Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-67118

QQuickStackView::initialItem gets deleted, leaving a dangling pointer

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P2: Important
    • Resolution: Done
    • Affects Version/s: 5.9.4, 5.10.1
    • Fix Version/s: 5.11.0 Beta 3
    • Component/s: Quick: Controls 2
    • Labels:
      None
    • Environment:
      macOS 10.13.3

      Qt Creator 4.5.1

      Qt 5.10.1 Commercial

      Description

      See the attached zip for a reliable way to reproduce this.

      I will regularly get a crash while debugging my qml client application and it seems associated with hitting a breakpoint in QML (Javascript) code.

      The stack looks like this:

       

      1 QQmlData::wasDeleted(QObject const *) qqmldata_p.h 310 0x100925c6c 
      2 QV4::QObjectWrapper::wrap(QV4::ExecutionEngine *, QObject *) qv4qobjectwrapper_p.h 210 0x100925b69 
      3 QV4::ExecutionEngine::fromVariant(QVariant const&) qv4engine.cpp 1381 0x100af7aa7 
      4 loadProperty(QV4::ExecutionEngine *, QObject *, QQmlPropertyData const&) qv4qobjectwrapper.cpp 178 0x100c2f7c2 
      5 QV4::QObjectWrapper::getProperty(QV4::ExecutionEngine *, QObject *, QQmlPropertyData *, bool) qv4qobjectwrapper.cpp 261 0x100c2ec2c 
      6 QV4::QObjectWrapper::advanceIterator(QV4::Managed *, QV4::ObjectIterator *, QV4::Value *, unsigned int *, QV4::Property *, QV4::PropertyAttributes *) qv4qobjectwrapper.cpp 760 0x100c3326a 
      7 QV4::Object::advanceIterator(QV4::ObjectIterator *, QV4::Value *, unsigned int *, QV4::Property *, QV4::PropertyAttributes *) qv4object_p.h 437 0x100b6cdac 
      8 QV4::ObjectIterator::next(QV4::Value *, unsigned int *, QV4::Property *, QV4::PropertyAttributes *) qv4objectiterator.cpp 78 0x100b6cb05 
      9 collectProperty(QV4::ScopedValue const&, QV4::ExecutionEngine *, QJsonObject&) qv4datacollector.cpp 173 0x110058334 
      10 QV4DataCollector::collectAsJson(QString const&, QV4::ScopedValue const&) qv4datacollector.cpp 483 0x11005bbd7 
      11 QV4DataCollector::collectProperties(QV4::Object const *) qv4datacollector.cpp 465 0x110059477 
      12 QV4DataCollector::lookupRef(unsigned int, bool) qv4datacollector.cpp 221 0x110059052 
      13 ExpressionEvalJob::handleResult(QV4::ScopedValue&) qv4debugjob.cpp 252 0x1100604f7 
      14 JavaScriptJob::run() qv4debugjob.cpp 128 0x11005eb7c 
      15 QV4Debugger::pauseAndWait(QV4Debugger::PauseReason) qv4debugger.cpp 285 0x110050475 
      16 QV4Debugger::maybeBreakAtInstruction() qv4debugger.cpp 208 0x110050335 
      17 QV4::Moth::VME::run(QV4::ExecutionEngine *, unsigned const char *) qv4vme_moth.cpp 924 0x100c59022 
      18 QV4::Moth::VME::exec(QV4::ExecutionEngine *, unsigned const char *) qv4vme_moth.cpp 976 0x100c5a236 
      19 QV4::ExecutionContext::call(QV4::Scope&, QV4::CallData *, QV4::Function *, QV4::FunctionObject const *) qv4context.cpp 274 0x100b0af46 
      20 QQmlJavaScriptExpression::evaluate(QV4::CallData *, bool *, QV4::Scope&) qqmljavascriptexpression.cpp 225 0x100d46e14 
      21 QQmlBoundSignalExpression::evaluate(void * *) qqmlboundsignal.cpp 223 0x100cabc4f 
      22 QQmlBoundSignal_callback(QQmlNotifierEndpoint *, void * *) qqmlboundsignal.cpp 355 0x100cac3de 
      23 QQmlNotifier::emitNotify(QQmlNotifierEndpoint *, void * *) qqmlnotifier.cpp 106 0x100d1ee5d 
      24 QQmlData::signalEmitted(QAbstractDeclarativeData *, QObject *, int, void * *) qqmlengine.cpp 856 0x100c7cf23 
      25 QMetaObject::activate(QObject *, int, int, void * *) qobject.cpp 3644 0x1017298be 
      26 QMetaObject::activate(QObject *, QMetaObject const *, int, void * *) qobject.cpp 3629 0x1017297fd 
