Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-84095

Valgrind: invalid memory read in QQmlContextData::emitDestruction()

    XMLWordPrintable

    Details

    • Platform/s:
      Linux/X11
    • Commits:
      0c8e51705ac0bb86c4b123ecd30a11b41fd50b24 (qt/qtdeclarative/5.15) 73a1b230642dd3577563cf8a5ff95223e6b9bd4e (qt/qtdeclarative/5.12.9)

      Description

      The attached minimal example leads to invalid memory read:

      ==4433== Invalid read of size 8
      ==4433== at 0x63F470B: QQmlContextData::emitDestruction() (qqmlcontext.cpp:568)
      ==4433== by 0x63F4F40: QQmlContextData::invalidate() (qqmlcontext.cpp:576)
      ==4433== by 0x63D1D92: QQmlPrivate::qdeclarativeelement_destructor(QObject*) (qqmlengine.cpp:751)
      ==4433== by 0x509C5BB: ~QQmlElement (qqmlprivate.h:107)
      ==4433== by 0x509C5BB: QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() (qqmlprivate.h:108)
      ==4433== by 0x513810E: QQuickView::~QQuickView() (qquickview.cpp:214)
      ==4433== by 0x5138258: QQuickView::~QQuickView() (qquickview.cpp:216)
      ==4433== by 0x408F4C: cleanup (qscopedpointer.h:60)
      ==4433== by 0x408F4C: ~QScopedPointer (qscopedpointer.h:107)
      ==4433== by 0x408F4C: main (main.cpp:640)
      ==4433== Address 0x13d5bd30 is 112 bytes inside a block of size 184 free'd
      ==4433== at 0x4C2F602: operator delete(void*, unsigned long) (vg_replace_malloc.c:595)
      ==4433== by 0x63F4E87: QQmlContextData::destroy() (qqmlcontext.cpp:676)
      ==4433== by 0x63F4F1D: QQmlContext::~QQmlContext() (qqmlcontext.cpp:221)
      ==4433== by 0x63F4F28: QQmlContext::~QQmlContext() (qqmlcontext.cpp:222)
      ==4433== by 0x154A8606: QQuickStackElement::~QQuickStackElement() (qquickstackelement.cpp:111)
      ==4433== by 0x154A8790: QQuickStackElement::~QQuickStackElement() (qquickstackelement.cpp:112)
      ==4433== by 0x154AEBEE: void qDeleteAll<QQuickStackElement* const*>(QQuickStackElement* const*, QQuickStackElement* const*) (qalgorithms.h:320)
      ==4433== by 0x154AD04F: qDeleteAll<QStack<QQuickStackElement*> > (qalgorithms.h:328)
      ==4433== by 0x154AD04F: QQuickStackView::clear(QQuickStackView::Operation) (qquickstackview.cpp:933)
      ==4433== by 0x154D4CDE: QQuickStackView::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (moc_qquickstackview_p.cpp:271)
      ==4433== by 0x154D5520: QQuickStackView::qt_metacall(QMetaObject::Call, int, void**) (moc_qquickstackview_p.cpp:454)
      ==4433== by 0x692033D: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) (qmetaobject.cpp:316)
      ==4433== by 0x6430EEA: QQmlObjectOrGadget::metacall(QMetaObject::Call, int, void**) const (qqmlpropertycache.cpp:1770)
      ==4433== by 0x62E8FC9: CallMethod(QQmlObjectOrGadget const&, int, int, int, int*, QV4::ExecutionEngine*, QV4::CallData*, QMetaObject::Call) (qv4qobjectwrapper.cpp:1295)
      ==4433== by 0x62E95A7: CallPrecise(QQmlObjectOrGadget const&, QQmlPropertyData const&, QV4::ExecutionEngine*, QV4::CallData*, QMetaObject::Call) (qv4qobjectwrapper.cpp:1557)
      ==4433== by 0x62E9966: CallOverloaded(QQmlObjectOrGadget const&, QQmlPropertyData const&, QV4::ExecutionEngine*, QV4::CallData*, QQmlPropertyCache const*, QMetaObject::Call) (qv4qobjectwrapper.cpp:1631)
      ==4433== by 0x62EA178: QV4::QObjectMethod::callInternal(QV4::Value const*, QV4::Value const*, int) const (qv4qobjectwrapper.cpp:2120)
      ==4433== by 0x62EA1A2: QV4::QObjectMethod::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) (qv4qobjectwrapper.cpp:2055)
      ==4433== by 0x6309AF1: call (qv4functionobject_p.h:202)
      ==4433== by 0x6309AF1: QV4::Moth::VME::interpret(QV4::CppStackFrame*, QV4::ExecutionEngine*, char const*) (qv4vme_moth.cpp:737)
      ==4433== by 0x6310144: QV4::Moth::VME::exec(QV4::CppStackFrame*, QV4::ExecutionEngine*) (qv4vme_moth.cpp:447)
      ==4433== by 0x6270DA5: QV4::Function::call(QV4::Value const*, QV4::Value const*, int, QV4::ExecutionContext const*) (qv4function.cpp:68)
      ==4433== by 0x645F9BA: QQmlJavaScriptExpression::evaluate(QV4::CallData*, bool*) (qqmljavascriptexpression.cpp:211)
      ==4433== by 0x63F9FAE: QQmlBoundSignalExpression::evaluate(void**) (qqmlboundsignal.cpp:225)
      ==4433== by 0x63FA387: QQmlBoundSignal_callback(QQmlNotifierEndpoint*, void**) (qqmlboundsignal.cpp:358)
      ==4433== by 0x643B904: QQmlNotifier::emitNotify(QQmlNotifierEndpoint*, void**) (qqmlnotifier.cpp:104)
      ==4433== by 0x63D3307: QQmlData::signalEmitted(QAbstractDeclarativeData*, QObject*, int, void**) (qqmlengine.cpp:883)
      ==4433== by 0x694770F: QMetaObject::activate(QObject*, int, int, void**) (qobject.cpp:3676)
      ==4433== by 0x6948062: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3657)
      ==4433== by 0x655744D: QQmlComponentAttached::destruction() (moc_qqmlcomponentattached_p.cpp:148)
      ==4433== by 0x63F46D0: QQmlContextData::emitDestruction() (qqmlcontext.cpp:562)
      ==4433== by 0x63F470A: QQmlContextData::emitDestruction() (qqmlcontext.cpp:567)
      ==4433== by 0x63F470A: QQmlContextData::emitDestruction() (qqmlcontext.cpp:567)
      ==4433== by 0x63F470A: QQmlContextData::emitDestruction() (qqmlcontext.cpp:567)
      ==4433== by 0x63F4F40: QQmlContextData::invalidate() (qqmlcontext.cpp:576)
      ==4433== by 0x63D1D92: QQmlPrivate::qdeclarativeelement_destructor(QObject*) (qqmlengine.cpp:751)
      ==4433== by 0x509C5BB: ~QQmlElement (qqmlprivate.h:107)
      ==4433== by 0x509C5BB: QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() (qqmlprivate.h:108)
      ==4433== by 0x513810E: QQuickView::~QQuickView() (qquickview.cpp:214)
      ==4433== by 0x5138258: QQuickView::~QQuickView() (qquickview.cpp:216)
      ==4433== by 0x408F4C: cleanup (qscopedpointer.h:60)
      ==4433== by 0x408F4C: ~QScopedPointer (qscopedpointer.h:107)
      ==4433== by 0x408F4C: main (main.cpp:640)
      ==4433== Block was alloc'd at
      ==4433== at 0x4C2E4B6: operator new(unsigned long) (vg_replace_malloc.c:344)
      ==4433== by 0x63F48FC: QQmlContext::QQmlContext(QQmlContext*, QObject*) (qqmlcontext.cpp:191)
      ==4433== by 0x154A8E86: QQuickStackElement::load(QQuickStackView*) (qquickstackelement.cpp:168)
      ==4433== by 0x154B0D67: QQuickStackViewPrivate::pushElements(QList<QQuickStackElement*> const&) (qquickstackview_p.cpp:178)
      ==4433== by 0x154AB842: QQuickStackView::push(QQmlV4Function*) (qquickstackview.cpp:601)
      ==4433== by 0x154D4D7E: QQuickStackView::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (moc_qquickstackview_p.cpp:281)
      ==4433== by 0x154D5520: QQuickStackView::qt_metacall(QMetaObject::Call, int, void**) (moc_qquickstackview_p.cpp:454)
      ==4433== by 0x692033D: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) (qmetaobject.cpp:316)
      ==4433== by 0x6430EEA: QQmlObjectOrGadget::metacall(QMetaObject::Call, int, void**) const (qqmlpropertycache.cpp:1770)
      ==4433== by 0x62EA14C: QV4::QObjectMethod::callInternal(QV4::Value const*, QV4::Value const*, int) const (qv4qobjectwrapper.cpp:2112)
      ==4433== by 0x62EA1A2: QV4::QObjectMethod::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) (qv4qobjectwrapper.cpp:2055)
      ==4433== by 0x6309AF1: call (qv4functionobject_p.h:202)
      ==4433== by 0x6309AF1: QV4::Moth::VME::interpret(QV4::CppStackFrame*, QV4::ExecutionEngine*, char const*) (qv4vme_moth.cpp:737)
      ==4433== by 0x6310144: QV4::Moth::VME::exec(QV4::CppStackFrame*, QV4::ExecutionEngine*) (qv4vme_moth.cpp:447)
      ==4433== by 0x6270DA5: QV4::Function::call(QV4::Value const*, QV4::Value const*, int, QV4::ExecutionContext const*) (qv4function.cpp:68)
      ==4433== by 0x645F9BA: QQmlJavaScriptExpression::evaluate(QV4::CallData*, bool*) (qqmljavascriptexpression.cpp:211)
      ==4433== by 0x63F9FAE: QQmlBoundSignalExpression::evaluate(void**) (qqmlboundsignal.cpp:225)
      ==4433== by 0x63FA387: QQmlBoundSignal_callback(QQmlNotifierEndpoint*, void**) (qqmlboundsignal.cpp:358)
      ==4433== by 0x643B904: QQmlNotifier::emitNotify(QQmlNotifierEndpoint*, void**) (qqmlnotifier.cpp:104)
      ==4433== by 0x63D3307: QQmlData::signalEmitted(QAbstractDeclarativeData*, QObject*, int, void**) (qqmlengine.cpp:883)
      ==4433== by 0x694770F: QMetaObject::activate(QObject*, int, int, void**) (qobject.cpp:3676)
      ==4433== by 0x6948062: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3657)
      ==4433== by 0x655742D: QQmlComponentAttached::completed() (moc_qqmlcomponentattached_p.cpp:142)
      ==4433== by 0x6480765: QQmlObjectCreator::finalize(QQmlInstantiationInterrupt&) (qqmlobjectcreator.cpp:1400)
      ==4433== by 0x63EB9C4: QQmlComponentPrivate::complete(QQmlEnginePrivate*, QQmlComponentPrivate::ConstructionState*) (qqmlcomponent.cpp:935)
      ==4433== by 0x63EBAED: QQmlComponentPrivate::completeCreate() (qqmlcomponent.cpp:971)
      ==4433== by 0x63EBB72: QQmlComponent::completeCreate() (qqmlcomponent.cpp:963)
      ==4433== by 0x63EB779: QQmlComponent::create(QQmlContext*) (qqmlcomponent.cpp:797)
      ==4433== by 0x408E06: main (main.cpp:634)
      
      

        Attachments

          Issue Links

          For Gerrit Dashboard: QTBUG-84095
          # Subject Branch Project Status CR V

            Activity

              People

              Assignee:
              fabiankosmale Fabian Kosmale
              Reporter:
              dmytrokh Dmytro Khlopov
              Votes:
              1 Vote for this issue
              Watchers:
              8 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Gerrit Reviews

                  There are no open Gerrit changes