Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-94502

Crash on Android caused by automatic type conversion between JS array and QVariantList (SIGBUS)

    XMLWordPrintable

    Details

    • Platform/s:
      Android
    • Commits:
      dbe34dfa0d42510b804c898b77d6fe145473c31b (qt/qtdeclarative/dev) 94063d0c01b1471554773c00c2f6dd4a916fe0ac (qt/qtdeclarative/6.2) 55a9b77788dc11bf3669ed77a91d3cb68de03b0a (qt/qtdeclarative/6.1)

      Description

      Running the attached minimal example on an Android device (armeabi-v7a) or Android simulator (x86) leads to an reproducible crash. The type conversion from JS array to QVariantList in main.qml:27 seems to be the origin of the crash. Sometimes the crash occurs immediately, sometimes after pressing the button. arm64-v8a is not affected.

      Also notice the output onĀ armeabi-v7a (if the crash doesn't occur immediately):

      libtest_armeabi-v7a.so: list QList(QVariant(Invalid), QVariant(Invalid))

      vs. arm64-v8a:

      libtest_arm64-v8a.so: list QList(QVariant(QColor, QColor(ARGB 1, 0, 0.501961, 0)), QVariant(QColor, QColor(ARGB 1, 0, 0, 0)))

      Tested with following build environment (default setup Qt online installer):

      • Android-NDK 21.3.6528147
      • Clang 9.0.8 from the NDK
      • Targets: armv7a-linux-androideabi23, aarch64-linux-android23, i686-linux-android23
      • Qt 6.1.1

      I got this stack trace from another application (not the minimal example) but with the same cause and with Qt 6.1.1 compiled from source

      SIGBUS (signal SIGBUS: illegal alignment)
      int std::__ndk1::__cxx_atomic_fetch_add<int>(std::__ndk1::__cxx_atomic_base_impl<int>*, int, std::__ndk1::memory_order) atomic:1014
      std::__ndk1::__atomic_base<int, true>::fetch_add(int, std::__ndk1::memory_order) atomic:1575
      std::__ndk1::__atomic_base<int, true>::operator++() atomic:1612
      bool QAtomicOps<int>::ref<int>(std::__ndk1::atomic<int>&) 0x00000000c4c8bc90
      QBasicAtomicInteger<int>::ref() 0x00000000c4c8bc6e
      QVariant::QVariant(QVariant const&) 0x00000000c4dc6d4a
      void QtPrivate::QMovableArrayOps<QVariant>::emplace<QVariant const&>(int, QVariant const&&&) 0x00000000c4d8ae8e
      QVariant& QList<QVariant>::emplaceBack<QVariant const&>(QVariant const&&&) 0x00000000c4d8adc0
      QList<QVariant>::append(QVariant const&) 0x00000000c4d8a642
      QList<QVariant>::push_back(QVariant const&) 0x00000000c4d912d4
      QtMetaContainerPrivate::QMetaSequenceForContainer<QList<QVariant> >::getAddValueFn()::'lambda'(void*, void const*, QtMetaContainerPrivate::QMetaContainerInterface::Position)::operator()(void*, void const*, QtMetaContainerPrivate::QMetaContainerInterface::Position) const 0x00000000c4d912a6
      QtMetaContainerPrivate::QMetaSequenceForContainer<QList<QVariant> >::getAddValueFn()::'lambda'(void*, void const*, QtMetaContainerPrivate::QMetaContainerInterface::Position)::__invoke(void*, void const*, QtMetaContainerPrivate::QMetaContainerInterface::Position) 0x00000000c4d90b5e
      QMetaSequence::addValue(void*, void const*) const 0x00000000c4d52858
      toVariant(QV4::ExecutionEngine*, QV4::Value const&, int, bool, QSet<QV4::Heap::Object*>*) 0x00000000c2fae546
      QV4::ExecutionEngine::toVariant(QV4::Value const&, int, bool) 0x00000000c2fade36
      QQmlBinding::slowWrite(QQmlPropertyData const&, QQmlPropertyData const&, QV4::Value const&, bool, QFlags<QQmlPropertyData::WriteFlag>) 0x00000000c30d9c40
      GenericBinding<0>::write(QV4::Value const&, bool, QFlags<QQmlPropertyData::WriteFlag>) 0x00000000c30e639c
      QQmlNonbindingBinding::doUpdate(QQmlJavaScriptExpression::DeleteWatcher const&, QFlags<QQmlPropertyData::WriteFlag>, QV4::Scope&) 0x00000000c30de358
      QQmlBinding::update(QFlags<QQmlPropertyData::WriteFlag>) 0x00000000c30d9384
      QQmlBinding::setEnabled(bool, QFlags<QQmlPropertyData::WriteFlag>) 0x00000000c30da526
      QQmlObjectCreator::finalize(QQmlInstantiationInterrupt&) 0x00000000c3172b52
      QQmlIncubatorPrivate::incubate(QQmlInstantiationInterrupt&) 0x00000000c313d658
      QQmlEnginePrivate::incubate(QQmlIncubator&, QQmlRefPointer<QQmlContextData> const&) 0x00000000c313cfde
      QQmlComponent::create(QQmlIncubator&, QQmlContext*, QQmlContext*) 0x00000000c30ec2ac
      

        Attachments

        For Gerrit Dashboard: QTBUG-94502
        # Subject Branch Project Status CR V

          Activity

            People

            Assignee:
            ulherman Ulf Hermann
            Reporter:
            tereius Bjoern S
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Gerrit Reviews

                There are no open Gerrit changes