Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-99644

invalid access of indicator item inside switch type destructor

    XMLWordPrintable

Details

    • Windows
    • 720ffaeb60 (qt/qtdeclarative/dev) bfb3f8f71b (qt/qtdeclarative/6.3) 79e3420c0c (qt/qtdeclarative/6.2) 720ffaeb60 (qt/qtdeclarative/wip/iosstyle) 79e3420c0c (qt/tqtc-qtdeclarative/6.2) d54285f9e4 (qt/tqtc-qtquickcontrols2/5.15)

    Description

      Hi, I have a switch component whose indicator property is set to an image element having anchors hooked on to the parent switch.

      indicator: Image{
       id:innerImage
       anchors.centerIn: parent
       source: (control.checked) ? checkedIndicator : uncheckedIndicator
      }

      With windows debug build I see a crash in the qml engine (while navagiting away from this page) where the QQmlElement<QQuickSwitch> destructor faults while deleting a child object. This is the primary callstack:

      With runtime verification enabled, if I dump the deallocation history of the faulting address then it shows the below saved deallocation secondary callstack:

      This suggests that the QQmlElement<QQuickSwitch> destructor is trying to double free an already free'd indicator property's image type. I have verified that by commenting out the indicator code the crash does not happen. Wrapping the image inside an Item type also doen't seem to help as the deallocation callstack now show that the offending address was alreday free'd as part of a QQuickItem destruction(see below). Please note that both primary and secondary callstacks are part of the same event loop iteration (endresetModel). The crash does not happen or is masked with Release build.

       

       
       

      Attachments

        Issue Links

          For Gerrit Dashboard: QTBUG-99644
          # Subject Branch Project Status CR V

          Activity

            People

              ulherman Ulf Hermann
              nmam Neelabh Mam
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes