Details
P1: Critical Description
Since Qt5.12.7 I can reproduce a crash on macOS 10.14 or 10.15 when having an application with one or more QComboBox objects and after the application is started, move the application from one screen to another screen and then just click to open the drop down and click to close the drop down (you do not need to select anything in the drop down). Perform this open/close of the drop down of the QComboBox objects a few times and the application is crashing.
The crash happens in QCocoaBackingStore::colorSpace() in the cocoa platform plugin called from the QCALayerBackingStore::backingPropertiesChanged().
This code part was introduced with the fix for https://bugreports.qt.io/browse/QTBUG-80844
I can reproduce the crash using Xcode as debugger.
When using QtCreator as debugger then the crash does not occur (not sure what the QtCreator debugger or starting of the application through the debugger is changing).
It is reproducible if building with QtCreator and then starting the application e.g. from the macOS Terminal.
I have attached a simple test program which has a main window and 3 QComboBox objects, see attachment:"testComboBoxOpenCrash.zip"
I have attached a screen shot when using Xcode as debugger, see attachment:"CrashTestOpenComboBox_Debugger.png"
It can be seen that the QComboBox::showPopup() is called which then calls the methods
- QWidget::create
- QWidgetPrivate::create
- QWindow::create
- QWindowPrivate::create
- QCocoaWindow::initialize
- QCocoaWindow::recreateWindowIfNeeded
- QCocoaWindow::createNSWindow
- QNSPanel initWithContentRect:styleMask:backing:defer:screen:
- NSWindow initWithContentRect:styleMask:backing:defer:screen:
Now an NSObserver is called and this is the one which was registered in the constructor of QCALayerBackingStore
The callback QCALayerBackingStore::backingPropertiesChanged() is called which want to update the color space for the existing buffers.
void QCALayerBackingStore::backingPropertiesChanged()
{
qCDebug(lcQpaBackingStore) << "Updating color space of existing buffers";
for (auto &buffer : m_buffers) {
if (buffer)
buffer->setColorSpace(colorSpace());
}
}
There will be called the colorSpace() in the QCocoaBackingStore
QCFType<CGColorSpaceRef> QCocoaBackingStore::colorSpace() const { NSView *view = static_cast<QCocoaWindow *>(window()->handle())->view(); return QCFType<CGColorSpaceRef>::constructFromGet(view.window.colorSpace.CGColorSpace); }
The
static_cast<QCocoaWindow *>(window()->handle())
seems to return a nullptr and hence the further access to view()
static_cast<QCocoaWindow *>(window()->handle())->view()
results in a bad access exception.
Last method in the call stack is QCocoaWindow::view() and the debugger shows this = NULL see attached screen shot "QCocoaWindow_view_this_NULL.png" which confirms that
static_cast<QCocoaWindow *>(window()->handle())
resulted in NULL.
