Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Invalid
Priority: P1: Critical
Fix Version/s: None
Affects Version/s: 5.10.1, 5.11.3, 5.12.0
Component/s: QML: Declarative and Javascript Engine
Labels:
- earmarked_by_ulf

Platform/s:

All

Description

Somehow related to ~~QTBUG-72746~~, trace and self contained sample included.

Under certain circumstances, calling QQuickView::setSource at runtime crashes.

12:05:23: Debugging starts
QML debugging is enabled. Only use this in a safe environment.
QML Debugger: Waiting for connection on port 38685...
qrc:/MainView.qml:35:5: QML Dialog: Binding loop detected for property "implicitWidth"
qrc:/MainView.qml:35:5: QML Dialog: Binding loop detected for property "implicitWidth"
=================================================================
==5415==ERROR: AddressSanitizer: heap-use-after-free on address 0x6030001b8d40 at pc 0x7ffff4eeb039 bp 0x7ffffffe7f70 sp 0x7ffffffe7f60
READ of size 8 at 0x6030001b8d40 thread T0
    #0 0x7ffff4eeb038 in QQuickItemPrivate::itemChange(QQuickItem::ItemChange, QQuickItem::ItemChangeData const&) /home/mitch/dev/qt5.12/qtdeclarative/src/quick/items/qquickitem.cpp:6235
    #1 0x7ffff4efac97 in QQuickItemPrivate::addChild(QQuickItem*) /home/mitch/dev/qt5.12/qtdeclarative/src/quick/items/qquickitem.cpp:2974
    #2 0x7ffff4efee06 in QQuickItem::setParentItem(QQuickItem*) /home/mitch/dev/qt5.12/qtdeclarative/src/quick/items/qquickitem.cpp:2765
    #3 0x7ffff5194658 in QQuickViewPrivate::setRootObject(QObject*) /home/mitch/dev/qt5.12/qtdeclarative/src/quick/items/qquickview.cpp:504
    #4 0x7ffff5197d75 in QQuickView::continueExecute() /home/mitch/dev/qt5.12/qtdeclarative/src/quick/items/qquickview.cpp:489
    #5 0x7ffff5198f27 in QQuickViewPrivate::execute() /home/mitch/dev/qt5.12/qtdeclarative/src/quick/items/qquickview.cpp:107
    #6 0x7ffff51990e0 in QQuickView::setSource(QUrl const&) /home/mitch/dev/qt5.12/qtdeclarative/src/quick/items/qquickview.cpp:242
    #7 0x555555557ce3 in App::loadAnother() (/home/mitch/Downloads/quick_segfault-qt5_12_debug-Debug/quick_segfault+0x3ce3)
    #8 0x55555555801a in App::qt_metacall(QMetaObject::Call, int, void**) (/home/mitch/Downloads/quick_segfault-qt5_12_debug-Debug/quick_segfault+0x401a)
    #9 0x7ffff1b95859 in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) /home/mitch/dev/qt5.12/qtbase/src/corelib/kernel/qmetaobject.cpp:303
    #10 0x7ffff2fd4929 in QQmlObjectOrGadget::metacall(QMetaObject::Call, int, void**) const /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlpropertycache.cpp:1761
    #11 0x7ffff2a576ae in CallMethod /home/mitch/dev/qt5.12/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:1231
    #12 0x7ffff2a583c7 in CallPrecise /home/mitch/dev/qt5.12/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:1479
    #13 0x7ffff2a5a432 in QV4::QObjectMethod::callInternal(QV4::Value const*, QV4::Value const*, int) const /home/mitch/dev/qt5.12/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:2017
    #14 0x7ffff2a5b002 in QV4::QObjectMethod::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:1954
    #15 0x7ffff27cc561 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const /home/mitch/dev/qt5.12/qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:202
    #16 0x7ffff2dc50e2 in QV4::Runtime::method_callProperty(QV4::ExecutionEngine*, QV4::Value*, int, QV4::Value*, int) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/jsruntime/qv4runtime.cpp:1391
    #17 0x7ffff2aecd34 in QV4::Moth::VME::interpret(QV4::CppStackFrame*, QV4::ExecutionEngine*, char const*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:719
    #18 0x7ffff2b0aad6 in QV4::Moth::VME::exec(QV4::CppStackFrame*, QV4::ExecutionEngine*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:441
    #19 0x7ffff2823ab3 in QV4::Function::call(QV4::Value const*, QV4::Value const*, int, QV4::ExecutionContext const*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/jsruntime/qv4function.cpp:68
    #20 0x7ffff308e9bb in QQmlJavaScriptExpression::evaluate(QV4::CallData*, bool*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmljavascriptexpression.cpp:216
    #21 0x7ffff2eff21a in QQmlBoundSignalExpression::evaluate(void**) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlboundsignal.cpp:225
    #22 0x7ffff2effe62 in QQmlBoundSignal_callback(QQmlNotifierEndpoint*, void**) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlboundsignal.cpp:358
    #23 0x7ffff2ffc84e in QQmlNotifier::emitNotify(QQmlNotifierEndpoint*, void**) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlnotifier.cpp:106
    #24 0x7ffff2e793fe in QQmlData::signalEmitted(QAbstractDeclarativeData*, QObject*, int, void**) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlengine.cpp:883
    #25 0x7ffff1c22738 in QMetaObject::activate(QObject*, int, int, void**) /home/mitch/dev/qt5.12/qtbase/src/corelib/kernel/qobject.cpp:3658
    #26 0x7ffff1c24379 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) /home/mitch/dev/qt5.12/qtbase/src/corelib/kernel/qobject.cpp:3642
    #27 0x7fffd585a04f in QQuickAbstractButton::clicked() .moc/moc_qquickabstractbutton_p.cpp:629
    #28 0x7fffd56b1f9f in QQuickAbstractButtonPrivate::trigger() /home/mitch/dev/qt5.12/qtquickcontrols2/src/quicktemplates2/qquickabstractbutton.cpp:328
    #29 0x7fffd56b863a in QQuickAbstractButtonPrivate::handleRelease(QPointF const&) /home/mitch/dev/qt5.12/qtquickcontrols2/src/quicktemplates2/qquickabstractbutton.cpp:179
    #30 0x7fffd5722ff7 in QQuickControl::mouseReleaseEvent(QMouseEvent*) /home/mitch/dev/qt5.12/qtquickcontrols2/src/quicktemplates2/qquickcontrol.cpp:2109
    #31 0x7ffff4ef6205 in QQuickItem::event(QEvent*) /home/mitch/dev/qt5.12/qtdeclarative/src/quick/items/qquickitem.cpp:8075
    #32 0x7fffd56b8b29 in QQuickAbstractButton::event(QEvent*) /home/mitch/dev/qt5.12/qtquickcontrols2/src/quicktemplates2/qquickabstractbutton.cpp:1014
    #33 0x7ffff59db6a7 in QApplicationPrivate::notify_helper(QObject*, QEvent*) /home/mitch/dev/qt5.12/qtbase/src/widgets/kernel/qapplication.cpp:3753
    #34 0x7ffff59fb3ee in QApplication::notify(QObject*, QEvent*) /home/mitch/dev/qt5.12/qtbase/src/widgets/kernel/qapplication.cpp:3110
    #35 0x7ffff1b72c10 in QCoreApplication::notifyInternal2(QObject*, QEvent*) /home/mitch/dev/qt5.12/qtbase/src/corelib/kernel/qcoreapplication.cpp:1060
    #36 0x7ffff1b73522 in QCoreApplication::sendEvent(QObject*, QEvent*) /home/mitch/dev/qt5.12/qtbase/src/corelib/kernel/qcoreapplication.cpp:1450
    #37 0x7ffff4f6ade5 in QQuickWindowPrivate::deliverMouseEvent(QQuickPointerMouseEvent*) /home/mitch/dev/qt5.12/qtdeclarative/src/quick/items/qquickwindow.cpp:1784
    #38 0x7ffff4f6edf6 in QQuickWindowPrivate::deliverPointerEvent(QQuickPointerEvent*) /home/mitch/dev/qt5.12/qtdeclarative/src/quick/items/qquickwindow.cpp:2347
    #39 0x7ffff4f7381f in QQuickWindowPrivate::handleMouseEvent(QMouseEvent*) /home/mitch/dev/qt5.12/qtdeclarative/src/quick/items/qquickwindow.cpp:2180
    #40 0x7ffff4f74780 in QQuickWindow::mouseReleaseEvent(QMouseEvent*) /home/mitch/dev/qt5.12/qtdeclarative/src/quick/items/qquickwindow.cpp:2160
    #41 0x7ffff5199fd6 in QQuickView::mouseReleaseEvent(QMouseEvent*) /home/mitch/dev/qt5.12/qtdeclarative/src/quick/items/qquickview.cpp:620
    #42 0x7ffff39c0f90 in QWindow::event(QEvent*) /home/mitch/dev/qt5.12/qtbase/src/gui/kernel/qwindow.cpp:2248
    #43 0x7ffff4f77c54 in QQuickWindow::event(QEvent*) /home/mitch/dev/qt5.12/qtdeclarative/src/quick/items/qquickwindow.cpp:1673
    #44 0x7ffff59db6a7 in QApplicationPrivate::notify_helper(QObject*, QEvent*) /home/mitch/dev/qt5.12/qtbase/src/widgets/kernel/qapplication.cpp:3753
    #45 0x7ffff59fb3ee in QApplication::notify(QObject*, QEvent*) /home/mitch/dev/qt5.12/qtbase/src/widgets/kernel/qapplication.cpp:3110
    #46 0x7ffff1b72c10 in QCoreApplication::notifyInternal2(QObject*, QEvent*) /home/mitch/dev/qt5.12/qtbase/src/corelib/kernel/qcoreapplication.cpp:1060
    #47 0x7ffff1b73568 in QCoreApplication::sendSpontaneousEvent(QObject*, QEvent*) /home/mitch/dev/qt5.12/qtbase/src/corelib/kernel/qcoreapplication.cpp:1462
    #48 0x7ffff398bb76 in QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*) /home/mitch/dev/qt5.12/qtbase/src/gui/kernel/qguiapplication.cpp:2102
    #49 0x7ffff3991701 in QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) /home/mitch/dev/qt5.12/qtbase/src/gui/kernel/qguiapplication.cpp:1837
    #50 0x7ffff38edd67 in QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) /home/mitch/dev/qt5.12/qtbase/src/gui/kernel/qwindowsysteminterface.cpp:1071
    #51 0x7fffe7e05f81 in xcbSourceDispatch /home/mitch/dev/qt5.12/qtbase/src/plugins/platforms/xcb/qxcbeventdispatcher.cpp:105
    #52 0x7fffee37a386 in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4c386)
    #53 0x7fffee37a5bf  (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4c5bf)
    #54 0x7fffee37a64b in g_main_context_iteration (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4c64b)
    #55 0x7ffff1ccbf7e in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) /home/mitch/dev/qt5.12/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:422
    #56 0x7fffe7e0694f in QXcbGlibEventDispatcher::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) /home/mitch/dev/qt5.12/qtbase/src/plugins/platforms/xcb/qxcbeventdispatcher.cpp:143
    #57 0x7ffff1b6b7b5 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) /home/mitch/dev/qt5.12/qtbase/src/corelib/kernel/qeventloop.cpp:138
    #58 0x7ffff1b6cbca in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) /home/mitch/dev/qt5.12/qtbase/src/corelib/kernel/qeventloop.cpp:225
    #59 0x7ffff1b8b02a in QCoreApplication::exec() /home/mitch/dev/qt5.12/qtbase/src/corelib/kernel/qcoreapplication.cpp:1363
    #60 0x7ffff396290f in QGuiApplication::exec() /home/mitch/dev/qt5.12/qtbase/src/gui/kernel/qguiapplication.cpp:1779
    #61 0x7ffff59db46e in QApplication::exec() /home/mitch/dev/qt5.12/qtbase/src/widgets/kernel/qapplication.cpp:2910
    #62 0x555555557157 in main (/home/mitch/Downloads/quick_segfault-qt5_12_debug-Debug/quick_segfault+0x3157)
    #63 0x7ffff0a5db96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    #64 0x555555557419 in _start (/home/mitch/Downloads/quick_segfault-qt5_12_debug-Debug/quick_segfault+0x3419)

0x6030001b8d40 is located 0 bytes inside of 32-byte region [0x6030001b8d40,0x6030001b8d60)
freed by thread T0 here:
    #0 0x7ffff6efb9d8 in operator delete(void*, unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe19d8)
    #1 0x7fffd57bb88d in QQuickPopupPositioner::~QQuickPopupPositioner() /home/mitch/dev/qt5.12/qtquickcontrols2/src/quicktemplates2/qquickpopuppositioner.cpp:66
    #2 0x7fffd57ad926 in QQuickPopup::~QQuickPopup() /home/mitch/dev/qt5.12/qtquickcontrols2/src/quicktemplates2/qquickpopup.cpp:817
    #3 0x7fffd5388e7c in QQuickDialog::~QQuickDialog() /home/mitch/dev/qt5.12-debug/qtbase/include/QtQuickTemplates2/5.12.0/QtQuickTemplates2/private/../../../../../../../qt5.12/qtquickcontrols2/src/quicktemplates2/qquickdialog_p.h:59
    #4 0x7fffd5388e7c in QQmlPrivate::QQmlElement<QQuickDialog>::~QQmlElement() /home/mitch/dev/qt5.12-debug/qtbase/include/QtQml/../../../../qt5.12/qtdeclarative/src/qml/qml/qqmlprivate.h:103
    #5 0x7fffd5388e7c in QQmlPrivate::QQmlElement<QQuickDialog>::~QQmlElement() /home/mitch/dev/qt5.12-debug/qtbase/include/QtQml/../../../../qt5.12/qtdeclarative/src/qml/qml/qqmlprivate.h:103
    #6 0x7ffff1c37880 in QObjectPrivate::deleteChildren() /home/mitch/dev/qt5.12/qtbase/src/corelib/kernel/qobject.cpp:2006
    #7 0x7ffff1c3c43f in QObject::~QObject() /home/mitch/dev/qt5.12/qtbase/src/corelib/kernel/qobject.cpp:1032
    #8 0x7ffff4f03a3f in QQuickItem::~QQuickItem() /home/mitch/dev/qt5.12/qtdeclarative/src/quick/items/qquickitem.cpp:2383
    #9 0x7ffff4f986c6 in QQuickRectangle::~QQuickRectangle() /home/mitch/dev/qt5.12/qtdeclarative/src/quick/items/qquickrectangle_p.h:156
    #10 0x7ffff4f986c6 in QQmlPrivate::QQmlElement<QQuickRectangle>::~QQmlElement() /home/mitch/dev/qt5.12-debug/qtbase/include/QtQml/../../../../qt5.12/qtdeclarative/src/qml/qml/qqmlprivate.h:103
    #11 0x7ffff4f986c6 in QQmlPrivate::QQmlElement<QQuickRectangle>::~QQmlElement() /home/mitch/dev/qt5.12-debug/qtbase/include/QtQml/../../../../qt5.12/qtdeclarative/src/qml/qml/qqmlprivate.h:103
    #12 0x7ffff51980b8 in QQuickViewPrivate::execute() /home/mitch/dev/qt5.12/qtdeclarative/src/quick/items/qquickview.cpp:96
    #13 0x7ffff51990e0 in QQuickView::setSource(QUrl const&) /home/mitch/dev/qt5.12/qtdeclarative/src/quick/items/qquickview.cpp:242
    #14 0x555555557ce3 in App::loadAnother() (/home/mitch/Downloads/quick_segfault-qt5_12_debug-Debug/quick_segfault+0x3ce3)
    #15 0x55555555801a in App::qt_metacall(QMetaObject::Call, int, void**) (/home/mitch/Downloads/quick_segfault-qt5_12_debug-Debug/quick_segfault+0x401a)
    #16 0x7ffff1b95859 in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) /home/mitch/dev/qt5.12/qtbase/src/corelib/kernel/qmetaobject.cpp:303
    #17 0x7ffff2fd4929 in QQmlObjectOrGadget::metacall(QMetaObject::Call, int, void**) const /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlpropertycache.cpp:1761
    #18 0x7ffff2a576ae in CallMethod /home/mitch/dev/qt5.12/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:1231
    #19 0x7ffff2a583c7 in CallPrecise /home/mitch/dev/qt5.12/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:1479
    #20 0x7ffff2a5a432 in QV4::QObjectMethod::callInternal(QV4::Value const*, QV4::Value const*, int) const /home/mitch/dev/qt5.12/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:2017
    #21 0x7ffff2a5b002 in QV4::QObjectMethod::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:1954
    #22 0x7ffff27cc561 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const /home/mitch/dev/qt5.12/qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:202
    #23 0x7ffff2dc50e2 in QV4::Runtime::method_callProperty(QV4::ExecutionEngine*, QV4::Value*, int, QV4::Value*, int) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/jsruntime/qv4runtime.cpp:1391
    #24 0x7ffff2aecd34 in QV4::Moth::VME::interpret(QV4::CppStackFrame*, QV4::ExecutionEngine*, char const*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:719
    #25 0x7ffff2b0aad6 in QV4::Moth::VME::exec(QV4::CppStackFrame*, QV4::ExecutionEngine*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:441
    #26 0x7ffff2823ab3 in QV4::Function::call(QV4::Value const*, QV4::Value const*, int, QV4::ExecutionContext const*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/jsruntime/qv4function.cpp:68
    #27 0x7ffff308e9bb in QQmlJavaScriptExpression::evaluate(QV4::CallData*, bool*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmljavascriptexpression.cpp:216
    #28 0x7ffff2eff21a in QQmlBoundSignalExpression::evaluate(void**) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlboundsignal.cpp:225
    #29 0x7ffff2effe62 in QQmlBoundSignal_callback(QQmlNotifierEndpoint*, void**) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlboundsignal.cpp:358
    #30 0x7ffff2ffc84e in QQmlNotifier::emitNotify(QQmlNotifierEndpoint*, void**) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlnotifier.cpp:106
    #31 0x7ffff2e793fe in QQmlData::signalEmitted(QAbstractDeclarativeData*, QObject*, int, void**) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlengine.cpp:883
    #32 0x7ffff1c22738 in QMetaObject::activate(QObject*, int, int, void**) /home/mitch/dev/qt5.12/qtbase/src/corelib/kernel/qobject.cpp:3658
    #33 0x7ffff1c24379 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) /home/mitch/dev/qt5.12/qtbase/src/corelib/kernel/qobject.cpp:3642

previously allocated by thread T0 here:
    #0 0x7ffff6efa458 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe0458)
    #1 0x7fffd579d26b in QQuickPopupPrivate::getPositioner() /home/mitch/dev/qt5.12/qtquickcontrols2/src/quicktemplates2/qquickpopup.cpp:610
    #2 0x7fffd57a16a5 in QQuickPopupPrivate::reposition() /home/mitch/dev/qt5.12/qtquickcontrols2/src/quicktemplates2/qquickpopup.cpp:655
    #3 0x7fffd57a17ea in QQuickPopup::geometryChanged(QRectF const&, QRectF const&) /home/mitch/dev/qt5.12/qtquickcontrols2/src/quicktemplates2/qquickpopup.cpp:2549
    #4 0x7fffd57b5c2c in QQuickPopupItem::geometryChanged(QRectF const&, QRectF const&) /home/mitch/dev/qt5.12/qtquickcontrols2/src/quicktemplates2/qquickpopupitem.cpp:332
    #5 0x7ffff4ec801f in QQuickItem::setImplicitWidth(double) /home/mitch/dev/qt5.12/qtdeclarative/src/quick/items/qquickitem.cpp:6784
    #6 0x7fffd57a4cdc in QQuickPopup::setImplicitWidth(double) /home/mitch/dev/qt5.12/qtquickcontrols2/src/quicktemplates2/qquickpopup.cpp:1011
    #7 0x7fffd57b0db8 in QQuickPopup::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) .moc/moc_qquickpopup_p.cpp:1229
    #8 0x7ffff30b780d in QQmlPropertyData::writeProperty(QObject*, void*, QFlags<QQmlPropertyData::WriteFlag>) const /home/mitch/dev/qt5.12-debug/qtbase/include/QtQml/5.12.0/QtQml/private/../../../../../../../qt5.12/qtdeclarative/src/qml/qml/qqmlpropertycache_p.h:346
    #9 0x7ffff30b780d in bool GenericBinding<6>::doStore<double>(double, QQmlPropertyData const*, QFlags<QQmlPropertyData::WriteFlag>) const /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlbinding.cpp:334
    #10 0x7ffff30b780d in GenericBinding<6>::write(QV4::Value const&, bool, QFlags<QQmlPropertyData::WriteFlag>) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlbinding.cpp:307
    #11 0x7ffff30bb47f in QQmlNonbindingBinding::doUpdate(QQmlJavaScriptExpression::DeleteWatcher const&, QFlags<QQmlPropertyData::WriteFlag>, QV4::Scope&) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlbinding.cpp:249
    #12 0x7ffff30ae7bd in QQmlBinding::update(QFlags<QQmlPropertyData::WriteFlag>) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlbinding.cpp:185
    #13 0x7ffff30b17cc in QQmlBinding::setEnabled(bool, QFlags<QQmlPropertyData::WriteFlag>) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlbinding.cpp:550
    #14 0x7ffff30fa130 in QQmlObjectCreator::finalize(QQmlInstantiationInterrupt&) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlobjectcreator.cpp:1347
    #15 0x7ffff2ecd7e5 in QQmlComponentPrivate::complete(QQmlEnginePrivate*, QQmlComponentPrivate::ConstructionState*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlcomponent.cpp:923
    #16 0x7ffff2ecdbd6 in QQmlComponentPrivate::completeCreate() /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlcomponent.cpp:959
    #17 0x7ffff2ecdd2a in QQmlComponent::completeCreate() /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlcomponent.cpp:951
    #18 0x7ffff2ecd115 in QQmlComponent::create(QQmlContext*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlcomponent.cpp:785
    #19 0x7ffff5196e0e in QQuickView::continueExecute() /home/mitch/dev/qt5.12/qtdeclarative/src/quick/items/qquickview.cpp:477
    #20 0x7ffff5198f27 in QQuickViewPrivate::execute() /home/mitch/dev/qt5.12/qtdeclarative/src/quick/items/qquickview.cpp:107
    #21 0x7ffff51990e0 in QQuickView::setSource(QUrl const&) /home/mitch/dev/qt5.12/qtdeclarative/src/quick/items/qquickview.cpp:242
    #22 0x555555557104 in main (/home/mitch/Downloads/quick_segfault-qt5_12_debug-Debug/quick_segfault+0x3104)
    #23 0x7ffff0a5db96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

SUMMARY: AddressSanitizer: heap-use-after-free /home/mitch/dev/qt5.12/qtdeclarative/src/quick/items/qquickitem.cpp:6235 in QQuickItemPrivate::itemChange(QQuickItem::ItemChange, QQuickItem::ItemChangeData const&)
Shadow bytes around the buggy address:
  0x0c068002f150: fd fa fa fa 00 00 00 fa fa fa 00 00 00 00 fa fa
  0x0c068002f160: 00 00 00 00 fa fa fd fd fd fd fa fa 00 00 00 fa
  0x0c068002f170: fa fa 00 00 00 fa fa fa 00 00 00 fa fa fa 00 00
  0x0c068002f180: 00 fa fa fa 00 00 00 fa fa fa 00 00 00 fa fa fa
  0x0c068002f190: fd fd fd fa fa fa 00 00 00 fa fa fa 00 00 00 00
=>0x0c068002f1a0: fa fa fd fd fd fd fa fa[fd]fd fd fd fa fa fd fd
  0x0c068002f1b0: fd fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa
  0x0c068002f1c0: fd fd fd fa fa fa fd fd fd fa fa fa fd fd fd fa
  0x0c068002f1d0: fa fa fd fd fd fa fa fa fd fd fd fa fa fa fd fd
  0x0c068002f1e0: fd fa fa fa fd fd fd fd fa fa fd fd fd fd fa fa
  0x0c068002f1f0: fd fd fd fd fa fa fd fd fd fa fa fa fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==5415==ABORTING
12:05:35: Debugging has finished

Just hit the top-left button to reproduce.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

quick_segfault_3.zip
3 kB
14 Jan '19 10:43

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

For Gerrit Dashboard: QTBUG-73013
#	Subject	Branch	Project	Status	CR	V
249949,8	QQmlNotifier: Always keep the isNotifying flag when updating senderPtr	5.12	qt/qtdeclarative	Status: MERGED	-2	0

Activity

People

Assignee:: Ulf Hermann

Reporter:: Massimo Callegari

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 14 Jan '19 10:43

Updated:: 14 Jan '19 18:21

Resolved:: 14 Jan '19 17:43

Gerrit Reviews

There are no open Gerrit changes

Show There is 1 closed Gerrit change

Hide There is 1 closed Gerrit change

QQmlNotifier: Always keep the isNotifying flag when updating senderPtr: Gerrit Review: