Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-97423

heap-use-after-free in SwipeView::test_orientation

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • P1: Critical
    • None
    • 6.3, 6.2
    • Quick: Controls 2
    • None

    Description

      When running

      tst_basic -input /Users/mitch/dev/qt-dev/qtdeclarative/tests/auto/quickcontrols2/controls/data/tst_swipeview.qml SwipeView::test_orientation

      I get a heap-use-after-free:

      PASS   : tst_controls::Basic::SwipeView::test_orientation()
=================================================================
==39684==ERROR: AddressSanitizer: heap-use-after-free on address 0x61d000779e20 at pc 0x0001081e228c bp 0x7ffee7e5e830 sp 0x7ffee7e5e828
READ of size 8 at 0x61d000779e20 thread T0
    #0 0x1081e228b in QQuickItem::~QQuickItem() qquickitem.cpp:2357
    #1 0x1081c0857 in QQuickImplicitSizeItem::~QQuickImplicitSizeItem() qquickimplicitsizeitem_p.h:60
    #2 0x108468107 in QQuickText::~QQuickText() qquicktext.cpp:1368
    #3 0x108fd4ea8 in QQmlPrivate::QQmlElement<QQuickText>::~QQmlElement() qqmlprivate.h:136
    #4 0x108fd4d54 in QQmlPrivate::QQmlElement<QQuickText>::~QQmlElement() qqmlprivate.h:134
    #5 0x108fd4d7b in QQmlPrivate::QQmlElement<QQuickText>::~QQmlElement() qqmlprivate.h:134
    #6 0x1157acee5 in QObjectPrivate::deleteChildren() qobject.cpp:2120
    #7 0x1157abff1 in QObject::~QObject() qobject.cpp:1104
    #8 0x1081e2fc3 in QQuickItem::~QQuickItem() qquickitem.cpp:2400
    #9 0x117c81a9a in QQuickControl::~QQuickControl() qquickcontrol.cpp:877
    #10 0x117c5ee22 in QQuickContainer::~QQuickContainer() qquickcontainer.cpp:474
    #11 0x117f02387 in QQuickSwipeView::~QQuickSwipeView() qquickswipeview_p.h:58
    #12 0x117ffd768 in QQmlPrivate::QQmlElement<QQuickSwipeView>::~QQmlElement() qqmlprivate.h:136
    #13 0x117ffd614 in QQmlPrivate::QQmlElement<QQuickSwipeView>::~QQmlElement() qqmlprivate.h:134
    #14 0x117ffd63b in QQmlPrivate::QQmlElement<QQuickSwipeView>::~QQmlElement() qqmlprivate.h:134
    #15 0x1157afa91 in qDeleteInEventHandler(QObject*) qobject.cpp:4776
    #16 0x1157af046 in QObject::event(QEvent*) qobject.cpp:1338
    #17 0x108229da1 in QQuickItem::event(QEvent*) qquickitem.cpp:8638
    #18 0x1155c9a6a in QCoreApplicationPrivate::notify_helper(QObject*, QEvent*) qcoreapplication.cpp:1230
    #19 0x1155c8bc7 in doNotify(QObject*, QEvent*) qcoreapplication.cpp:1159
    #20 0x1155c8df0 in QCoreApplication::notify(QObject*, QEvent*) qcoreapplication.cpp:1142
    #21 0x10bcf388c in QGuiApplication::notify(QObject*, QEvent*) qguiapplication.cpp:1930
    #22 0x1155c88b9 in QCoreApplication::notifyInternal2(QObject*, QEvent*) qcoreapplication.cpp:1063
    #23 0x1155cb63e in QCoreApplication::sendEvent(QObject*, QEvent*) qcoreapplication.cpp:1479
    #24 0x1155ceedf in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) qcoreapplication.cpp:1843
    #25 0x1155cb2fc in QCoreApplication::sendPostedEvents(QObject*, int) qcoreapplication.cpp:1702
    #26 0x11585bd35 in QTest::qWait(int) qtestsupport_core.cpp:120
    #27 0x107edff16 in QuickTestResult::wait(int) quicktestresult.cpp:657
    #28 0x107ee85f5 in QuickTestResult::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) moc_quicktestresult_p.cpp:347
    #29 0x107eebf6c in QuickTestResult::qt_metacall(QMetaObject::Call, int, void**) moc_quicktestresult_p.cpp:532
    #30 0x1156279e2 in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) qmetaobject.cpp:321
    #31 0x110c0e5ac in QQmlObjectOrGadget::metacall(QMetaObject::Call, int, void**) const qqmlobjectorgadget.cpp:50
    #32 0x11047e461 in CallMethod(QQmlObjectOrGadget const&, int, QMetaType, int, QMetaType const*, QV4::ExecutionEngine*, QV4::CallData*, QMetaObject::Call) qv4qobjectwrapper.cpp:1417
    #33 0x11045f4de in CallPrecise(QQmlObjectOrGadget const&, QQmlPropertyData const&, QV4::ExecutionEngine*, QV4::CallData*, QMetaObject::Call) qv4qobjectwrapper.cpp:1677
    #34 0x11047b240 in QV4::QObjectMethod::callInternal(QV4::Value const*, QV4::Value const*, int) const::$_4::operator()() const qv4qobjectwrapper.cpp:2279
    #35 0x11045c752 in auto QV4::QObjectMethod::callInternal(QV4::Value const*, QV4::Value const*, int) const::$_2::operator()<QV4::QObjectMethod::callInternal(QV4::Value const*, QV4::Value const*, int) const::$_4>(QV4::QObjectMethod::callInternal(QV4::Value const*, QV4::Value const*, int) const::$_4 const&) const qv4qobjectwrapper.cpp:2257
    #36 0x11045b08f in QV4::QObjectMethod::callInternal(QV4::Value const*, QV4::Value const*, int) const qv4qobjectwrapper.cpp:2279
    #37 0x11045a342 in QV4::QObjectMethod::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) qv4qobjectwrapper.cpp:2216
    #38 0x11008e0b8 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const qv4functionobject_p.h:205
    #39 0x110591110 in QV4::Runtime::CallPropertyLookup::call(QV4::ExecutionEngine*, QV4::Value const&, unsigned int, QV4::Value*, int) qv4runtime.cpp:1527
    #40 0x124096f45  (<unknown module>)
    #41 0x11067bd2d in QV4::Moth::VME::exec(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*) qv4vme_moth.cpp:552
    #42 0x110307886 in QV4::ArrowFunction::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) qv4functionobject.cpp:578
    #43 0x11008e0b8 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const qv4functionobject_p.h:205
    #44 0x11058f477 in QV4::Runtime::CallQmlContextPropertyLookup::call(QV4::ExecutionEngine*, unsigned int, QV4::Value*, int) qv4runtime.cpp:1434
    #45 0x124096bc4  (<unknown module>)
    #46 0x11067bd2d in QV4::Moth::VME::exec(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*) qv4vme_moth.cpp:552
    #47 0x110307886 in QV4::ArrowFunction::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) qv4functionobject.cpp:578
    #48 0x11008e0b8 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const qv4functionobject_p.h:205
    #49 0x11058f477 in QV4::Runtime::CallQmlContextPropertyLookup::call(QV4::ExecutionEngine*, unsigned int, QV4::Value*, int) qv4runtime.cpp:1434
    #50 0x11068e434 in QV4::Moth::VME::interpret(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*, char const*) qv4vme_moth.cpp:903
    #51 0x11067bdd6 in QV4::Moth::VME::exec(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*) qv4vme_moth.cpp:555
    #52 0x110307886 in QV4::ArrowFunction::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) qv4functionobject.cpp:578
    #53 0x11008e0b8 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const qv4functionobject_p.h:205
    #54 0x11058f477 in QV4::Runtime::CallQmlContextPropertyLookup::call(QV4::ExecutionEngine*, unsigned int, QV4::Value*, int) qv4runtime.cpp:1434
    #55 0x11068e434 in QV4::Moth::VME::interpret(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*, char const*) qv4vme_moth.cpp:903
    #56 0x11067bdd6 in QV4::Moth::VME::exec(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*) qv4vme_moth.cpp:555
    #57 0x1102f40d1 in QV4::Function::call(QV4::Value const*, QV4::Value const*, int, QV4::ExecutionContext*) qv4function.cpp:98
    #58 0x1102fa9f5 in QV4::Function::call(QObject*, void**, QMetaType const*, int, QV4::ExecutionContext*)::$_0::operator()(QV4::Value const*, QV4::Value const*, int) const qv4function.cpp:67
    #59 0x1102f3056 in bool QV4::convertAndCall<QV4::Function::call(QObject*, void**, QMetaType const*, int, QV4::ExecutionContext*)::$_0>(QV4::ExecutionEngine*, QObject*, void**, QMetaType const*, int, QV4::Function::call(QObject*, void**, QMetaType const*, int, QV4::ExecutionContext*)::$_0) qv4jscall_p.h:229
    #60 0x1102f2810 in QV4::Function::call(QObject*, void**, QMetaType const*, int, QV4::ExecutionContext*) qv4function.cpp:64
    #61 0x110a55a0f in QQmlJavaScriptExpression::evaluate(void**, QMetaType const*, int) qqmljavascriptexpression.cpp:306
    #62 0x11085687b in QQmlBoundSignalExpression::evaluate(void**) qqmlboundsignal.cpp:235
    #63 0x11085831d in QQmlBoundSignal_callback(QQmlNotifierEndpoint*, void**) qqmlboundsignal.cpp:350
    #64 0x110b4ef02 in QQmlNotifier::emitNotify(QQmlNotifierEndpoint*, void**) qqmlnotifier.cpp:104
    #65 0x11091497a in QQmlData::signalEmitted(QAbstractDeclarativeData*, QObject*, int, void**) qqmlengine.cpp:628
    #66 0x1157c97de in void doActivate<false>(QObject*, int, void**) qobject.cpp:3802
    #67 0x1157cb001 in QMetaObject::activate(QObject*, int, int, void**) qobject.cpp:3983
    #68 0x110faf445 in QQmlVMEMetaObject::activate(QObject*, int, void**) qqmlvmemetaobject.cpp:1304
    #69 0x110fb9d23 in QQmlVMEMetaObject::metaCall(QObject*, QMetaObject::Call, int, void**) qqmlvmemetaobject.cpp:888
    #70 0x110fbb47e in QQmlVMEMetaObject::metaCall(QObject*, QMetaObject::Call, int, void**) qqmlvmemetaobject.cpp:1038
    #71 0x115627937 in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) qmetaobject.cpp:319
    #72 0x1107bcd9c in QQmlPropertyData::writeProperty(QObject*, void*, QFlags<QQmlPropertyData::WriteFlag>) const qqmlpropertydata_p.h:375
    #73 0x11083712e in GenericBinding<1>::write(QV4::Value const&, bool, QFlags<QQmlPropertyData::WriteFlag>) qqmlbinding.cpp:354
    #74 0x110806f31 in QQmlNonbindingBinding::doUpdate(QQmlJavaScriptExpression::DeleteWatcher const&, QFlags<QQmlPropertyData::WriteFlag>, QV4::Scope&) qqmlbinding.cpp:285
    #75 0x1107e5cfd in QQmlBinding::update(QFlags<QQmlPropertyData::WriteFlag>) qqmlbinding.cpp:199
    #76 0x1107ed3a1 in QQmlBinding::expressionChanged() qqmlbinding.cpp:651
    #77 0x110a5a7bb in QQmlJavaScriptExpressionGuard_callback(QQmlNotifierEndpoint*, void**) qqmljavascriptexpression.cpp:584
    #78 0x110b4ef02 in QQmlNotifier::emitNotify(QQmlNotifierEndpoint*, void**) qqmlnotifier.cpp:104
    #79 0x11091497a in QQmlData::signalEmitted(QAbstractDeclarativeData*, QObject*, int, void**) qqmlengine.cpp:628
    #80 0x1157c97de in void doActivate<false>(QObject*, int, void**) qobject.cpp:3802
    #81 0x1157cb001 in QMetaObject::activate(QObject*, int, int, void**) qobject.cpp:3983
    #82 0x110faf445 in QQmlVMEMetaObject::activate(QObject*, int, void**) qqmlvmemetaobject.cpp:1304
    #83 0x110fb9d23 in QQmlVMEMetaObject::metaCall(QObject*, QMetaObject::Call, int, void**) qqmlvmemetaobject.cpp:888
    #84 0x110fbb47e in QQmlVMEMetaObject::metaCall(QObject*, QMetaObject::Call, int, void**) qqmlvmemetaobject.cpp:1038
    #85 0x115627937 in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) qmetaobject.cpp:319
    #86 0x1107bcd9c in QQmlPropertyData::writeProperty(QObject*, void*, QFlags<QQmlPropertyData::WriteFlag>) const qqmlpropertydata_p.h:375
    #87 0x11083712e in GenericBinding<1>::write(QV4::Value const&, bool, QFlags<QQmlPropertyData::WriteFlag>) qqmlbinding.cpp:354
    #88 0x110806f31 in QQmlNonbindingBinding::doUpdate(QQmlJavaScriptExpression::DeleteWatcher const&, QFlags<QQmlPropertyData::WriteFlag>, QV4::Scope&) qqmlbinding.cpp:285
    #89 0x1107e5cfd in QQmlBinding::update(QFlags<QQmlPropertyData::WriteFlag>) qqmlbinding.cpp:199
    #90 0x1107ed3a1 in QQmlBinding::expressionChanged() qqmlbinding.cpp:651
    #91 0x110a5a7bb in QQmlJavaScriptExpressionGuard_callback(QQmlNotifierEndpoint*, void**) qqmljavascriptexpression.cpp:584
    #92 0x110b4ef02 in QQmlNotifier::emitNotify(QQmlNotifierEndpoint*, void**) qqmlnotifier.cpp:104
    #93 0x11091497a in QQmlData::signalEmitted(QAbstractDeclarativeData*, QObject*, int, void**) qqmlengine.cpp:628
    #94 0x1157c97de in void doActivate<false>(QObject*, int, void**) qobject.cpp:3802
    #95 0x1157c74a0 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) qobject.cpp:3970
    #96 0x107e63714 in QTestRootObject::windowShownChanged() moc_quicktest_p.cpp:210
    #97 0x107eb8e93 in QTestRootObject::setWindowShown(bool) quicktest_p.h:96
