Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: P1: Critical
Fix Version/s: 5.12.2, 5.13.1, 5.14.0 Alpha
Affects Version/s: 5.11.2
Component/s: QML: Declarative and Javascript Engine, Quick: Core Declarative QML
Labels:
- earmarked_by_ulf

Commits:
aca0351c7ce933503b042fd8d745d220c7dd331d (qt/qtdeclarative/5.12)

Description

We discovered this crash in our test suite, which clears type registrations and creates a new qml engine between each tests. The crash is in QQmlObjectCreator::populateInstance due to a null pointer dereference on a QObject, and I have narrowed my code down as much as possible to find the cause of the crash.

Stack trace:

#0  QQmlObjectCreator::populateInstance (this=this@entry=0x555555927b80, index=1, instance=0x0, bindingTarget=0x0, valueTypeProperty=valueTypeProperty@entry=0x0)
    at qml/qqmlobjectcreator.cpp:1427
#1  0x00007ffff76b2ff6 in QQmlObjectCreator::setPropertyBinding (this=this@entry=0x555555927b80, bindingProperty=bindingProperty@entry=0x0, binding=binding@entry=0x7fffe004c798)
    at /home/hhvaal/build/qt/qtbase/include/QtCore/../../src/corelib/global/qendian.h:232
#2  0x00007ffff76b5408 in QQmlObjectCreator::setupBindings (this=this@entry=0x555555927b80, applyDeferredBindings=applyDeferredBindings@entry=false) at qml/qqmlobjectcreator.cpp:777
#3  0x00007ffff76b5b22 in QQmlObjectCreator::populateInstance (this=this@entry=0x555555927b80, index=-1, index@entry=0, instance=0x0, bindingTarget=0x0, 
    valueTypeProperty=valueTypeProperty@entry=0x0) at qml/qqmlobjectcreator.cpp:1466
#4  0x00007ffff76b2be5 in QQmlObjectCreator::createInstance (this=this@entry=0x555555927b80, index=index@entry=0, parent=parent@entry=0x0, isContextObject=isContextObject@entry=true)
    at qml/qqmlobjectcreator.cpp:1309
#5  0x00007ffff76b5e67 in QQmlObjectCreator::create (this=0x555555927b80, subComponentIndex=<optimized out>, parent=parent@entry=0x0, interrupt=interrupt@entry=0x0)
    at qml/qqmlobjectcreator.cpp:203
#6  0x00007ffff76142b6 in QQmlComponentPrivate::beginCreate (this=0x555555942a50, context=<optimized out>)
    at /home/hhvaal/build/qt/qtbase/include/QtCore/../../src/corelib/tools/qscopedpointer.h:116
#7  0x00007ffff761472a in QQmlComponent::beginCreate (this=<optimized out>, publicContext=<optimized out>) at qml/qqmlcomponent.cpp:817
#8  0x00007ffff7610b70 in QQmlComponent::create (this=0x7fffffffd130, context=0x5555558494f0) at qml/qqmlcomponent.cpp:777
#9  0x0000555555555491 in main (argc=1, argv=0x7fffffffd288) at main.cpp:24

Minimal test case:

#include <QGuiApplication>
#include <QQmlComponent>
#include <QQmlEngine>

int main(int argc, char *argv[])
{
    QGuiApplication app(argc, argv);
    {
        QQmlEngine e;
        QQmlComponent c(&e);
        c.setData("import QtQuick 2.2\n Item {}", QUrl());
        c.create();
    }
    qmlClearTypeRegistrations();
    {
        QQmlEngine e;
        QQmlComponent c(&e);
        c.setData("import QtQml.StateMachine 1.0 \n"
                  "import QtQuick 2.2 \n"
                  "Item { KeyNavigation.up: null }", QUrl());
        c.create();
    }
    return 0;
}

Looks like it might be related to ~~QTBUG-43754~~, but it's hard to tell.

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Ulf Hermann

Reporter:: Harald Hvaal

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 11 Jan '19 10:05

Updated:: 19 Aug '19 13:53

Resolved:: 15 Jan '19 11:42

Gerrit Reviews

There are no open Gerrit changes

Show There is 1 closed Gerrit change

Hide There is 1 closed Gerrit change

QQmlMetaType: Erase attached properties in dtor: Gerrit Review: