-
Bug
-
Resolution: Done
-
P1: Critical
-
5.14.0 RC1
-
None
-
8339ce2155752eb8fa0f49f3fe4b24f9643ae463 (qt/qtbase/5.14) 7110eb7ca14d7162d3ea4a9e00beef72473ed806 (qt/qtbase/5.12)
Run the attached test program under valgrind and make the following steps:
1) right click on the window to show the context menu
2) in the context menu first hover "Menu", then "Sub menu"
3) click outside of the context menu to close it
4) click on "Menu" in the menu bar
valgrind will report about invalid memory read:
==5569== Invalid read of size 1 ==5569== at 0x51D68D4: QMenuSloppyState::childLeave() (qmenu.cpp:778) ==5569== by 0x51D68B3: QMenuSloppyState::leave() (qmenu.cpp:771) ==5569== by 0x51D90BE: QMenuPrivate::mouseEventTaken(QMouseEvent*) (qmenu.cpp:1342) ==5569== by 0x51DDEC3: QMenu::mouseReleaseEvent(QMouseEvent*) (qmenu.cpp:2891) ==5569== by 0x5026DBC: QWidget::event(QEvent*) (qwidget.cpp:8631) ==5569== by 0x51DE81C: QMenu::event(QEvent*) (qmenu.cpp:3030) ==5569== by 0x4FDCD4A: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:3693) ==5569== by 0x4FDA88B: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:3137) ==5569== by 0x66A5D4D: QCoreApplication::notifyInternal2(QObject*, QEvent*) (qcoreapplication.cpp:1092) ==5569== by 0x66A66E3: QCoreApplication::sendSpontaneousEvent(QObject*, QEvent*) (qcoreapplication.cpp:1499) ==5569== by 0x4FD92CE: QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool, bool) (qapplication.cpp:2623) ==5569== by 0x5055E64: QWidgetWindow::handleMouseEvent(QMouseEvent*) (qwidgetwindow.cpp:572) ==5569== Address 0x181b5274 is 708 bytes inside a block of size 832 free'd ==5569== at 0x4C2D31B: operator delete(void*) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==5569== by 0x51E3740: QMenuPrivate::~QMenuPrivate() (qmenu_p.h:326) ==5569== by 0x66F54FF: QScopedPointerDeleter<QObjectData>::cleanup(QObjectData*) (qscopedpointer.h:60) ==5569== by 0x66F2968: QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> >::~QScopedPointer() (qscopedpointer.h:107) ==5569== by 0x66E78A6: QObject::~QObject() (qobject.cpp:997) ==5569== by 0x5012725: QWidget::~QWidget() (qwidget.cpp:1408) ==5569== by 0x51DA1AF: QMenu::~QMenu() (qmenu.cpp:1704) ==5569== by 0x10AFE5: MainWindow::MainWindow(QWidget*)::{lambda(QPoint const&)#2}::operator()(QPoint const&) const (mainwindow.cpp:21) ==5569== by 0x10B752: QtPrivate::FunctorCall<QtPrivate::IndexesList<0>, QtPrivate::List<QPoint const&>, void, MainWindow::MainWindow(QWidget*)::{lambda(QPoint const&)#2}>::call({lambda(QPoint const&)#2}&, void**) (qobjectdefs_impl.h:146) ==5569== by 0x10B6F0: void QtPrivate::Functor<MainWindow::MainWindow(QWidget*)::{lambda(QPoint const&)#2}, 1>::call<QtPrivate::List<QPoint const&>, void>({lambda(QPoint const&)#2}&, void*, {lambda(QPoint const&)#2}&*) (qobjectdefs_impl.h:256) ==5569== by 0x10B694: QtPrivate::QFunctorSlotObject<MainWindow::MainWindow(QWidget*)::{lambda(QPoint const&)#2}, 1, QtPrivate::List<QPoint const&>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) (qobjectdefs_impl.h:439) ==5569== by 0x66B6FBA: QtPrivate::QSlotObjectBase::call(QObject*, void**) (qobjectdefs_impl.h:394)
- relates to
-
-
- Open
-
| For Gerrit Dashboard: QTBUG-80528 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 283552,3 | Avoid crash in menu that was previously shown as submenu | 5.14 | qt/qtbase | Status: MERGED | +2 | 0 |
| 284232,2 | Avoid crash in menu that was previously shown as submenu | 5.12 | qt/qtbase | Status: MERGED | +2 | 0 |