    #98 0x107ec71cd in quick_test_main_with_setup(int, char**, char const*, char const*, QObject*)::$_1::operator()() const quicktest.cpp:602
    #99 0x107ec70fe in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, quick_test_main_with_setup(int, char**, char const*, char const*, QObject*)::$_1>::call(quick_test_main_with_setup(int, char**, char const*, char const*, QObject*)::$_1&, void**) qobjectdefs_impl.h:146
    #100 0x107ec6fe0 in void QtPrivate::Functor<quick_test_main_with_setup(int, char**, char const*, char const*, QObject*)::$_1, 0>::call<QtPrivate::List<>, void>(quick_test_main_with_setup(int, char**, char const*, char const*, QObject*)::$_1&, void*, void**) qobjectdefs_impl.h:252
    #101 0x107ec6f0b in QtPrivate::QFunctorSlotObject<quick_test_main_with_setup(int, char**, char const*, char const*, QObject*)::$_1, 0, QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) qobjectdefs_impl.h:419
    #102 0x115639a27 in QtPrivate::QSlotObjectBase::call(QObject*, void**) qobjectdefs_impl.h:374
    #103 0x1157a9be9 in QMetaCallEvent::placeMetaCall(QObject*) qobject.cpp:623
    #104 0x1157af1f0 in QObject::event(QEvent*) qobject.cpp:1351
    #105 0x115c4c1db in QThread::event(QEvent*) qthread.cpp:1003
    #106 0x1155c9a6a in QCoreApplicationPrivate::notify_helper(QObject*, QEvent*) qcoreapplication.cpp:1230
    #107 0x1155c8bc7 in doNotify(QObject*, QEvent*) qcoreapplication.cpp:1159
    #108 0x1155c8df0 in QCoreApplication::notify(QObject*, QEvent*) qcoreapplication.cpp:1142
    #109 0x10bcf388c in QGuiApplication::notify(QObject*, QEvent*) qguiapplication.cpp:1930
    #110 0x1155c88b9 in QCoreApplication::notifyInternal2(QObject*, QEvent*) qcoreapplication.cpp:1063
    #111 0x1155cb63e in QCoreApplication::sendEvent(QObject*, QEvent*) qcoreapplication.cpp:1479
    #112 0x1155ceedf in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) qcoreapplication.cpp:1843
    #113 0x1155cb2fc in QCoreApplication::sendPostedEvents(QObject*, int) qcoreapplication.cpp:1702
    #114 0x11bcb2c6c in QCocoaEventDispatcherPrivate::processPostedEvents() qcocoaeventdispatcher.mm:902
    #115 0x11bcb3aad in QCocoaEventDispatcherPrivate::postedEventsSourceCallback(void*) qcocoaeventdispatcher.mm:925
    #116 0x7fff205cb2bb in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__+0x10 (CoreFoundation:x86_64h+0x802bb)
    #117 0x7fff205cb223 in __CFRunLoopDoSource0+0xb3 (CoreFoundation:x86_64h+0x80223)
    #118 0x7fff205cafa3 in __CFRunLoopDoSources0+0xf1 (CoreFoundation:x86_64h+0x7ffa3)
    #119 0x7fff205c99cb in __CFRunLoopRun+0x37c (CoreFoundation:x86_64h+0x7e9cb)
    #120 0x7fff205c8f8b in CFRunLoopRunSpecific+0x232 (CoreFoundation:x86_64h+0x7df8b)
    #121 0x7fff288111f2 in RunCurrentEventLoopInMode+0x123 (HIToolbox:x86_64+0x311f2)
    #122 0x7fff28810e25 in ReceiveNextEventCommon+0x11b (HIToolbox:x86_64+0x30e25)
    #123 0x7fff28810cf2 in _BlockUntilNextEventMatchingListInModeWithFilter+0x45 (HIToolbox:x86_64+0x30cf2)
    #124 0x7fff22dd2171 in _DPSNextEvent+0x35f (AppKit:x86_64+0x3f171)
    #125 0x7fff22dd0944 in -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:]+0x553 (AppKit:x86_64+0x3d944)
    #126 0x7fff22dc2c68 in -[NSApplication run]+0x249 (AppKit:x86_64+0x2fc68)
    #127 0x11bcb1725 in QCocoaEventDispatcher::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) qcocoaeventdispatcher.mm:430
    #128 0x1156145b9 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) qeventloop.cpp:135
    #129 0x115614c59 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) qeventloop.cpp:217
    #130 0x107e80cfd in quick_test_main_with_setup(int, char**, char const*, char const*, QObject*) quicktest.cpp:610
    #131 0x107e7b56f in quick_test_main(int, char**, char const*, char const*) quicktest.cpp:359
    #132 0x107d7e9cd in main tst_basic.cpp:45
    #133 0x7fff204eef3c in start+0x0 (libdyld.dylib:x86_64+0x15f3c)