      27 QQuickAbstractButton::clicked() moc_qquickabstractbutton_p.cpp 496 0x1031f6d95 
      28 QQuickAbstractButtonPrivate::trigger() qquickabstractbutton.cpp 322 0x103150a4e 
      29 QQuickAbstractButtonPrivate::handleRelease(QPointF const&) qquickabstractbutton.cpp 188 0x103150946 
      30 QQuickControl::mouseReleaseEvent(QMouseEvent *) qquickcontrol.cpp 1525 0x10317fe79 
      31 QQuickItem::event(QEvent *) qquickitem.cpp 7897 0x1003697a7 
      32 QQuickAbstractButton::event(QEvent *) qquickabstractbutton.cpp 863 0x103153d2e 
      33 QApplicationPrivate::notify_helper(QObject *, QEvent *) qapplication.cpp 3732 0x10276adbf 
      34 QApplication::notify(QObject *, QEvent *) qapplication.cpp 3104 0x10276ce97 
      35 QCoreApplication::notifyInternal2(QObject *, QEvent *) qcoreapplication.cpp 1050 0x1016d33b5 
      36 QCoreApplication::sendEvent(QObject *, QEvent *) qcoreapplication.h 234 0x10033ca08 
      37 QQuickWindowPrivate::deliverMouseEvent(QQuickPointerMouseEvent *) qquickwindow.cpp 1726 0x10038db91 
      38 QQuickWindowPrivate::deliverPointerEvent(QQuickPointerEvent *) qquickwindow.cpp 2297 0x10038f6fb 
      39 QQuickWindowPrivate::handleMouseEvent(QMouseEvent *) qquickwindow.cpp 2143 0x100390310 
      40 QQuickWindow::mouseReleaseEvent(QMouseEvent *) qquickwindow.cpp 2123 0x10039076a 
      41 QWindow::event(QEvent *) qwindow.cpp 2240 0x101d0028a 
      42 QQuickWindow::event(QEvent *) qquickwindow.cpp 1620 0x10038bf39 
      43 QApplicationPrivate::notify_helper(QObject *, QEvent *) qapplication.cpp 3732 0x10276adbf 
      44 QApplication::notify(QObject *, QEvent *) qapplication.cpp 3104 0x10276ce97 
      45 QCoreApplication::notifyInternal2(QObject *, QEvent *) qcoreapplication.cpp 1050 0x1016d33b5 
      46 QCoreApplication::sendSpontaneousEvent(QObject *, QEvent *) qcoreapplication.h 237 0x101ceec5c 
      47 QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent *) qguiapplication.cpp 1960 0x101cea5fd 
      48 QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent *) qguiapplication.cpp 1741 0x101ce9626 
      49 QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) qwindowsysteminterface.cpp 984 0x101cc6884 
      50 QCocoaEventDispatcherPrivate::processPostedEvents() qcocoaeventdispatcher.mm 898 0x104c49db1 
      51 QCocoaEventDispatcherPrivate::postedEventsSourceCallback(void *) qcocoaeventdispatcher.mm 919 0x104c4ac1f 
      52 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ 0x7fff515e7721 
      53 __CFRunLoopDoSource0 0x7fff516a10ac 
      54 __CFRunLoopDoSources0 0x7fff515ca260 
      55 __CFRunLoopRun 0x7fff515c96dd 
      56 CFRunLoopRunSpecific 0x7fff515c8f43 
      57 RunCurrentEventLoopInMode 0x7fff508e0e26 
      58 ReceiveNextEventCommon 0x7fff508e0a9f 
      59 _BlockUntilNextEventMatchingListInModeWithFilter 0x7fff508e0914 
      60 _DPSNextEvent 0x7fff4ebabf5f 
      61 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] 0x7fff4f341b4c 
      62 -[NSApplication run] 0x7fff4eba0d6d 
      63 QCocoaEventDispatcher::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) qcocoaeventdispatcher.mm 430 0x104c48a50 
      64 QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) qeventloop.cpp 134 0x1016cd584 
      65 QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) qeventloop.cpp 212 0x1016cd79b 
      66 QCoreApplication::exec() qcoreapplication.cpp 1338 0x1016d3cbc 
      67 QGuiApplication::exec() qguiapplication.cpp 1687 0x101ce9366 
      68 QApplication::exec() qapplication.cpp 2917 0x10276c759 
      69 main main.cpp 296 0x1000064fb 
      70 start 0x7fff78ee0115 
      

