Details
-
Bug
-
Resolution: Done
-
P1: Critical
-
6.2.0
-
None
-
Windows, MSVC 2019
-
Windows
-
4e646c2586c27183497eb8078829a4000c06edcd (qt/qtmultimedia/dev) 0b5ebf12596b146f8f0ea191a212aafc9c0dc202 (qt/qtmultimedia/6.2)
Description
There is sporadic crash (use-after-free) on (Q)MediaPlayer destruction.
> Qt6Cored.dll!QScopedPointer<QObjectData,QScopedPointerDeleter<QObjectData>>::get() Line 147 C++ Qt6Cored.dll!qGetPtrHelper<QScopedPointer<QObjectData,QScopedPointerDeleter<QObjectData>>>(QScopedPointer<QObjectData,QScopedPointerDeleter<QObjectData>> & ptr) Line 1267 C++ Qt6Cored.dll!QObject::d_func() Line 125 C++ Qt6Cored.dll!QObjectPrivate::get(QObject * o) Line 362 C++ Qt6Cored.dll!doActivate<0>(QObject * sender, int signal_index, void * * argv) Line 3786 C++ Qt6Cored.dll!QMetaObject::activate(QObject * sender, const QMetaObject * m, int local_signal_index, void * * argv) Line 3965 C++ Qt6Multimediad.dll!QMediaPlayer::positionChanged(__int64 _t1) Line 563 C++ Qt6Multimediad.dll!QPlatformMediaPlayer::positionChanged(__int64 position) Line 115 C++ Qt6Multimediad.dll!MFPlayerSession::positionChanged(__int64 position) Line 144 C++ Qt6Multimediad.dll!MFPlayerSession::{ctor}::__l2::<lambda>() Line 99 C++ Qt6Multimediad.dll!QtPrivate::FunctorCall<QtPrivate::IndexesList<>,QtPrivate::List<>,void,void <lambda>(void)>::call(MFPlayerSession::{ctor}::__l2::void <lambda>(void) & f, void * * arg) Line 146 C++ Qt6Multimediad.dll!QtPrivate::Functor<void <lambda>(void),0>::call<QtPrivate::List<>,void>(MFPlayerSession::{ctor}::__l2::void <lambda>(void) & f, void * __formal, void * * arg) Line 257 C++ Qt6Multimediad.dll!QtPrivate::QFunctorSlotObject<void <lambda>(void),0,QtPrivate::List<>,void>::impl(int which, QtPrivate::QSlotObjectBase * this_, QObject * r, void * * a, bool * ret) Line 426 C++ Qt6Cored.dll!QtPrivate::QSlotObjectBase::call(QObject * r, void * * a) Line 375 C++ Qt6Cored.dll!doActivate<0>(QObject * sender, int signal_index, void * * argv) Line 3904 C++ Qt6Cored.dll!QMetaObject::activate(QObject * sender, const QMetaObject * m, int local_signal_index, void * * argv) Line 3965 C++ Qt6Cored.dll!QTimer::timeout(QTimer::QPrivateSignal _t1) Line 211 C++ Qt6Cored.dll!QTimer::timerEvent(QTimerEvent * e) Line 297 C++ Qt6Cored.dll!QObject::event(QEvent * e) Line 1343 C++ Qt6Widgetsd.dll!QApplicationPrivate::notify_helper(QObject * receiver, QEvent * e) Line 3401 C++ Qt6Widgetsd.dll!QApplication::notify(QObject * receiver, QEvent * e) Line 2760 C++ Qt6Cored.dll!QCoreApplication::notifyInternal2(QObject * receiver, QEvent * event) Line 1063 C++ Qt6Cored.dll!QCoreApplication::sendEvent(QObject * receiver, QEvent * event) Line 1472 C++ Qt6Cored.dll!QEventDispatcherWin32Private::sendTimerEvent(int timerId) Line 407 C++ Qt6Cored.dll!qt_internal_proc(HWND__ * hwnd, unsigned int message, unsigned __int64 wp, __int64 lp) Line 231 C++
In time when QPlatformMediaPlayer::positionChanged() is called, player is already destroyed, i.e player pointer is 0xdddddddddddddddd
Introduced by https://codereview.qt-project.org/c/qt/qtmultimedia/+/370654
laknoll piotr FYI
Attachments
Issue Links
- relates to
-
-
- Closed
-
-
-
- Closed
-
| For Gerrit Dashboard: QTBUG-97069 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 376016,2 | Fix crash related to position update timer in MFPlayerSession | dev | qt/qtmultimedia | Status: MERGED | +2 | 0 |
| 376189,2 | Fix crash related to position update timer in MFPlayerSession | 6.2 | qt/qtmultimedia | Status: MERGED | +2 | 0 |