Details
-
Bug
-
Resolution: Done
-
P1: Critical
-
6.3, 6.4.0 Beta2, 6.5
-
-
f7bac60ed8 (qt/qtdeclarative/dev) f7bac60ed8 (qt/tqtc-qtdeclarative/dev) 5374e59dc5 (qt/qtdeclarative/6.3) 5374e59dc5 (qt/tqtc-qtdeclarative/6.3) b40c17487a (qt/tqtc-qtdeclarative/6.2) 0ad96b813e (qt/qtdeclarative/6.4) 5374e59dc5 (qt/qtdeclarative/6.3.2)
Description
I see the heap-use-after-free from LSan when running e.g. tst_basic "StackView::test_requiredProperties". Log is attached.
It does look indeed valid (albeit no clue how it manages to pass - do we do something nasty when deleting UI elements there?)
Some analysis:
When doing pop() on a stack view:
QQuickStackViewPrivate::completeTransition() [1] seems to call first `element->completeTransition(transition);` and then `viewItemTransitionFinished(element);`, where element->completeTransition(transition) also internally calls viewItemTransitionFinished(element), so we call this function twice essentially.
viewItemTransitionFinished() seems to remove the passed element in the case of the aforementioned test, so: it first deletes it and then is called again for the same element -> LSan considers this as heap-use-after-free
Attachments
Issue Links
- blocks
-
QTBUG-104884 Crash with ComponentBehavior: Bound and DelegateModel
- Closed
- is duplicated by
-
QTBUG-104923 Heap use after free in QQuickStackView
- Closed
-
QTBUG-104386 tst_controls::Basic::StackView::test_requiredProperties() ERROR: AddressSanitizer: heap-use-after-free
- Closed
- relates to
-
QTBUG-99629 Improve safety/debuggability of item change listeners
- Open
-
QTBUG-104386 tst_controls::Basic::StackView::test_requiredProperties() ERROR: AddressSanitizer: heap-use-after-free
- Closed