      It died here:

       

       

      bool QQmlData::wasDeleted(const QObject *object)
      {
          if (!object)
              return true;
      
          const QObjectPrivate *priv = QObjectPrivate::get(object);
      >>> if (!priv || priv->wasDeleted)
              return true;
      
          const QQmlData *ddata = QQmlData::get(object);
          return ddata && ddata->isQueuedForDeletion;
      }
      

      My locals look like:

       

      Attempting to access the memory at priv appears to have caused the crash.

      Frame 2:

      inline ReturnedValue QObjectWrapper::wrap(ExecutionEngine *engine, QObject *object)
      {
      >>> if (Q_UNLIKELY(QQmlData::wasDeleted(object)))
              return QV4::Encode::null();
      
          auto ddata = QQmlData::get(object);
          if (Q_LIKELY(ddata && ddata->jsEngineId == engine->m_engineId && !ddata->jsWrapper.isUndefined())) {
              // We own the JS object
              return ddata->jsWrapper.value();
          }
      
          return wrap_slowPath(engine, object);
      }
      

      Frame 3:

      [...]
                  case QMetaType::QRegExp:
                      return QV4::Encode(newRegExpObject(*reinterpret_cast<const QRegExp *>(ptr)));
                  case QMetaType::QObjectStar:
      >>>             return QV4::QObjectWrapper::wrap(this, *reinterpret_cast<QObject* const *>(ptr));
                  case QMetaType::QStringList:
                      {
                      bool succeeded = false;
                      QV4::Scope scope(this);
                      QV4::ScopedValue retn(scope, QV4::SequencePrototype::fromVariant(this, variant, &succeeded));
                      if (succeeded)
                          return retn->asReturnedValue();
                      return QV4::Encode(newArrayObject(*reinterpret_cast<const QStringList *>(ptr)));
                      }
      
      [...]

      Frame 4:

      [...]
              return QJSValuePrivate::convertedToValue(v4, v);
          } else if (property.isQVariant()) {
              QVariant v;
              property.readProperty(object, &v);
      
              if (QQmlValueTypeFactory::isValueType(v.userType())) {
                  if (const QMetaObject *valueTypeMetaObject = QQmlValueTypeFactory::metaObjectForMetaType(v.userType()))
                      return QV4::QQmlValueTypeWrapper::create(v4, object, property.coreIndex(), valueTypeMetaObject, v.userType()); // VariantReference value-type.
              }
      
      >>>     return scope.engine->fromVariant(v);
          } else if (QQmlValueTypeFactory::isValueType(property.propType())) {
              if (const QMetaObject *valueTypeMetaObject = QQmlValueTypeFactory::metaObjectForMetaType(property.propType()))
      [...]
      

      In this frame, object is a QQuickStackView.

      In Frame 6, the property name appears to be "initialItem".

        Attachments

        1. crash.png
          crash.png
          62 kB
        2. Crash.zip
          5 kB
        3. qtbug67118.zip
          1 kB
        4. stack.tasks
          6 kB
        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            Assignee:
            shausman Simon Hausmann
            Reporter:
            dhess David Hess
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Gerrit Reviews

                There are no open Gerrit changes