Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Unresolved
Priority: P3: Somewhat important
Fix Version/s: 7.0 (Next Major Release)
Affects Version/s: 6.2.0 FF
Component/s: Core: Item Models
Labels:
- Qt7

Story Points:
13
Sprint:
Qt6_Foundation_Sprint 36, Qt6_Foundation_Sprint 37

Description

QAbstractItemModel::index(), documented in
https://doc.qt.io/qt-5/qabstractitemmodel.html#index , is const for a good reason: In a corresponding QItemSelectionModel, there are instances of QItemSelectionRange which use the index() method in their methods. If the QAbstractItemModel::index() method changed the model, this could trigger signals like layoutChanged() to be emitted, which in turn could lead to the deletion of a QItemSelectionRange in the QItemSelectionModel, so of the object we are executing a method of.

Despite QAbstractItemModel::index() being const, QTreeModel::index() calls QTreeModel::executePendingSort() which just const_cast the const away and sort the model, leading to the problems described above.
The const_cast can be found here:
https://github.com/qt/qtbase/blob/ec675f5dc7d64bb7ebf7f4cce4f33d4b10dfe439/src/widgets/itemviews/qtreewidget_p.h#L211

I'll try to create a reproducer for a read-after-free.

Attachments

Issue Links

is required for

QTBUG-93829 QItemSelectionModel::hasSelection is inconsistent

Closed

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews

For Gerrit Dashboard: QTBUG-94546
#	Subject	Branch	Project	Status	CR	V
358836,3	add todo comment for Qt 7	dev	qt/qtbase	Status: MERGED	+2	0

Activity

People

Assignee:: Qt Core & Network

Reporter:: Andreas Buhr

PM Owner:: Vladimir Minenko

RnD Owner:: Alex Blasche

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 16 Jun '21 11:59

Updated:: 31 May '22 08:29

Gerrit Reviews

There are no open Gerrit changes

Show There is 1 closed Gerrit change

Hide There is 1 closed Gerrit change

add todo comment for Qt 7: Gerrit Review: