Details
-
Bug
-
Resolution: Unresolved
-
P1: Critical
-
None
-
5.6.1
-
None
Description
This may be an atypical case, but if a client happens to show any unparented widget in response to a submenu's aboutToShow(), QMenu will crash.
This is because QMenu::internalDelayedPopup() checks for a non-null d->currentAction before calling popup() on the submenu, which will send the aboutToShow() signal. Clients can do arbitrary things, including something that can cause d->currentAction to become null; when control returns, setSubMenuPopup() is blindly called and the null pointer is dereferenced.
In our case, the widget belonged to a widget action that hadn't yet been added to the menu. But as shown here, any widget will trigger the crash.
Showing a top-level window causes QWidget::show_helper() to go off and close all popup windows – including the parent menu. In response, QMenu::hideEvent() resets the current action of the menu to null.
It seems that QMenu shouldn't assume that calling popup() will not change any internal state. There are surely many other ways that the same or similar crashes could be caused by receivers of aboutToShow().
I've attached a minimal program that reproduces the crash. Thanks in advance for your help!