-
Bug
-
Resolution: Incomplete
-
P1: Critical
-
None
-
5.4.1
-
None
-
macOS
-
Bug Fixing Week Q2/2020
When a QPainter::drawPixmapFragments() function is called twice, the first call with a smaller data size (say 5940) and the second call with a much larger data size (35640), the application crashes.
typedef QVarLengthArray<QPainter::PixmapFragment, 9> QPixmapFragmentsArray; static void s_AppendFragments(const QRect& pixmapRect, const QRectF& rcDest, QPixmapFragmentsArray& pixmapFragmentArray, int num) { for (int i = 0; i < num; ++i) { QPainter::PixmapFragment d; d.opacity = 1.0; d.rotation = 0.0; d.sourceLeft = pixmapRect.left(); d.sourceTop = pixmapRect.top(); d.width = pixmapRect.width(); d.height = pixmapRect.height(); d.scaleX = rcDest.width() / d.width; d.scaleY = rcDest.height() / d.height; d.y = rcDest.center().y(); d.x = rcDest.center().x(); pixmapFragmentArray.append(d); } } static void TestFunc(QPainter* painter, const QPixmap& pixmap1, const QPixmap& pixmap2) // called from paint { QPixmapFragmentsArray data1; QPixmapFragmentsArray data2; s_AppendFragments(pixmap1.rect(), QRectF(10, 10, 50, 50), data1, 5940); s_AppendFragments(pixmap2.rect(), QRectF(10, 10, 50, 50), data2, 35640); if (!data1.isEmpty()) { painter->drawPixmapFragments(data1.data(), data1.size(), pixmap1); } if (!data2.isEmpty()) { painter->drawPixmapFragments(data2.data(), data2.size(), pixmap2); }
The reason is that, in QOpenGLPaintEngine, when the QDataBuffer of vertex or texture array is resized using realloc for the second function call, the buffer returned may not be the same as the previous one. However, in QOpenGLPaintEngineExPrivate::transferMode, the vertextAttributePointer is never updated as long the mode is still the same.