Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-94546

QTreeModel::index changes model despite being const

    XMLWordPrintable

Details

    • 13
    • Qt6_Foundation_Sprint 36, Qt6_Foundation_Sprint 37

    Description

      QAbstractItemModel::index(), documented in
      https://doc.qt.io/qt-5/qabstractitemmodel.html#index , is const for a good reason: In a corresponding QItemSelectionModel, there are instances of QItemSelectionRange which use the index() method in their methods. If the QAbstractItemModel::index() method changed the model, this could trigger signals like layoutChanged() to be emitted, which in turn could lead to the deletion of a QItemSelectionRange in the QItemSelectionModel, so of the object we are executing a method of.

      Despite QAbstractItemModel::index() being const, QTreeModel::index() calls QTreeModel::executePendingSort() which just const_cast the const away and sort the model, leading to the problems described above.
      The const_cast can be found here:
      https://github.com/qt/qtbase/blob/ec675f5dc7d64bb7ebf7f4cce4f33d4b10dfe439/src/widgets/itemviews/qtreewidget_p.h#L211

      I'll try to create a reproducer for a read-after-free.

      Attachments

        Issue Links

          For Gerrit Dashboard: QTBUG-94546
          # Subject Branch Project Status CR V

          Activity

            People

              cnn Qt Core & Network
              andreasbuhr Andreas Buhr
              Vladimir Minenko Vladimir Minenko
              Alex Blasche Alex Blasche
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:

                Gerrit Reviews

                  There are no open Gerrit changes