Details
Description
Actual QT I have: QT 5.14.1
I have an QAxObject I try to connect a signal to.
At some point inside QT lib I have (on the crash callstack) the function:
int QObjectPrivate::signalIndex(const char *signalName, const QMetaObject **meta) const { Q_Q(const QObject); const QMetaObject *base = q->metaObject(); Q_ASSERT(QMetaObjectPrivate::get(base)->revision >= 7); QArgumentTypeArray types; QByteArray name = QMetaObjectPrivate::decodeMethodSignature(signalName, types); int relative_index = QMetaObjectPrivate::indexOfSignalRelative( &base, name, types.size(), types.constData());
Inside this frame if I look in debugger/crash dump I see at base->d.data NULL (extradata and stringdata from same level NULL also) (1)
On step further along the callstack we have:
int QMetaObjectPrivate::indexOfSignalRelative(const QMetaObject **baseObject, const QByteArray &name, int argc, const QArgumentType *types) { int i = indexOfMethodRelative<MethodSignal>(baseObject, name, argc, types); ...
Inside qmetaobject.cpp where we call indexOfMethodRelative() we have the code:
for (const QMetaObject *m = *baseObject; m; m = m->d.superdata) { Q_ASSERT(priv(m->d.data)->revision >= 7); int i = (MethodType == MethodSignal) ? (priv(m->d.data)->signalCount - 1) : (priv(m->d.data)->methodCount - 1);
The passed baseObject is the one mentioned at (1)
Accessing everything past m->d.data (NULL) pointer causes SEGFAULT.
I include the partial crash callstack for better overview bellow:
ntdll!WerpWaitForCrashReporting+0xa8 ntdll!RtlReportExceptionHelper+0x33e ntdll!RtlReportException+0x9b combase!SilentlyReportExceptions+0xb2 [onecore\com\combase\dcomrem\excepn.cxx @ 134] combase!ServerExceptionFilter+0x112 [onecore\com\combase\dcomrem\excepn.cxx @ 209] combase!AppInvokeExceptionFilterWithMethodAddress+0x66 [onecore\com\combase\dcomrem\excepn.cxx @ 476] combase!`ObjectMethodExceptionHandlingAction<<lambda_c9f3956a20c9da92a64affc24fdd69ec> >'::`1'::filt$0+0x78 [onecore\com\combase\dcomrem\excepn.hxx @ 89] ucrtbase!_C_specific_handler+0xa0 ntdll!RtlpExecuteHandlerForException+0xf ntdll!RtlDispatchException+0x244 ntdll!KiUserExceptionDispatch+0x2e Qt5Core!priv+0x5 [d:\jenkins\workspace\u_qt5.14_buildx64\qtbase\src\corelib\kernel\qmetaobject.cpp @ 155] Qt5Core!indexOfMethodRelative<4>+0x55 [d:\jenkins\workspace\u_qt5.14_buildx64\qtbase\src\corelib\kernel\qmetaobject.cpp @ 611] Qt5Core!QMetaObjectPrivate::indexOfSignalRelative+0x1f [d:\jenkins\workspace\u_qt5.14_buildx64\qtbase\src\corelib\kernel\qmetaobject.cpp @ 740] Qt5Core!QObjectPrivate::signalIndex+0x105 [d:\jenkins\workspace\u_qt5.14_buildx64\qtbase\src\corelib\kernel\qobject.cpp @ 3975] Qt5Core!QObject::receivers+0x59 [d:\jenkins\workspace\u_qt5.14_buildx64\qtbase\src\corelib\kernel\qobject.cpp @ 2592] userApp!QAxEventSink::signalHasReceivers+0x6e [d:\jenkins\workspace\u_qt5.14_buildx64\qtactiveqt\src\activeqt\container\qaxbase.cpp @ 568] userApp!QAxEventSink::Invoke+0x17d [d:\jenkins\workspace\u_qt5.14_buildx64\qtactiveqt\src\activeqt\container\qaxbase.cpp @ 392] oleaut32!IDispatch_Invoke_Stub+0xd4 oleaut32!IDispatch_RemoteInvoke_Thunk+0x60 rpcrt4!NdrStubCall2+0x36f combase!CStdStubBuffer_Invoke+0xac [onecore\com\combase\ndr\ndrole\stub.cxx @ 1517] oleaut32!CDispStubWrapper::Invoke+0x1bb combase!InvokeStubWithExceptionPolicyAndTracing::__l6::<lambda_c9f3956a20c9da92a64affc24fdd69ec>::operator()+0x18 [onecore\com\combase\dcomrem\channelb.cxx @ 1279] combase!ObjectMethodExceptionHandlingAction<<lambda_c9f3956a20c9da92a64affc24fdd69ec> >+0x43 [onecore\com\combase\dcomrem\excepn.hxx @ 87] combase!InvokeStubWithExceptionPolicyAndTracing+0xd0 [onecore\com\combase\dcomrem\channelb.cxx @ 1277] combase!DefaultStubInvoke+0x1ee [onecore\com\combase\dcomrem\channelb.cxx @ 1346] combase!SyncStubCall::Invoke+0x22 [onecore\com\combase\dcomrem\channelb.cxx @ 1403] combase!SyncServerCall::StubInvoke+0x26 [onecore\com\combase\dcomrem\ServerCall.hpp @ 781] combase!StubInvoke+0x23e [onecore\com\combase\dcomrem\channelb.cxx @ 1628] combase!ServerCall::ContextInvoke+0x403 [onecore\com\combase\dcomrem\ctxchnl.cxx @ 1423] combase!CServerChannel::ContextInvoke+0x143 [onecore\com\combase\dcomrem\ctxchnl.cxx @ 1332] combase!DefaultInvokeInApartment+0x143 [onecore\com\combase\dcomrem\callctrl.cxx @ 3297] combase!ReentrantSTAInvokeInApartment+0x1ad [onecore\com\combase\dcomrem\reentrantsta.cpp @ 113] combase!AppInvoke+0x245 [onecore\com\combase\dcomrem\channelb.cxx @ 1122] combase!ComInvokeWithLockAndIPID+0xaf6 [onecore\com\combase\dcomrem\channelb.cxx @ 2210] combase!ComInvoke+0x1ff [onecore\com\combase\dcomrem\channelb.cxx @ 1697] combase!ThreadDispatch+0x25e [onecore\com\combase\dcomrem\chancont.cxx @ 414] combase!ThreadWndProc+0x40a [onecore\com\combase\dcomrem\chancont.cxx @ 740] user32!UserCallWinProcCheckWow+0x2f8 user32!DispatchMessageWorker+0x249 combase!CCliModalLoop::MyDispatchMessage+0xc [onecore\com\combase\dcomrem\callctrl.cxx @ 2989] combase!CCliModalLoop::PeekRPCAndDDEMessage+0x77 [onecore\com\combase\dcomrem\callctrl.cxx @ 2611] combase!CCliModalLoop::FindMessage+0x46 [onecore\com\combase\dcomrem\callctrl.cxx @ 2706] combase!CCliModalLoop::HandleWakeForMsg+0x57 [onecore\com\combase\dcomrem\callctrl.cxx @ 2302] combase!CCliModalLoop::BlockFn+0x2de [onecore\com\combase\dcomrem\callctrl.cxx @ 2239] combase!ModalLoop+0xa9 [onecore\com\combase\dcomrem\chancont.cxx @ 164] combase!ClassicSTAThreadWaitForCall+0xbb [onecore\com\combase\dcomrem\threadtypespecific.cpp @ 172] combase!ThreadSendReceive+0x84e [onecore\com\combase\dcomrem\channelb.cxx @ 7355] combase!CSyncClientCall::SwitchAptAndDispatchCall+0x8df [onecore\com\combase\dcomrem\channelb.cxx @ 5900] combase!CSyncClientCall::SendReceive2+0x9d6 [onecore\com\combase\dcomrem\channelb.cxx @ 5459] combase!SyncClientCallRetryContext::SendReceiveWithRetry+0x25 [onecore\com\combase\dcomrem\callctrl.cxx @ 1542] combase!CSyncClientCall::SendReceiveInRetryContext+0x25 [onecore\com\combase\dcomrem\callctrl.cxx @ 565] combase!ClassicSTAThreadSendReceive+0xa3 [onecore\com\combase\dcomrem\callctrl.cxx @ 547] combase!CSyncClientCall::SendReceive+0x18b [onecore\com\combase\dcomrem\ctxchnl.cxx @ 783] combase!CClientChannel::SendReceive+0x84 [onecore\com\combase\dcomrem\ctxchnl.cxx @ 655] combase!NdrExtpProxySendReceive+0x4e [onecore\com\combase\ndr\ndrole\proxy.cxx @ 2002] rpcrt4!NdrpClientCall2+0x5d0 rpcrt4!NdrClientCall2+0x1f oleaut32!ITypeInfo_GetFuncDesc_Proxy+0x3e userApp!MetaObjectGenerator::readEventInterface+0x1c1 [d:\jenkins\workspace\u_qt5.14_buildx64\qtactiveqt\src\activeqt\container\qaxbase.cpp @ 2807] userApp!MetaObjectGenerator::readEventInfo+0x495 [d:\jenkins\workspace\u_qt5.14_buildx64\qtactiveqt\src\activeqt\container\qaxbase.cpp @ 2905] userApp!MetaObjectGenerator::metaObject+0xfb [d:\jenkins\workspace\u_qt5.14_buildx64\qtactiveqt\src\activeqt\container\qaxbase.cpp @ 3026] userApp!QAxBase::metaObject+0xb9 [d:\jenkins\workspace\u_qt5.14_buildx64\qtactiveqt\src\activeqt\container\qaxbase.cpp @ 3288] Qt5Core!QObject::connect+0xed [d:\jenkins\workspace\u_qt5.14_buildx64\qtbase\src\corelib\kernel\qobject.cpp @ 2814]
Attachments
Issue Links
- is duplicated by
-
QTBUG-100657 Crash while receiving COM IDispatch events when initializing
- Closed
For Gerrit Dashboard: QTBUG-96871 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
503103,2 | Block signals while the meta object gets created | dev | qt/qtactiveqt | Status: MERGED | +2 | 0 |
506411,2 | Block signals while the meta object gets created | 6.6 | qt/qtactiveqt | Status: MERGED | +2 | 0 |
506535,2 | Block signals while the meta object gets created | 6.5 | qt/qtactiveqt | Status: MERGED | +2 | 0 |
506655,2 | Block signals while the meta object gets created | tqtc/lts-5.15 | qt/tqtc-qtactiveqt | Status: MERGED | +2 | 0 |