Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-80528

Memory corruption because of reused submenu

XMLWordPrintable

    • 8339ce2155752eb8fa0f49f3fe4b24f9643ae463 (qt/qtbase/5.14) 7110eb7ca14d7162d3ea4a9e00beef72473ed806 (qt/qtbase/5.12)

      Run the attached test program under valgrind and make the following steps:

      1) right click on the window to show the context menu

      2) in the context menu first hover "Menu", then "Sub menu"

      3) click outside of the context menu to close it

      4) click on "Menu" in the menu bar

       

      valgrind will report about invalid memory read:

      ==5569== Invalid read of size 1
==5569==    at 0x51D68D4: QMenuSloppyState::childLeave() (qmenu.cpp:778)
==5569==    by 0x51D68B3: QMenuSloppyState::leave() (qmenu.cpp:771)
==5569==    by 0x51D90BE: QMenuPrivate::mouseEventTaken(QMouseEvent*) (qmenu.cpp:1342)
==5569==    by 0x51DDEC3: QMenu::mouseReleaseEvent(QMouseEvent*) (qmenu.cpp:2891)
==5569==    by 0x5026DBC: QWidget::event(QEvent*) (qwidget.cpp:8631)
==5569==    by 0x51DE81C: QMenu::event(QEvent*) (qmenu.cpp:3030)
==5569==    by 0x4FDCD4A: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:3693)
==5569==    by 0x4FDA88B: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:3137)
==5569==    by 0x66A5D4D: QCoreApplication::notifyInternal2(QObject*, QEvent*) (qcoreapplication.cpp:1092)
==5569==    by 0x66A66E3: QCoreApplication::sendSpontaneousEvent(QObject*, QEvent*) (qcoreapplication.cpp:1499)
==5569==    by 0x4FD92CE: QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool, bool) (qapplication.cpp:2623)
==5569==    by 0x5055E64: QWidgetWindow::handleMouseEvent(QMouseEvent*) (qwidgetwindow.cpp:572)
==5569==  Address 0x181b5274 is 708 bytes inside a block of size 832 free'd
==5569==    at 0x4C2D31B: operator delete(void*) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5569==    by 0x51E3740: QMenuPrivate::~QMenuPrivate() (qmenu_p.h:326)
==5569==    by 0x66F54FF: QScopedPointerDeleter<QObjectData>::cleanup(QObjectData*) (qscopedpointer.h:60)
==5569==    by 0x66F2968: QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> >::~QScopedPointer() (qscopedpointer.h:107)
==5569==    by 0x66E78A6: QObject::~QObject() (qobject.cpp:997)
==5569==    by 0x5012725: QWidget::~QWidget() (qwidget.cpp:1408)
==5569==    by 0x51DA1AF: QMenu::~QMenu() (qmenu.cpp:1704)
==5569==    by 0x10AFE5: MainWindow::MainWindow(QWidget*)::{lambda(QPoint const&)#2}::operator()(QPoint const&) const (mainwindow.cpp:21)
==5569==    by 0x10B752: QtPrivate::FunctorCall<QtPrivate::IndexesList<0>, QtPrivate::List<QPoint const&>, void, MainWindow::MainWindow(QWidget*)::{lambda(QPoint const&)#2}>::call({lambda(QPoint const&)#2}&, void**) (qobjectdefs_impl.h:146)
==5569==    by 0x10B6F0: void QtPrivate::Functor<MainWindow::MainWindow(QWidget*)::{lambda(QPoint const&)#2}, 1>::call<QtPrivate::List<QPoint const&>, void>({lambda(QPoint const&)#2}&, void*, {lambda(QPoint const&)#2}&*) (qobjectdefs_impl.h:256)
==5569==    by 0x10B694: QtPrivate::QFunctorSlotObject<MainWindow::MainWindow(QWidget*)::{lambda(QPoint const&)#2}, 1, QtPrivate::List<QPoint const&>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) (qobjectdefs_impl.h:439)
==5569==    by 0x66B6FBA: QtPrivate::QSlotObjectBase::call(QObject*, void**) (qobjectdefs_impl.h:394)

        1. qtbug80528.zip
          2 kB
          Alexander Volkov
        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            qt.team.quick.subscriptions Qt Quick and Widgets Team
            avolkov Alexander Volkov
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved:

                There are no open Gerrit changes