Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: P1: Critical
Fix Version/s: 4.8.x, 5.0.0
Affects Version/s: 4.7.4, 4.8.0, 5.0.0 Beta 1, 5.0.0
Component/s: QML: Declarative and Javascript Engine
Labels:
- creator_qt5
Environment:
Windows XP, Linux Ubuntu x86, OSX
Qt 4.8

Linux, Qt 5

Description

Note: this issue seems to have been triggered in Qt Creator by change: http://codereview.qt-project.org/#change,12027 . The crash appears on all Desktop platforms. We will most likely temporarily revert the commit in Qt Creator in order to circumvent the trouble.

QDeclarativeGridView crashes in the WelcomeScreen of Qt Creator.
The crash seems to depend on the screen size and the size of the GridView. Also the number of items in the model and the type of the model play a role.
This is the reason why we cannot provide a reliable isolated test case.

stack trace:

0	QScopedPointer<QObjectData,QScopedPointerDeleter<QObjectData> >::data	qscopedpointer.h	135	0x670399fa	
1	qGetPtrHelper<QScopedPointer<QObjectData,QScopedPointerDeleter<QObjectData> > >	qglobal.h	2428	0x6702438b	
2	QObject::d_func	qobject.h	115	0x670317e3	
3	QMetaObject::activate	qobject.cpp	3456	0x672100a8	
4	QDeclarativeGridViewAttached::add	moc_qdeclarativegridview_p.cpp	666	0x2d5b28a	
5	QDeclarativeGridViewAttached::emitAdd	qdeclarativegridview_p.h	262	0x2b60b6f	
6	QDeclarativeGridView::itemsInserted	qdeclarativegridview.cpp	2905	0x2b5bcd0	
7	QDeclarativeGridView::qt_static_metacall	moc_qdeclarativegridview_p.cpp	287	0x2d5a492	
8	QMetaObject::activate	qobject.cpp	3547	0x67210484	
9	QDeclarativeVisualModel::itemsInserted	moc_qdeclarativevisualitemmodel_p.cpp	154	0x2d6a0b1	
10	QDeclarativeVisualDataModel::_q_itemsInserted	qdeclarativevisualitemmodel.cpp	1281	0x2bb65c2	
11	QDeclarativeVisualDataModel::_q_rowsInserted	qdeclarativevisualitemmodel.cpp	1364	0x2bb6ab3	
12	QDeclarativeVisualDataModel::qt_static_metacall	moc_qdeclarativevisualitemmodel_p.cpp	403	0x2d6a5fe	
13	QMetaObject::activate	qobject.cpp	3547	0x67210484	
14	QAbstractItemModel::rowsInserted	moc_qabstractitemmodel.cpp	197	0x6728b5a6	
15	QAbstractItemModel::endInsertRows	qabstractitemmodel.cpp	2434	0x671de361	
16	QSortFilterProxyModelPrivate::insert_source_items	qsortfilterproxymodel.cpp	696	0x65833686	
17	QSortFilterProxyModelPrivate::source_items_inserted	qsortfilterproxymodel.cpp	807	0x65833c04	
18	QSortFilterProxyModelPrivate::_q_sourceRowsInserted	qsortfilterproxymodel.cpp	1281	0x6583562d	
19	QSortFilterProxyModel::qt_static_metacall	moc_qsortfilterproxymodel.cpp	114	0x658395d9	
20	QMetaObject::activate	qobject.cpp	3547	0x67210484	
21	QAbstractItemModel::rowsInserted	moc_qabstractitemmodel.cpp	197	0x6728b5a6	
22	QAbstractItemModel::endInsertRows	qabstractitemmodel.cpp	2434	0x671de361	
23	QtSupport::Internal::ExamplesListModel::addItems	exampleslistmodel.cpp	345	0x3954a0d	
24	QtSupport::Internal::ExamplesListModel::readNewsItems	exampleslistmodel.cpp	255	0x39538d0	
25	QtSupport::Internal::ExamplesListModel::helpInitialized	exampleslistmodel.cpp	411	0x395507f	
26	QtSupport::Internal::ExamplesListModel::qt_static_metacall	moc_exampleslistmodel.cpp	65	0x395de79	
27	QMetaObject::activate	qobject.cpp	3547	0x67210484	
28	Core::HelpManager::setupFinished	moc_helpmanager.cpp	113	0xe8fa0a	
29	Core::HelpManager::setupHelpManager	helpmanager.cpp	425	0xe4b4cb	
30	Core::HelpManager::qt_static_metacall	moc_helpmanager.cpp	69	0xe8f8f1	
31	QMetaObject::activate	qobject.cpp	3547	0x67210484	
32	Core::ICore::coreOpened	moc_icore.cpp	123	0xe8b98a	
33	Core::Internal::MainWindow::extensionsInitialized	mainwindow.cpp	371	0xd49762	
34	Core::Internal::CorePlugin::extensionsInitialized	coreplugin.cpp	106	0xdfa886	
35	ExtensionSystem::Internal::PluginSpecPrivate::initializeExtensions	pluginspec.cpp	1012	0x1001e06b	
36	ExtensionSystem::Internal::PluginManagerPrivate::loadPlugin	pluginmanager.cpp	1053	0x10011089	
37	ExtensionSystem::Internal::PluginManagerPrivate::loadPlugins	pluginmanager.cpp	945	0x1001012d	
38	ExtensionSystem::PluginManager::loadPlugins	pluginmanager.cpp	329	0x1000ca92	
39	main	main.cpp	374	0x40647f	
40	__tmainCRTStartup	crtexe.c	586	0x40b018	
41	mainCRTStartup	crtexe.c	403	0x40ae5f	
42	BaseProcessStart	kernel32		0x7c817077

The reason for the crash lies in QDeclarativeGridView::itemsInserted()

// everything is in order now - emit add() signal
    for (int j = 0; j < added.count(); ++j)
        added.at(j)->attached->emitAdd();

see Code

debugger context:
added.count() == 32
j == 31

The last item of added has been deleted by setCurrentIndex(0).
Since the last item has been deleted we access a dangling pointer and crash.

setCurrentIndex(0);
calls
d->layout();
this one calls
q->refill();
and this one finally calls
d->refill();

The deletion of the item is done in releaseItem(item);.

The reason for the crash is that we have two conditions:

item->rowPos() > bufferTo + rowSize()*(columns - item->colPos()/colSize())/(columns+1))

and

rowPos <= to + d->rowSize()*(d->columns - (colPos/d->colSize()))/qreal(d->columns)

See code

The conditions are off by one.
If the two conditions match, the crash disappears.

Attachments

Issue Links

is required for

QTCREATORBUG-6803 Crash on launch if Welcomecomescreen/examples was opened

Closed

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Thomas Hartmann

Reporter:: Alessandro Portale

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 04 Jan '12 14:21

Updated:: 05 Mar '13 12:58

Resolved:: 23 Oct '12 17:52

Gerrit Reviews

There are no open Gerrit changes