Details
-
Type:
Bug
-
Status: Open
-
Priority:
P3: Somewhat important
-
Resolution: Unresolved
-
Affects Version/s: 6.2.0 FF
-
Fix Version/s: 7.0 (Next Major Release)
-
Component/s: Core: Item Models
-
Labels:
-
Story Points:13
-
Sprint:Qt6_Foundation_Sprint 36, Qt6_Foundation_Sprint 37
Description
QAbstractItemModel::index(), documented in
https://doc.qt.io/qt-5/qabstractitemmodel.html#index , is const for a good reason: In a corresponding QItemSelectionModel, there are instances of QItemSelectionRange which use the index() method in their methods. If the QAbstractItemModel::index() method changed the model, this could trigger signals like layoutChanged() to be emitted, which in turn could lead to the deletion of a QItemSelectionRange in the QItemSelectionModel, so of the object we are executing a method of.
Despite QAbstractItemModel::index() being const, QTreeModel::index() calls QTreeModel::executePendingSort() which just const_cast the const away and sort the model, leading to the problems described above.
The const_cast can be found here:
https://github.com/qt/qtbase/blob/ec675f5dc7d64bb7ebf7f4cce4f33d4b10dfe439/src/widgets/itemviews/qtreewidget_p.h#L211
I'll try to create a reproducer for a read-after-free.
Attachments
Issue Links
- is required for
-
-
- Closed
-
Gerrit Reviews
| For Gerrit Dashboard: QTBUG-94546 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 358836,3 | add todo comment for Qt 7 | dev | qt/qtbase | Status: MERGED | +2 | 0 |