Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-66093

Crash in QMenuSloppyState::setSubMenuPopup

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P1: Critical
    • Resolution: Done
    • Affects Version/s: 5.10
    • Fix Version/s: 5.10.1
    • Labels:
      None
    • Environment:
      macOS High Sierra, 10.13.2

      Description

      See stack trace below, full stackstrace is attached.

      Attached is an example project to reproduce. Unfortunately we haven't found a way to reproduce it reliably.

      Steps that help to trigger the crash:

      • Build project in debug mode and run it
      • Trigger the context menu on the window
      • Move the cursor like crazy over the main context menu and sub context menus, so that submenus pop ups and vanish and popup until the crash occurs.
      • This pattern seems to trigger the crash more often (vary the speed):
        1. Right-click to invoke the context menu but do not release the mouse press
        2. Hover over "Submenu" and further to the right to the poping-up submenu "SubSubmenu"
        3. Finish by moving the mouse up to the parent widget (mainwindow) and release the mouse press

      What the project does:

      • See MainWindow::contextMenuEvent - it just creates a menu with some entries and submenus

      Move observations:

      • Triggering the crash seems more likely when running in the debugger
      • It certainly crashes for Qt 5.10. I could not reproduce myself on 5.9 (but Qt Creator reports indicate that 5.9 is also affected).
      Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
      0   org.qt-project.QtWidgets      	0x0000000100253376 QMenuSloppyState::setSubMenuPopup(QRect const&, QAction*, QMenu*) + 166
      1   org.qt-project.QtWidgets      	0x000000010025280e QMenu::internalDelayedPopup() + 1086
      2   org.qt-project.QtCore         	0x0000000100e7a1d6 QObject::event(QEvent*) + 102
      3   org.qt-project.QtWidgets      	0x0000000100109d07 QWidget::event(QEvent*) + 5063
      4   org.qt-project.QtWidgets      	0x000000010025aa12 QMenu::event(QEvent*) + 1106
      5   org.qt-project.QtWidgets      	0x00000001000cec62 QApplicationPrivate::notify_helper(QObject*, QEvent*) + 306
      6   org.qt-project.QtWidgets      	0x00000001000cff7f QApplication::notify(QObject*, QEvent*) + 383
      7   org.qt-project.QtCore         	0x0000000100e5104f QCoreApplication::notifyInternal2(QObject*, QEvent*) + 159
      8   org.qt-project.QtCore         	0x0000000100ea7f2a QTimerInfoList::activateTimers() + 890
      9   libqcocoa.dylib               	0x00000001059af882 QCocoaEventDispatcherPrivate::activateTimersSourceCallback(void*) + 18
      10  com.apple.CoreFoundation      	0x00007fff37956711 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
      11  com.apple.CoreFoundation      	0x00007fff37a0e39c __CFRunLoopDoSource0 + 108
      12  com.apple.CoreFoundation      	0x00007fff3793975c __CFRunLoopDoSources0 + 300
      13  com.apple.CoreFoundation      	0x00007fff37938b7d __CFRunLoopRun + 1293
      14  com.apple.CoreFoundation      	0x00007fff379383d7 CFRunLoopRunSpecific + 487
      15  com.apple.HIToolbox           	0x00007fff36c45e26 RunCurrentEventLoopInMode + 286
      16  com.apple.HIToolbox           	0x00007fff36c45a9f ReceiveNextEventCommon + 366
      17  com.apple.HIToolbox           	0x00007fff36c45914 _BlockUntilNextEventMatchingListInModeWithFilter + 64
      18  com.apple.AppKit              	0x00007fff34f10f5f _DPSNextEvent + 2085
      19  com.apple.AppKit              	0x00007fff356a6b4c -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 3044
      20  com.apple.AppKit              	0x00007fff34f05d6d -[NSApplication run] + 764
      21  libqcocoa.dylib               	0x00000001059b055d QCocoaEventDispatcher::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) + 2397
      22  org.qt-project.QtCore         	0x0000000100e4cb42 QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) + 418
      23  org.qt-project.QtWidgets      	0x0000000100258bcb QMenu::exec(QPoint const&, QAction*) + 107
      24  sdjklf.dynamicContextMenu     	0x000000010000440f MainWindow::contextMenuEvent(QContextMenuEvent*) + 1311 (mainwindow.cpp:80)
      25  org.qt-project.QtWidgets      	0x000000010010906c QWidget::event(QEvent*) + 1836
      26  org.qt-project.QtWidgets      	0x00000001002272e5 QMainWindow::event(QEvent*) + 277
      27  org.qt-project.QtWidgets      	0x00000001000cec62 QApplicationPrivate::notify_helper(QObject*, QEvent*) + 306
      28  org.qt-project.QtWidgets      	0x00000001000d0f8c QApplication::notify(QObject*, QEvent*) + 4492
      29  org.qt-project.QtCore         	0x0000000100e5104f QCoreApplication::notifyInternal2(QObject*, QEvent*) + 159
      30  org.qt-project.QtWidgets      	0x00000001001292c9 QWidgetWindow::handleMouseEvent(QMouseEvent*) + 3497
      31  org.qt-project.QtWidgets      	0x00000001001278e0 QWidgetWindow::event(QEvent*) + 224
      32  org.qt-project.QtWidgets      	0x00000001000cec62 QApplicationPrivate::notify_helper(QObject*, QEvent*) + 306
      33  org.qt-project.QtWidgets      	0x00000001000cff7f QApplication::notify(QObject*, QEvent*) + 383
      34  org.qt-project.QtCore         	0x0000000100e5104f QCoreApplication::notifyInternal2(QObject*, QEvent*) + 159
      35  org.qt-project.QtCore         	0x0000000100e52222 QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) + 850
      36  libqcocoa.dylib               	0x00000001059b0eae QCocoaEventDispatcherPrivate::processPostedEvents() + 190
      37  libqcocoa.dylib               	0x00000001059b1761 QCocoaEventDispatcherPrivate::postedEventsSourceCallback(void*) + 33
      38  com.apple.CoreFoundation      	0x00007fff37956711 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
      39  com.apple.CoreFoundation      	0x00007fff37a0e39c __CFRunLoopDoSource0 + 108
      40  com.apple.CoreFoundation      	0x00007fff37939700 __CFRunLoopDoSources0 + 208
      41  com.apple.CoreFoundation      	0x00007fff37938b7d __CFRunLoopRun + 1293
      42  com.apple.CoreFoundation      	0x00007fff379383d7 CFRunLoopRunSpecific + 487
      43  com.apple.HIToolbox           	0x00007fff36c45e26 RunCurrentEventLoopInMode + 286
      44  com.apple.HIToolbox           	0x00007fff36c45b96 ReceiveNextEventCommon + 613
      45  com.apple.HIToolbox           	0x00007fff36c45914 _BlockUntilNextEventMatchingListInModeWithFilter + 64
      46  com.apple.AppKit              	0x00007fff34f10f5f _DPSNextEvent + 2085
      47  com.apple.AppKit              	0x00007fff356a6b4c -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 3044
      48  com.apple.AppKit              	0x00007fff34f05d6d -[NSApplication run] + 764
      49  libqcocoa.dylib               	0x00000001059b055d QCocoaEventDispatcher::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) + 2397
      50  org.qt-project.QtCore         	0x0000000100e4cb42 QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) + 418
      51  org.qt-project.QtCore         	0x0000000100e51762 QCoreApplication::exec() + 402
      52  sdjklf.dynamicContextMenu     	0x000000010000381b main + 91 (main.cpp:10)
      53  libdyld.dylib                 	0x00007fff5f2dc115 start + 1
      
      

        Attachments

        1. asan.txt
          17 kB
        2. dynamicContextMenu-02.tar.gz
          1 kB
        3. stacktrace.txt
          64 kB

          Issue Links

          For Gerrit Dashboard: QTBUG-66093
          # Subject Branch Project Status CR V

            Activity

              People

              Assignee:
              richard Richard Moe Gustavsen
              Reporter:
              kosjar Nikolai Kosjar
              Votes:
              1 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Gerrit Reviews

                  There are no open Gerrit changes