4::QObjectMethod::call(QV4::Managed const*, QV4::Scope&, QV4::CallData*) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:1771
  12: call in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/jsruntime/qv4object_p.h:372
  13: QV4::Runtime::method_callProperty(QV4::ExecutionEngine*, int, QV4::CallData*) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/jsruntime/qv4runtime.cpp:1104
  14: /home/jopoikel/.cache/testlineseries/qmlcache/2fa2a6c8c2df56a7932cf8b7368b907b95cf99c7.qmlc
  15: QV4::ExecutionContext::simpleCall(QV4::Scope&, QV4::CallData*, QV4::Function*) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/jsruntime/qv4context.cpp:347
  16: QQmlJavaScriptExpression::evaluate(QV4::CallData*, bool*, QV4::Scope&) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/qml/qqmljavascriptexpression.cpp:223
  17: QQmlBoundSignalExpression::evaluate(void**) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/qml/qqmlboundsignal.cpp:223
  18: QQmlBoundSignal_callback(QQmlNotifierEndpoint*, void**) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/qml/qqmlboundsignal.cpp:355
  19: QQmlNotifier::emitNotify(QQmlNotifierEndpoint*, void**) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/qml/qqmlnotifier.cpp:106
  20: QQmlData::signalEmitted(QAbstractDeclarativeData*, QObject*, int, void**) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/qml/qqmlengine.cpp:843
  21: QMetaObject::activate(QObject*, int, int, void**) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qobject.cpp:3644
  22: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qobject.cpp:3628
  23: QQmlTimer::triggered() in /home/jopoikel/work/qt/5.9/qtdeclarative/src/qml/.moc/moc_qqmltimer_p.cpp:261
  24: QQmlTimer::event(QEvent*) in /home/jopoikel/work/qt/git/qtdeclarative/src/qml/types/qqmltimer.cpp:340
  25: QApplicationPrivate::notify_helper(QObject*, QEvent*) in /home/jopoikel/work/qt/git/qtbase/src/widgets/kernel/qapplication.cpp:3722
  26: QApplication::notify(QObject*, QEvent*) in /home/jopoikel/work/qt/git/qtbase/src/widgets/kernel/qapplication.cpp:3094
  27: QCoreApplication::notifyInternal2(QObject*, QEvent*) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qcoreapplication.cpp:1018
  28: sendEvent in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qcoreapplication.h:233
  29: QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qcoreapplication.cpp:1678
  30: QCoreApplication::sendPostedEvents(QObject*, int) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qcoreapplication.cpp:1532
  31: postEventSourceDispatch(_GSource*, int (*)(void*), void*) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:276
  32: g_main_context_dispatch in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.2
  33: /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.2
  34: g_main_context_iteration in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.2
  35: QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:423
  36: QPAEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) in /home/jopoikel/work/qt/git/qtbase/src/platformsupport/eventdispatchers/qeventdispatcher_glib.cpp:122
  37: QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qeventloop.cpp:134
  38: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qeventloop.cpp:212
  39: QCoreApplication::exec() in /home/jopoikel/work/qt/git/qtbase/src/corelib/kernel/qcoreapplication.cpp:1291
  40: QGuiApplication::exec() in /home/jopoikel/work/qt/git/qtbase/src/gui/kernel/qguiapplication.cpp:1679
  41: QApplication::exec() in /home/jopoikel/work/qt/git/qtbase/src/widgets/kernel/qapplication.cpp:2910
  42: main in /home/jopoikel//testbarseries/main.cpp:11

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            mkalinow Maurice Kalinowski
            poikelin Joni Poikelin
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes