Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-68415

Memory Leak returning QVariant containing a list of Qvariants from a com-call

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P4: Low
    • 5.11.2
    • 5.10.0, 5.10.1, 5.11.0
    • ActiveX Support
    • None
    • 717cc8fa56b1eb39a372d0c5c561aa30dbbbdd47 (qtactiveqt/5.11.,6.6.2018, 5.11.2)

    Description

      Two windows applications communicate via the windows com interface. By calling a function which returns a QVariant containing a list of QVariant with approx 2000 items of double.
      Memory is leaked.

      Loooking into the details

      The windows VARIANT is not cleaned up after the result is copied into a QVARIANT

      This fixes it

      diff --git a/src/activeqt/container/qaxbase.cpp b/src/activeqt/container/qaxbase.cpp
      index fa3eacf..0b3b03c 100644
      --- a/src/activeqt/container/qaxbase.cpp
      +++ b/src/activeqt/container/qaxbase.cpp
      @@ -3685,6 +3685,8 @@ int QAxBase::internalInvoke(QMetaObject::Call call, int index, void **v)
           if (hres == S_OK && ret.vt != VT_EMPTY)
               QVariantToVoidStar(VARIANTToQVariant(ret, slot.typeName()), v[0], slot.typeName());
      
      +    clearVARIANT( &ret );
      +
           // update out parameters
           for (p = 0; p < int(params.cArgs); ++p) {
           bool out;
      
      

      It is hard for me to provide a small example, as it interacts with out "old"software and a new application on top of that. But I can simply reason about this bug by looking at the provided patch.

      the line

      QVariantToVoidStar(VARIANTToQVariant(ret, slot.typeName()), v[0], slot.typeName());
      

      Does a deep copy from a VARIANT (ret) to a QVARIANT.

      And the variable ret is never used afterwards not is it cleared.

      Looking at the MS documentation https://msdn.microsoft.com/en-us/library/windows/desktop/ms221165%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396

      Or this Article http://www.roblocher.com/whitepapers/oletypes.html

      If the VARIANT contains an array/List/pointer to something then it needs to be freed by hand.
      Which is clearly not the case.

      And as ret is nowhere used anymore we can call clearVARIANT( &ret ) in any case

      I really hope this helps to see the issue and the proposed patch. However I still try to think about a easy way for you to reproduce this.

      Attachments

        1. qtbug68415_stack.txt
          1 kB
        2. qtbug68415.diff
          0.5 kB
        3. qtbug68415.zip
          9 kB
        4. QTBUG-68415.zip
          12 kB

        Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              kleint Friedemann Kleint
              friedrich Daniel Friedrich
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes