Details
-
Bug
-
Resolution: Unresolved
-
P1: Critical
-
None
-
5.15.6
-
None
Description
We've frequent crashes "in the wild" on iOS and Android devices, where the render loop is processing items that already have vanished (i.e. are marked as "delete later"). These seem to be race conditions and we were lucky after we've trapped one of them in the debugger.
The attached stacktrace shows a case where a list section header sitting on a stack page which is already animated away receives a polish. That crashes because the context is a nullptr in this case.
We've fixed this by
diff -Naur a/qtdeclarative/src/quick/items/qquickwindow.cpp b/qtdeclarative/src/quick/items/qquickwindow.cpp --- a/qtdeclarative/src/quick/items/qquickwindow.cpp 2021-08-16 15:02:40.000000000 +0200 +++ b/qtdeclarative/src/quick/items/qquickwindow.cpp 2021-09-23 21:32:22.005077046 +0200 @@ -386,6 +386,12 @@ PolishLoopDetector polishLoopDetector(itemsToPolish); while (!itemsToPolish.isEmpty()) { QQuickItem *item = itemsToPolish.takeLast(); + + auto context = QQmlEngine::contextForObject(item); + if (!context || !context->isValid()) { + continue; + } + QQuickItemPrivate *itemPrivate = QQuickItemPrivate::get(item); itemPrivate->polishScheduled = false; const int itemsRemaining = itemsToPolish.count();