0x61d000779e20 is located 416 bytes inside of 2400-byte region [0x61d000779c80,0x61d00077a5e0)
freed by thread T0 here:
    #0 0x113c9305d in wrap__ZdlPv+0x7d (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x5505d)
    #1 0x1093840b7 in QQuickListViewPrivate::~QQuickListViewPrivate() qquicklistview.cpp:205
    #2 0x1157ea1d1 in QScopedPointerDeleter<QObjectData>::cleanup(QObjectData*) qscopedpointer.h:60
    #3 0x1157ea12f in QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> >::~QScopedPointer() qscopedpointer.h:116
    #4 0x1157aad74 in QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> >::~QScopedPointer() qscopedpointer.h:114
    #5 0x1157ac12a in QObject::~QObject() qobject.cpp:1113
    #6 0x1081e2fc3 in QQuickItem::~QQuickItem() qquickitem.cpp:2400
    #7 0x10815fe17 in QQuickFlickable::~QQuickFlickable() qquickflickable.cpp:766
    #8 0x1092cb0ee in QQuickItemView::~QQuickItemView() qquickitemview.cpp:170
    #9 0x109373fd7 in QQuickListView::~QQuickListView() qquicklistview.cpp:2216
    #10 0x108ef63e8 in QQmlPrivate::QQmlElement<QQuickListView>::~QQmlElement() qqmlprivate.h:136
    #11 0x108ef6294 in QQmlPrivate::QQmlElement<QQuickListView>::~QQmlElement() qqmlprivate.h:134
    #12 0x108ef62bb in QQmlPrivate::QQmlElement<QQuickListView>::~QQmlElement() qqmlprivate.h:134
    #13 0x1157acee5 in QObjectPrivate::deleteChildren() qobject.cpp:2120
    #14 0x1157abff1 in QObject::~QObject() qobject.cpp:1104
    #15 0x1081e2fc3 in QQuickItem::~QQuickItem() qquickitem.cpp:2400
    #16 0x117c81a9a in QQuickControl::~QQuickControl() qquickcontrol.cpp:877
    #17 0x117c5ee22 in QQuickContainer::~QQuickContainer() qquickcontainer.cpp:474
    #18 0x117f02387 in QQuickSwipeView::~QQuickSwipeView() qquickswipeview_p.h:58
    #19 0x117ffd768 in QQmlPrivate::QQmlElement<QQuickSwipeView>::~QQmlElement() qqmlprivate.h:136
    #20 0x117ffd614 in QQmlPrivate::QQmlElement<QQuickSwipeView>::~QQmlElement() qqmlprivate.h:134
    #21 0x117ffd63b in QQmlPrivate::QQmlElement<QQuickSwipeView>::~QQmlElement() qqmlprivate.h:134
    #22 0x1157afa91 in qDeleteInEventHandler(QObject*) qobject.cpp:4776
    #23 0x1157af046 in QObject::event(QEvent*) qobject.cpp:1338
    #24 0x108229da1 in QQuickItem::event(QEvent*) qquickitem.cpp:8638
    #25 0x1155c9a6a in QCoreApplicationPrivate::notify_helper(QObject*, QEvent*) qcoreapplication.cpp:1230
    #26 0x1155c8bc7 in doNotify(QObject*, QEvent*) qcoreapplication.cpp:1159
    #27 0x1155c8df0 in QCoreApplication::notify(QObject*, QEvent*) qcoreapplication.cpp:1142
    #28 0x10bcf388c in QGuiApplication::notify(QObject*, QEvent*) qguiapplication.cpp:1930
    #29 0x1155c88b9 in QCoreApplication::notifyInternal2(QObject*, QEvent*) qcoreapplication.cpp:1063

previously allocated by thread T0 here:
    #0 0x113c92c3d in wrap__Znwm+0x7d (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x54c3d)
    #1 0x109373eb8 in QQuickListView::QQuickListView(QQuickItem*) qquicklistview.cpp:2210
    #2 0x108ef61e2 in QQmlPrivate::QQmlElement<QQuickListView>::QQmlElement() qqmlprivate.h:131
    #3 0x108ef61b4 in QQmlPrivate::QQmlElement<QQuickListView>::QQmlElement() qqmlprivate.h:131
    #4 0x108ef3d9b in void QQmlPrivate::createInto<QQuickListView>(void*, void*) qqmlprivate.h:191
    #5 0x110da9bf4 in QQmlType::create(QObject**, void**, unsigned long) const qqmltype.cpp:504
    #6 0x110b56a86 in QQmlObjectCreator::createInstance(int, QObject*, bool) qqmlobjectcreator.cpp:1226
    #7 0x110b5c799 in QQmlObjectCreator::setPropertyBinding(QQmlPropertyData const*, QV4::CompiledData::Binding const*) qqmlobjectcreator.cpp:833
    #8 0x110b5a56c in QQmlObjectCreator::populateDeferred(QObject*, int, QQmlPropertyPrivate const*, QV4::CompiledData::Binding const*) qqmlobjectcreator.cpp:310
    #9 0x110b65554 in QQmlObjectCreator::populateDeferredBinding(QQmlProperty const&, int, QV4::CompiledData::Binding const*) qqmlobjectcreator.cpp:341
    #10 0x117c9052f in QtQuickPrivate::beginDeferred(QQmlEnginePrivate*, QQmlProperty const&, QQmlComponentPrivate::DeferredState*) qquickdeferredexecute.cpp:98
    #11 0x117c8ef49 in QtQuickPrivate::beginDeferred(QObject*, QString const&) qquickdeferredexecute.cpp:120
    #12 0x117b5bd00 in void quickBeginDeferred<QQuickItem>(QObject*, QString const&, QQuickDeferredPointer<QQuickItem>&) qquickdeferredexecute_p_p.h:75
    #13 0x117c7fcbf in QQuickControlPrivate::executeContentItem(bool) qquickcontrol.cpp:729
    #14 0x117c8581b in QQuickControl::componentComplete() qquickcontrol.cpp:1903
    #15 0x117c601cb in QQuickContainer::componentComplete() qquickcontainer.cpp:837
    #16 0x117c601fd in non-virtual thunk to QQuickContainer::componentComplete() qquickcontainer.cpp
    #17 0x110b7968d in QQmlObjectCreator::finalize(QQmlInstantiationInterrupt&) qqmlobjectcreator.cpp:1475
    #18 0x11088eb5b in QQmlComponentPrivate::complete(QQmlEnginePrivate*, QQmlComponentPrivate::ConstructionState*) qqmlcomponent.cpp:1010
    #19 0x1108874dd in QQmlComponentPrivate::completeCreate() qqmlcomponent.cpp:1102
    #20 0x11089605c in QQmlComponent::createObject(QQmlV4Function*) qqmlcomponent.cpp:1514
    #21 0x11089b416 in QQmlComponent::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) moc_qqmlcomponent.cpp:156
    #22 0x11089bd17 in QQmlComponent::qt_metacall(QMetaObject::Call, int, void**) moc_qqmlcomponent.cpp:232
    #23 0x1156279e2 in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) qmetaobject.cpp:321
    #24 0x110c0e5ac in QQmlObjectOrGadget::metacall(QMetaObject::Call, int, void**) const qqmlobjectorgadget.cpp:50
    #25 0x110478344 in QV4::QObjectMethod::callInternal(QV4::Value const*, QV4::Value const*, int) const::$_3::operator()() const qv4qobjectwrapper.cpp:2267
    #26 0x11045b632 in auto QV4::QObjectMethod::callInternal(QV4::Value const*, QV4::Value const*, int) const::$_2::operator()<QV4::QObjectMethod::callInternal(QV4::Value const*, QV4::Value const*, int) const::$_3>(QV4::QObjectMethod::callInternal(QV4::Value const*, QV4::Value const*, int) const::$_3 const&) const qv4qobjectwrapper.cpp:2257
    #27 0x11045ad1d in QV4::QObjectMethod::callInternal(QV4::Value const*, QV4::Value const*, int) const qv4qobjectwrapper.cpp:2261
    #28 0x11045a342 in QV4::QObjectMethod::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) qv4qobjectwrapper.cpp:2216
    #29 0x11008e0b8 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const qv4functionobject_p.h:205

SUMMARY: AddressSanitizer: heap-use-after-free qquickitem.cpp:2357 in QQuickItem::~QQuickItem()
Shadow bytes around the buggy address:
  0x1c3a000ef370: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa
  0x1c3a000ef380: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c3a000ef390: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c3a000ef3a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c3a000ef3b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x1c3a000ef3c0: fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd
  0x1c3a000ef3d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c3a000ef3e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c3a000ef3f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c3a000ef400: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c3a000ef410: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==39684==ABORTING
11:26:56: The program has unexpectedly finished.
11:26:56: The process was ended forcefully.
11:26:56: /Users/mitch/dev/qt-dev-debug-non-fw/qtdeclarative/tests/auto/quickcontrols2/controls/basic/tst_basic crashed.

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-97418 Heap use after free in tst_basic

          • Not Evaluated - Not yet evaluated/prioritized
          • Closed
          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-99264 ListView does not remove all delegates, when its model count is reset to 0

          • P2: Important - Urgent, should be fixed, but will not stop the release.
          • Closed
          relates to

          Task - A task that needs to be done. QTBUG-99629 Improve safety/debuggability of item change listeners

          • P2: Important - Urgent, should be fixed, but will not stop the release.
          • Open
          resulted from

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-86744 ListView.isCurrentItem not available until model is refreshed

          • P2: Important - Urgent, should be fixed, but will not stop the release.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              mitch_curtis Mitch Curtis
              mitch_curtis Mitch Curtis
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews