Details
-
Bug
-
Resolution: Done
-
P1: Critical
-
5.12.0 Beta 4
-
None
-
-
d3545dbdfdb30e310c6c962ba92f4fdf57354666 (qt/qtquickcontrols2/5.12.0)
Description
Now we sometimes get a crash whereas we didn't use to.
Reverting this patch fixes the issue. http://code.qt.io/cgit/qt/qtquickcontrols2.git/commit/?id=953fbac6131823e4fce0eb4707a854469c4c04ff
Here's a valgrind trace:
==13224== Invalid read of size 8 ==13224== at 0x1259EE9E: data (qsharedpointer_impl.h:569) ==13224== by 0x1259EE9E: data (qpointer.h:86) ==13224== by 0x1259EE9E: operator-> (qpointer.h:88) ==13224== by 0x1259EE9E: operator==<QQuickMenu> (qpointer.h:116) ==13224== by 0x1259EE9E: QQuickMenuPrivate::setParentMenu(QQuickMenu*) (qquickmenu.cpp:571) ==13224== by 0x125A09D0: QQuickMenuPrivate::removeItem(int, QQuickItem*) (qquickmenu.cpp:252) ==13224== by 0x125A0D82: QQuickMenuPrivate::itemParentChanged(QQuickItem*, QQuickItem*) (qquickmenu.cpp:402) ==13224== by 0x65EA7C0: QQuickItemPrivate::itemChange(QQuickItem::ItemChange, QQuickItem::ItemChangeData const&) (qquickitem.cpp:6286) ==13224== by 0x65EF4D4: QQuickItem::setParentItem(QQuickItem*) (qquickitem.cpp:2805) ==13224== by 0x65F039E: QQuickItem::~QQuickItem() (qquickitem.cpp:2395) ==13224== by 0x669FEBD: QQuickFlickable::~QQuickFlickable() (qquickflickable.cpp:749) ==13224== by 0x66F1FFB: QQuickItemView::~QQuickItemView() (qquickitemview.cpp:162) ==13224== by 0x6701E3F: QQuickListView::~QQuickListView() (qquicklistview.cpp:1909) ==13224== by 0x66166B9: ~QQmlElement (qqmlprivate.h:103) ==13224== by 0x66166B9: QQmlPrivate::QQmlElement<QQuickListView>::~QQmlElement() (qqmlprivate.h:103) ==13224== by 0x9867851: QObjectPrivate::deleteChildren() (qobject.cpp:1995) ==13224== by 0x9868C54: QObject::~QObject() (qobject.cpp:1021) ==13224== Address 0x199074c8 is 376 bytes inside a block of size 448 free'd ==13224== at 0x483908B: operator delete(void*, unsigned long) (vg_replace_malloc.c:585) ==13224== by 0x125A413D: QQuickMenuPrivate::~QQuickMenuPrivate() (qquickmenu_p_p.h:64) ==13224== by 0x9868C1D: cleanup (qscopedpointer.h:60) ==13224== by 0x9868C1D: ~QScopedPointer (qscopedpointer.h:107) ==13224== by 0x9868C1D: QObject::~QObject() (qobject.cpp:880) ==13224== by 0x125B6F3A: QQuickPopup::~QQuickPopup() (qquickpopup.cpp:810) ==13224== by 0x194E5266: ~QQuickMenu (qquickmenu_p.h:63) ==13224== by 0x194E5266: ~QQmlElement (qqmlprivate.h:103) ==13224== by 0x194E5266: QQmlPrivate::QQmlElement<QQuickMenu>::~QQmlElement() (qqmlprivate.h:103) ==13224== by 0x986011C: qDeleteInEventHandler(QObject*) (qobject.cpp:4620) ==13224== by 0x9861EE3: QObject::event(QEvent*) (qobject.cpp:1240) ==13224== by 0x7FE698C: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:3752) ==13224== by 0x7FEE752: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:3109) ==13224== by 0x982E8AA: QCoreApplication::notifyInternal2(QObject*, QEvent*) (qcoreapplication.cpp:1061) ==13224== by 0x982EB05: QCoreApplication::sendEvent(QObject*, QEvent*) (qcoreapplication.cpp:1451) ==13224== by 0x98345D6: QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (qcoreapplication.cpp:1800) ==13224== Block was alloc'd at ==13224== at 0x4837DEF: operator new(unsigned long) (vg_replace_malloc.c:334) ==13224== by 0x1259E844: QQuickMenu::QQuickMenu(QObject*) (qquickmenu.cpp:733) ==13224== by 0x194E59E3: QQmlElement (qqmlprivate.h:98) ==13224== by 0x194E59E3: void QQmlPrivate::createInto<QQuickMenu>(void*) (qqmlprivate.h:119) ==13224== by 0x8E62E45: QQmlType::create(QObject**, void**, unsigned long) const (qqmlmetatype.cpp:1049) ==13224== by 0x8ED32C5: QQmlObjectCreator::createInstance(int, QObject*, bool) (qqmlobjectcreator.cpp:1163) ==13224== by 0x8ED70CD: QQmlObjectCreator::create(int, QObject*, QQmlInstantiationInterrupt*) (qqmlobjectcreator.cpp:203) ==13224== by 0x8ED35E8: QQmlObjectCreator::createInstance(int, QObject*, bool) (qqmlobjectcreator.cpp:1202) ==13224== by 0x8ED70CD: QQmlObjectCreator::create(int, QObject*, QQmlInstantiationInterrupt*) (qqmlobjectcreator.cpp:203) ==13224== by 0x8ED35E8: QQmlObjectCreator::createInstance(int, QObject*, bool) (qqmlobjectcreator.cpp:1202) ==13224== by 0x8ED70CD: QQmlObjectCreator::create(int, QObject*, QQmlInstantiationInterrupt*) (qqmlobjectcreator.cpp:203) ==13224== by 0x8E48D7B: QQmlComponentPrivate::beginCreate(QQmlContextData*) (qqmlcomponent.cpp:871) ==13224== by 0x8E490DD: QQmlComponent::beginCreate(QQmlContext*) (qqmlcomponent.cpp:823)
Attachments
For Gerrit Dashboard: QTBUG-71770 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
245480,4 | Revert all Menu delegate patches | 5.12.0 | qt/qtquickcontrols2 | Status: MERGED | -1 | 0 |
245494,1 | Revert all Menu delegate patches | 5.12.0 | qt/qtquickcontrols2 | Status: ABANDONED | 0 | 0 |