Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-91519

[REG 5.14.2 -> 5.15.0] Call QQmlIncubator::clear() inside QQmlIncubator::setInitialState() crashes afterward

    XMLWordPrintable

    Details

    • Commits:
      2cb306c194625626957fcde44bd56473b0436f83 (qt/qtdeclarative/dev) e1ab5c04c731d26af586a927321fe94413b88c89 (qt/qtdeclarative/6.0) 25e26270a1ec0ed838f009d8694f3507af1b0554 (qt/qtdeclarative/6.1)

      Description

      If a subclass of QQmlIncubator decides that it doesn't want this object anymore during the call of "setInitialState()" and call "clear()", QQmlIncubator will crash after returning from "setInitialState()".

      Steps to reproduce:

      1. Download the attached test case. Compile and run.
      2. Click the button "Load something for nothing.".

      As QQmlIncubator::clear()'s documentation doesn't specify any condition which this should not be called, one might assume that it's safe to do so. If it's otherwise not safe to do so, the function should be documented as such.

      The stacktrace is obtained from Qt 6.0.1, official binary. The verbose stack is attached, but the relevant frames seems to be:

      1  QQmlIncubatorPrivate::incubate               qqmlincubator.cpp         334  0x7ffff7b068e4 
      2  QQmlIncubationController::incubateFor        qintrusivelist_p.h        216  0x7ffff7b071e6 
      3  QQuickWindowIncubationController::incubate   qquickwindow.cpp          178  0x7fffe8308107 
      4  QQuickWindowIncubationController::timerEvent qquickwindow.cpp          161  0x7fffe8308107 
      

      The relevant commit seems to be this:
      https://github.com/qt/qtdeclarative/commit/2f3b4ec528f48747a3b7e91e9a7254c25ce24c99#diff-d91d7ca6d9f70fc8304f503b8dd34b7644ffb7674051f2aa42d7784239ba7d04R332-R337

      The problem is first discovered on Debian's distribution of Qt 5.15.2, before subsequently confirmed on Qt 5.15.0 and Qt 6.0.1, and verified not to happen on 5.14.2.

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            Assignee:
            fabiankosmale Fabian Kosmale
            Reporter:
            peat-psuwit Ratchanan Srirattanamet
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Gerrit Reviews

                There are no open Gerrit changes