Details
-
Bug
-
Resolution: Done
-
P1: Critical
-
4.5.3
-
None
-
0d231c32cc7670d356d486b13648cb5bd471ffef
Description
When a QMessageBox is created in the middle of a drag 'n drop operation cocoa crashes. Carbon does not.
The use case for this is to implement checking in the drag operation.
(initiate drag, initiate drop, ask "Are you sure?", and then complete the drop operation.)
but it looks like the destruction of the QMessageBox corrupts memory, and soon after results in a crash. This happens only on cocoa.
The problem is easily reproducible with the examples and demos provided by QT. Edit the file examples/draganddrop/draggabletext/draggabletext.cpp, and add a modal dialog in the middle of the drag 'n drop operation by adding the following two lines at the start of the DragWidget::dropEvent method:
QMessageBox msgBox;
msgBox.exec();
Recompile and launch the "Draggable Text" application. Initiate a drag 'n drop operation, and click on "OK". The application will crash with the following stack trace:
Thread 0 Crashed:
0 libobjc.A.dylib 0x00007fff843caad9 objc_msgSend + 41
1 QtGui 0x000000010009947b
QDrag::exec(QFlags<Qt::DropAction>, Qt::DropAction) + 107
2 com.yourcompany.draggabletext 0x0000000100005579
DragWidget::mousePressEvent(QMouseEvent*) + 1029 (dragwidget.cpp:163)
3 QtGui 0x00000001000d1c5c QWidget::event(QEvent*)
+ 3548
4 QtGui 0x000000010008a5ad
QApplicationPrivate::notify_helper(QObject*, QEvent*) + 189
5 QtGui 0x0000000100091bca
QApplication::notify(QObject*, QEvent*) + 2714
6 QtCore 0x0000000100be3a1c
QCoreApplication::notifyInternal(QObject*, QEvent*) + 124
7 QtGui 0x0000000100088660
qt_sendSpontaneousEvent(QObject*, QEvent*) + 48
8 QtGui 0x000000010004635b
qt_mac_handleMouseEvent(void*, void*, QEvent::Type, Qt::MouseButton) + 1595
9 com.apple.AppKit 0x00007fff834a2783 -[NSWindow sendEvent:] +
5068
10 QtGui 0x000000010003fe97 -[QCocoaWindow
sendEvent:] + 199
11 com.apple.AppKit 0x00007fff8346fd46 -[NSApplication
sendEvent:] + 5089
12 com.apple.AppKit 0x00007fff833ca562 -[NSApplication run] +
497
13 QtGui 0x0000000100049849
QEventDispatcherMac::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) +
1241
14 QtCore 0x0000000100be3124
QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) + 68
15 QtCore 0x0000000100be32b5
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) + 181
16 QtCore 0x0000000100be6e55 QCoreApplication::exec()
+ 181
17 com.yourcompany.draggabletext 0x0000000100007607 main + 71 (main.cpp:52)
18 com.yourcompany.draggabletext 0x0000000100004adc start + 52
It looks like in QDragManager::drag (in qcocaview_mac.mm), after the execution of the statement that looks like:
[dndParams->view dragImage:image
...
slideBack:Yes]
the pointer dndParams->view has changed value (not sure how this happens, but it does), and the next statement,
[dndParams->view release]
attempts to release an invalid pointer, thus leading to a crash.
It's interesting to note that if the lines that illustrate the crash are replaced by:
QMessageBox* msgBox = new QMessagBox;
msgBox->exec();
the crash no longer happens. However, if a delete of msgBox is added, the same crash happens.