Segmentation fault in libQtDeclarative.so.4.8.2
-
I have segmentation fault in /usr/lib/libQtDeclarative.so.4.8.2 on CentOS.
void QDeclarativeListView::itemsRemoved(int modelIndex, int count) { ... // fix current if (d->currentIndex >= modelIndex + count) { d->currentIndex -= count; if (d->currentItem) d->currentItem->index -= count; emit currentIndexChanged(); } else if (d->currentIndex >= modelIndex && d->currentIndex < modelIndex + count) { // current item has been removed. d->currentItem->attached->setIsCurrentItem(false); //<<<<<<<<<<<<<<<<<<<<<<< segmentation fault because d->currentItem is NULL. d->releaseItem(d->currentItem); d->currentItem = 0; ... }currentItem is set to NULL in function
void QDeclarativeListViewPrivate::clear() { ..... releaseItem(currentItem); currentItem = 0; ...... }I can reproduce the crash 100%, but the application is huge and not easy to create a proof-of-bug.
Are bug fixes still applied on qt 4.8?
Where should I send this crash? -
I have segmentation fault in /usr/lib/libQtDeclarative.so.4.8.2 on CentOS.
void QDeclarativeListView::itemsRemoved(int modelIndex, int count) { ... // fix current if (d->currentIndex >= modelIndex + count) { d->currentIndex -= count; if (d->currentItem) d->currentItem->index -= count; emit currentIndexChanged(); } else if (d->currentIndex >= modelIndex && d->currentIndex < modelIndex + count) { // current item has been removed. d->currentItem->attached->setIsCurrentItem(false); //<<<<<<<<<<<<<<<<<<<<<<< segmentation fault because d->currentItem is NULL. d->releaseItem(d->currentItem); d->currentItem = 0; ... }currentItem is set to NULL in function
void QDeclarativeListViewPrivate::clear() { ..... releaseItem(currentItem); currentItem = 0; ...... }I can reproduce the crash 100%, but the application is huge and not easy to create a proof-of-bug.
Are bug fixes still applied on qt 4.8?
Where should I send this crash?Hi,
@MihaiVrinceanu said in Segmentation fault in libQtDeclarative.so.4.8.2:
I have segmentation fault in /usr/lib/libQtDeclarative.so.4.8.2 on CentOS.
Stack trace, please.
I can reproduce the crash 100%, but the application is huge and not easy to create a proof-of-bug.
Which makes it somewhat unlikely that the bug will be picked up. It's really hard to trace bugs based on hearsay.
Are bug fixes still applied on qt 4.8?
They are, as far as I know.
Where should I send this crash?
To the bugtracker, but before that try to make sure it's a bug and not an error in your code.
Kind regards.
-
Hi,
No, there's no more bug fixes done on the Qt 4 series unless it's a critical security issue. More information about that here.
Also, and before anything else, update to 4.8.7. That's the latest and last release of the Qt 4 series.
-
(gdb) set disassembly-flavor intel
(gdb) x/20i $eip-40
0xb7582957: nop
0xb7582958: mov eax,DWORD PTR [ebp-0x58]
0xb758295b: mov DWORD PTR [esp],eax
0xb758295e: call 0xb757d1c0
0xb7582963: mov BYTE PTR [ebp-0x65],0x1
0xb7582967: jmp 0xb7582689
0xb758296c: lea esi,[esi+eiz1+0x0]
0xb7582970: cmp eax,DWORD PTR [ebp+0xc]
0xb7582973: jl 0xb7582809
0xb7582979: mov edx,DWORD PTR [esi+0x350]
=> 0xb758297f: mov ecx,DWORD PTR [edx+0xc]
0xb7582982: movzx eax,BYTE PTR [ecx+0x24]
0xb7582986: test al,0x1
0xb7582988: jne 0xb7582ad3
0xb758298e: mov DWORD PTR [esp+0x4],edx
0xb7582992: mov DWORD PTR [esp],esi
0xb7582995: call 0xb757d5f0
0xb758299a: mov eax,DWORD PTR [esi+0x378]
0xb75829a0: mov DWORD PTR [esi+0x350],0x0
0xb75829aa: test eax,eax
(gdb) info reg
eax 0x1 1
ecx 0xb5bf13ac -1245768788
edx 0x0 0
ebx 0xb779f1cc -1216745012
esp 0xbfc5a6b0 0xbfc5a6b0
ebp 0xbfc5a758 0xbfc5a758
esi 0x9a65048 161894472
edi 0xd95db7c 227924860
eip 0xb758297f 0xb758297f
eflags 0x10202 [ IF RF ]
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x33 51
(gdb) bt
#0 0xb758297f in ?? () from /usr/lib/libQtDeclarative.so.4
#1 0xb76bdaae in ?? () from /usr/lib/libQtDeclarative.so.4
#2 0xb5ff513d in QMetaObject::activate(QObject, QMetaObject const*, int, void**) () from /usr/lib/libQtCore.so.4
#3 0xb76bbb3a in ?? () from /usr/lib/libQtDeclarative.so.4
#4 0xb75762ff in ?? () from /usr/lib/libQtDeclarative.so.4
#5 0xb76bc4d5 in ?? () from /usr/lib/libQtDeclarative.so.4
#6 0xb5fe583b in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) () from /usr/lib/libQtCore.so.4
#7 0xb75b87be in QDeclarativePropertyPrivate::write(QObject*, QDeclarativePropertyCache::Data const&, QVariant const&, QDeclarativeContextData*, QFlagsQDeclarativePropertyPrivate::WriteFlag) () from /usr/lib/libQtDeclarative.so.4
#8 0xb765166c in ?? () from /usr/lib/libQtDeclarative.so.4
#9 0xb7651d75 in ?? () from /usr/lib/libQtDeclarative.so.4
#10 0xb739c21a in ?? () from /usr/lib/libQtScript.so.4
#11 0xb73823d1 in ?? () from /usr/lib/libQtScript.so.4
#12 0xb7283d63 in ?? () from /usr/lib/libQtScript.so.4
#13 0xb7291b1d in ?? () from /usr/lib/libQtScript.so.4
#14 0xb72d94fe in ?? () from /usr/lib/libQtScript.so.4
#15 0xb72aedaf in ?? () from /usr/lib/libQtScript.so.4
#16 0xb737bb58 in QScriptValue::call(QScriptValue const&, QList<QScriptValue> const&) () from /usr/lib/libQtScript.so.4
#17 0xb75b2622 in ?? () from /usr/lib/libQtDeclarative.so.4
#18 0xb75b4499 in ?? () from /usr/lib/libQtDeclarative.so.4
#19 0xb75b4be1 in ?? () from /usr/lib/libQtDeclarative.so.4
#20 0xb75b4d46 in ?? () from /usr/lib/libQtDeclarative.so.4
#21 0xb75ef948 in ?? () from /usr/lib/libQtDeclarative.so.4
#22 0xb5fe583b in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) () from /usr/lib/libQtCore.so.4
#23 0xb5ff5453 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib/libQtCore.so.4
#24 0xb76b35b4 in ?? () from /usr/lib/libQtDeclarative.so.4
#25 0xb754af3f in ?? () from /usr/lib/libQtDeclarative.so.4
#26 0xb754ceb3 in ?? () from /usr/lib/libQtDeclarative.so.4
#27 0xb6a99754 in QGraphicsItem::sceneEvent(QEvent*) () from /usr/lib/libQtGui.so.4
#28 0xb753cc1d in QDeclarativeItem::sceneEvent(QEvent*) () from /usr/lib/libQtDeclarative.so.4
#29 0xb754b65d in ?? () from /usr/lib/libQtDeclarative.so.4
#30 0xb6ab1557 in ?? () from /usr/lib/libQtGui.so.4
#31 0xb6ab3cf7 in ?? () from /usr/lib/libQtGui.so.4
#32 0xb6ab8855 in QGraphicsScene::mouseReleaseEvent(QGraphicsSceneMouseEvent*) () from /usr/lib/libQtGui.so.4
#33 0xb7491d91 in ?? () from /usr/lib/libQtDeclarative.so.4
#34 0xb6ac85c4 in QGraphicsScene::event(QEvent*) () from /usr/lib/libQtGui.so.4
#35 0xb6422c8c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4
#36 0xb64296f6 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4
#37 0xb5fdf633 in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/libQtCore.so.4
#38 0xb642284f in ?? () from /usr/lib/libQtGui.so.4
#39 0xb6ae5bc7 in QGraphicsView::mouseReleaseEvent(QMouseEvent*) () from /usr/lib/libQtGui.so.4
#40 0xb6474b9d in QWidget::event(QEvent*) () from /usr/lib/libQtGui.so.4
#41 0xb6886a54 in QFrame::event(QEvent*) () from /usr/lib/libQtGui.so.4
#42 0xb6918c73 in QAbstractScrollArea::viewportEvent(QEvent*) () from /usr/lib/libQtGui.so.4
#43 0xb6ae454b in QGraphicsView::viewportEvent(QEvent*) () from /usr/lib/libQtGui.so.4
#44 0xb691b1c5 in ?? () from /usr/lib/libQtGui.so.4
#45 0xb5fded7a in QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) () from /usr/lib/libQtCore.so.4
#46 0xb6422c6a in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4
#47 0xb642a238 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4
#48 0xb5fdf633 in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/libQtCore.so.4
#49 0xb6427ac8 in QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool) () from /usr/lib/libQtGui.so.4
#50 0xb64a8f00 in ?? () from /usr/lib/libQtGui.so.4
#51 0xb64a8205 in QApplication::x11ProcessEvent(_XEvent*) () from /usr/lib/libQtGui.so.4
#52 0xb64d5ba7 in ?? () from /usr/lib/libQtGui.so.4
#53 0xb5fddfba in QEventLoop::processEvents(QFlagsQEventLoop::ProcessEventsFlag) () from /usr/lib/libQtCore.so.4
#54 0xb5fde3a2 in QEventLoop::exec(QFlagsQEventLoop::ProcessEventsFlag) () from /usr/lib/libQtCore.so.4
#55 0xb5fe3fe7 in QCoreApplication::exec() () from /usr/lib/libQtCore.so.4
#56 0xb6421c98 in QApplication::exec() () from /usr/lib/libQtGui.so.4
#57 0x080bfe98 in main (argc=3, argv=0xbfc5d1a4) at /home/user/gui_qt_qml/src/main.cpp:180
(gdb) -
Hi,
No, there's no more bug fixes done on the Qt 4 series unless it's a critical security issue. More information about that here.
Also, and before anything else, update to 4.8.7. That's the latest and last release of the Qt 4 series.
@SGaist Thanks. I will try to find a workaround. The source code could be modified by adding a valid pointer check.
// current item has been removed.
if (d->currentItem)
{
d->currentItem->attached->setIsCurrentItem(false);
d->releaseItem(d->currentItem);
d->currentItem = 0;
} -
@SGaist Thanks. I will try to find a workaround. The source code could be modified by adding a valid pointer check.
// current item has been removed.
if (d->currentItem)
{
d->currentItem->attached->setIsCurrentItem(false);
d->releaseItem(d->currentItem);
d->currentItem = 0;
}I don't see anything strange in the stack trace, but there are too many holes for my taste. Why so many optimized calls, can you tell?
As for the source, I think the whole point is thatd->currentItemis supposed to be set always, because it's in the range for rows removal, thus there's no check if it's NULL. -
I don't see anything strange in the stack trace, but there are too many holes for my taste. Why so many optimized calls, can you tell?
As for the source, I think the whole point is thatd->currentItemis supposed to be set always, because it's in the range for rows removal, thus there's no check if it's NULL.@kshegunov In function 'void QDeclarativeListViewPrivate::clear()' we have
currentItem = 0;but
d->currentIndex is not invalidated (set to -1).Later, void QDeclarativeListView::itemsRemoved(int modelIndex = 0, int count = 24) executes with:
modelIndex 0
count 24
d->currentIndex 12
d->currentItem NULLBecause debugging symbols are not installed, the stack trace is not showing function names for calls.
-
@kshegunov In function 'void QDeclarativeListViewPrivate::clear()' we have
currentItem = 0;but
d->currentIndex is not invalidated (set to -1).Later, void QDeclarativeListView::itemsRemoved(int modelIndex = 0, int count = 24) executes with:
modelIndex 0
count 24
d->currentIndex 12
d->currentItem NULLBecause debugging symbols are not installed, the stack trace is not showing function names for calls.
@MihaiVrinceanu
It might be a bug, it certainly sounds like it.
