Applying widget toolTipDuration to items by tomotaco · Pull Request #12 · qt/qtbase

tomotaco · 2016-05-18T06:06:23Z

If you set toolTipDuration to QListView widget,
the toolTip at the blank area is displayed exactly for the specified duration and then disappear.
But toolTip at item is displayed forever. It should be displayed for the same duration.
This pull request fixes that problem by applying the widget toopTipDuration to item toolTip.

If you set toolTipDuration to QListView widget, the toolTip at the blank area is displayed exactly for the specified duration and then disppear. But toolTip at item is displayed forever. It should be displayed for the same duration. This pull request fixes that problem by applying the widget toopTipDuration to item toolTip.

tomotaco · 2016-05-18T06:49:16Z

Sorry, I had to read http://wiki.qt.io/Qt_Contribution_Guidelines.

The variable 'item' may or may not contain a QGraphicsObject pointer. Using static_cast on an 'item' that isn't, is UB. Found by UBSan (which failed to print a message, but the function names gave it away): [...] #6 <signal handler called> #7 0x00002b18813bec05 in __ubsan::checkDynamicType(void*, void*, unsigned long) () from /opt/gcc/trunk/lib64/libubsan.so.0 #8 0x00002b18813be0c3 in HandleDynamicTypeCacheMiss(__ubsan::DynamicTypeCacheMissData*, unsigned long, unsigned long, __ubsan::ReportOptions) () from /opt/gcc/trunk/lib64/libubsan.so.0 #9 0x00002b18813be783 in __ubsan_handle_dynamic_type_cache_miss () from /opt/gcc/trunk/lib64/libubsan.so.0 #10 0x00002b1875e71d4d in QGraphicsScenePrivate::removeItemHelper(QGraphicsItem*) () at /home/marc/Qt/qt5/qtbase/src/widgets/graphicsview/qgraphicsscene.cpp:720 #11 0x00002b1875e731ef in QGraphicsScene::removeItem(QGraphicsItem*) () at /home/marc/Qt/qt5/qtbase/src/widgets/graphicsview/qgraphicsscene.cpp:2929 #12 0x00002b1875e6d05f in QGraphicsScenePrivate::removeItemHelper(QGraphicsItem*) () at /home/marc/Qt/qt5/qtbase/src/widgets/graphicsview/qgraphicsscene.cpp:604 #13 0x00002b1875e731ef in QGraphicsScene::removeItem(QGraphicsItem*) () at /home/marc/Qt/qt5/qtbase/src/widgets/graphicsview/qgraphicsscene.cpp:2929 #14 0x00002b1875e73e68 in QGraphicsScene::addItem(QGraphicsItem*) () at /home/marc/Qt/qt5/qtbase/src/widgets/graphicsview/qgraphicsscene.cpp:2505 #15 0x000000000043d34d in tst_QGraphicsWidget::fontPropagationSceneChange() () at /home/marc/Qt/qt5/qtbase/tests/auto/widgets/graphicsview/qgraphicswidget/tst_qgraphicswidget.cpp:941 [...] Fix by using QGraphicsItem::toGraphicsObject(). Yes, it's that simple... Change-Id: If04d1b62603cfd808cc7b64946da536c221a0c11 Reviewed-by: Friedemann Kleint <Friedemann.Kleint@qt.io>

Found by UBSan: qgraphicswidget_p.h:72:5: runtime error: downcast of address 0x2ab6a8021400 which does not point to an object of type 'QGraphicsWidget' 0x2ab6a8021400: note: object is of type 'QGraphicsObject' 00 00 00 00 70 93 5c 91 b6 2a 00 00 f0 c0 01 a8 b6 2a 00 00 e8 81 5c 91 b6 2a 00 00 10 bf 01 a8 ^~~~~~~~~~~~~~~~~~~~~~~ vptr for 'QGraphicsObject' #0 0x2ab68f2fdd7c in QGraphicsWidgetPrivate::q_func() qgraphicswidget_p.h:72 #1 0x2ab68f2fdd7c in QGraphicsWidgetPrivate::fixFocusChainBeforeReparenting(QGraphicsWidget*, QGraphicsScene*, QGraphicsScene*) qgraphicswidget_p.cpp:775 #2 0x2ab68f020d2a in QGraphicsItemPrivate::setParentItemHelper(QGraphicsItem*, QVariant const*, QVariant const*) qgraphicsitem.cpp:1181 #3 0x2ab68f024f73 in QGraphicsItem::setParentItem(QGraphicsItem*) qgraphicsitem.cpp:1781 #4 0x2ab68f168401 in QGraphicsScenePrivate::removeItemHelper(QGraphicsItem*) qgraphicsscene.cpp:620 #5 0x2ab68f02c166 in QGraphicsItem::~QGraphicsItem() qgraphicsitem.cpp:1555 #6 0x2ab68f02ebb8 in QGraphicsObject::~QGraphicsObject() qgraphicsitem.cpp:7766 #7 0x2ab68f2d8888 in QGraphicsWidget::~QGraphicsWidget() qgraphicswidget.cpp:231 #8 0x4bce62 in SubQGraphicsWidget::~SubQGraphicsWidget() /tst_qgraphicswidget.cpp:175 #9 0x4bce62 in SubQGraphicsWidget::~SubQGraphicsWidget() /tst_qgraphicswidget.cpp:175 #10 0x2ab68f02c9ec in QGraphicsItem::~QGraphicsItem() qgraphicsitem.cpp:1550 #11 0x2ab68f02ebb8 in QGraphicsObject::~QGraphicsObject() qgraphicsitem.cpp:7766 #12 0x2ab68f2d8888 in QGraphicsWidget::~QGraphicsWidget() qgraphicswidget.cpp:231 #13 0x4bce62 in SubQGraphicsWidget::~SubQGraphicsWidget() /tst_qgraphicswidget.cpp:175 #14 0x4bce62 in SubQGraphicsWidget::~SubQGraphicsWidget() /tst_qgraphicswidget.cpp:175 #15 0x2ab68f128da4 in QGraphicsScene::clear() qgraphicsscene.cpp:2388 #16 0x2ab68f12936c in QGraphicsScene::~QGraphicsScene() qgraphicsscene.cpp:1682 #17 0x44d44c in tst_QGraphicsWidget::focusWidget() /tst_qgraphicswidget.cpp:435 qgraphicswidget_p.cpp:805:24: runtime error: member call on address 0x2ab6a8021400 which does not point to an object of type 'QGraphicsWidget' 0x2ab6a8021400: note: object is of type 'QGraphicsObject' 00 00 00 00 70 93 5c 91 b6 2a 00 00 f0 c0 01 a8 b6 2a 00 00 e8 81 5c 91 b6 2a 00 00 10 bf 01 a8 ^~~~~~~~~~~~~~~~~~~~~~~ vptr for 'QGraphicsObject' #0 0x2ab68f2fdc68 in QGraphicsWidgetPrivate::fixFocusChainBeforeReparenting(QGraphicsWidget*, QGraphicsScene*, QGraphicsScene*) qgraphicswidget_p.cpp:805 #1 0x2ab68f020d2a in QGraphicsItemPrivate::setParentItemHelper(QGraphicsItem*, QVariant const*, QVariant const*) qgraphicsitem.cpp:1181 [... identical lines omitted ...] qgraphicswidget_p.cpp:806:23: runtime error: member call on address 0x2ab6a8021400 which does not point to an object of type 'QGraphicsWidget' 0x2ab6a8021400: note: object is of type 'QGraphicsObject' 00 00 00 00 70 93 5c 91 b6 2a 00 00 f0 c0 01 a8 b6 2a 00 00 e8 81 5c 91 b6 2a 00 00 10 bf 01 a8 ^~~~~~~~~~~~~~~~~~~~~~~ vptr for 'QGraphicsObject' #0 0x2ab68f2fdb6b in QGraphicsWidgetPrivate::fixFocusChainBeforeReparenting(QGraphicsWidget*, QGraphicsScene*, QGraphicsScene*) qgraphicswidget_p.cpp:806 #1 0x2ab68f020d2a in QGraphicsItemPrivate::setParentItemHelper(QGraphicsItem*, QVariant const*, QVariant const*) qgraphicsitem.cpp:1181 [... identical lines omitted ...] qgraphicswidget_p.cpp:827:26: runtime error: member call on address 0x2ab6a8021400 which does not point to an object of type 'QGraphicsWidget' 0x2ab6a8021400: note: object is of type 'QGraphicsObject' 00 00 00 00 70 93 5c 91 b6 2a 00 00 f0 c0 01 a8 b6 2a 00 00 e8 81 5c 91 b6 2a 00 00 10 bf 01 a8 ^~~~~~~~~~~~~~~~~~~~~~~ vptr for 'QGraphicsObject' #0 0x2ab68f2fdf91 in QGraphicsWidgetPrivate::fixFocusChainBeforeReparenting(QGraphicsWidget*, QGraphicsScene*, QGraphicsScene*) qgraphicswidget_p.cpp:827 #1 0x2ab68f020d2a in QGraphicsItemPrivate::setParentItemHelper(QGraphicsItem*, QVariant const*, QVariant const*) qgraphicsitem.cpp:1181 [... identical lines omitted ...] Fix by moving the setParentItem(nullptr) call up the call stack into ~QGraphicsWidget(), ensuring that the object is still a QGraphicsWidget when these calls are made. Change-Id: I264779e33098e9752de9a312a146fb203578a3cc Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>

…ventFilter() Found by UBSan: tst_qwidget.cpp:10207:29: runtime error: member access within address 0x6060000e8880 which does not point to an object of type 'EnterTestModalDialog' 0x6060000e8880: note: object is of type 'QWidget' eb 00 80 45 10 4b 32 ab 11 2b 00 00 80 df 08 00 60 61 00 00 c0 4c 32 ab 11 2b 00 00 00 00 be be ^~~~~~~~~~~~~~~~~~~~~~~ vptr for 'QWidget' #0 0x6ca13f in EnterTestMainDialog::eventFilter(QObject*, QEvent*) tst_qwidget.cpp:10207 #1 0x2b11b8bc90c3 in QCoreApplicationPrivate::sendThroughApplicationEventFilters(QObject*, QEvent*) qcoreapplication.cpp:1081 #2 0x2b11a3c49b4a in QApplicationPrivate::notify_helper(QObject*, QEvent*) qapplication.cpp:3716 #3 0x2b11a3c8ec72 in QApplication::notify(QObject*, QEvent*) qapplication.cpp:3704 #4 0x2b11b8bccd0f in QCoreApplication::notifyInternal2(QObject*, QEvent*) qcoreapplication.cpp:988 #5 0x2b11aea5c34d in QCoreApplication::sendEvent(QObject*, QEvent*) qcoreapplication.h:231 #6 0x2b11aea5c34d in QGuiApplicationPrivate::_q_updateFocusObject(QObject*) qguiapplication.cpp:3690 #7 0x2b11aea61360 in QGuiApplication::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) .moc/moc_qguiapplication.cpp:177 #8 0x2b11b8d1dc86 in QMetaObject::activate(QObject*, int, int, void**) qobject.cpp:3787 #9 0x2b11aea784a3 in QWindow::focusObjectChanged(QObject*) .moc/moc_qwindow.cpp:760 #10 0x2b11a3fb24f2 in QWidget::clearFocus() qwidget.cpp:6705 #11 0x2b11a3fc87b1 in QWidget::~QWidget() qwidget.cpp:1608 #12 0x2b11a526688c in QDialog::~QDialog() qdialog.cpp:352 #13 0x6c43e2 in EnterTestModalDialog::~EnterTestModalDialog() tst_qwidget.cpp:10160 #14 0x6c43e2 in EnterTestModalDialog::~EnterTestModalDialog() tst_qwidget.cpp:10160 #15 0x492be3 in EnterTestMainDialog::buttonPressed() tst_qwidget.cpp:10188 #16 0x492be3 in EnterTestMainDialog::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) .moc/tst_qwidget.moc:2056 #17 0x2b11b8d1dc86 in QMetaObject::activate(QObject*, int, int, void**) qobject.cpp:3787 #18 0x2b11a45cb833 in QAbstractButton::clicked(bool) .moc/moc_qabstractbutton.cpp:307 #19 0x2b11a45cd54b in QAbstractButtonPrivate::emitClicked() qabstractbutton.cpp:411 #20 0x2b11a45df73a in QAbstractButtonPrivate::click() qabstractbutton.cpp:404 [...] #41 0x6bb2cf in tst_QWidget::taskQTBUG_27643_enterEvents() tst_qwidget.cpp:10249 [...] Fix by checking the event type first, and accessing modal->button only if it's QEvent::Enter. Change-Id: I2c7df3a1f43ecbfe14741b5861729078a91a32d6 Reviewed-by: Friedemann Kleint <Friedemann.Kleint@qt.io>

By making the hardcoded values unsigned image/qppmhandler.cpp:126:36: runtime error: signed integer overflow: 65535 * 65535 cannot be represented in type 'int' #0 0x4cef10 in scale_pbm_color(unsigned short, unsigned short, unsigned short, unsigned short) /src/qt/qtbase/src/gui/image/qppmhandler.cpp:126:36 #1 0x4cb1d5 in read_pbm_body(QIODevice*, char, int, int, int, QImage*) /src/qt/qtbase/src/gui/image/qppmhandler.cpp:274:39 #2 0x4ca3d8 in QPpmHandler::read(QImage*) /src/qt/qtbase/src/gui/image/qppmhandler.cpp:509:10 #3 0x4b238d in QImageReader::read(QImage*) /src/qt/qtbase/src/gui/image/qimagereader.cpp:1253:22 #4 0x4b1b61 in QImageReader::read() /src/qt/qtbase/src/gui/image/qimagereader.cpp:1201:12 #5 0x486f66 in QImage::fromData(unsigned char const*, int, char const*) /src/qt/qtbase/src/gui/image/qimage.cpp:3624:37 #6 0x486cd8 in QImage::loadFromData(unsigned char const*, int, char const*) /src/qt/qtbase/src/gui/image/qimage.cpp:3590:13 #7 0x434b2e in LLVMFuzzerTestOneInput /src/qimage_fuzzer.cc:28:7 #8 0x44b167 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:570:15 #9 0x43c8bd in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:280:6 #10 0x4407bb in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:713:9 #11 0x434bf8 in main /src/libfuzzer/FuzzerMain.cpp:20:10 #12 0x7fd4d93b982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #13 0x409bb8 in _start (/out/qimage_fuzzer+0x409bb8) Change-Id: I56674d0c2e59a30095552eb84aba17d7b516dd4a Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>

image/qppmhandler.cpp:77:25: runtime error: signed integer overflow: 10 * 300000000 cannot be represented in type 'int' #0 0x4cecb5 in read_pbm_int(QIODevice*) /src/qt/qtbase/src/gui/image/qppmhandler.cpp:77:25 #1 0x4cb1ac in read_pbm_body(QIODevice*, char, int, int, int, QImage*) /src/qt/qtbase/src/gui/image/qppmhandler.cpp:271:29 #2 0x4ca3d8 in QPpmHandler::read(QImage*) /src/qt/qtbase/src/gui/image/qppmhandler.cpp:509:10 #3 0x4b238d in QImageReader::read(QImage*) /src/qt/qtbase/src/gui/image/qimagereader.cpp:1253:22 #4 0x4b1b61 in QImageReader::read() /src/qt/qtbase/src/gui/image/qimagereader.cpp:1201:12 #5 0x486f66 in QImage::fromData(unsigned char const*, int, char const*) /src/qt/qtbase/src/gui/image/qimage.cpp:3624:37 #6 0x486cd8 in QImage::loadFromData(unsigned char const*, int, char const*) /src/qt/qtbase/src/gui/image/qimage.cpp:3590:13 #7 0x434b2e in LLVMFuzzerTestOneInput /src/qimage_fuzzer.cc:28:7 #8 0x44b167 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:570:15 #9 0x44a535 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:479:3 #10 0x44c428 in fuzzer::Fuzzer::MutateAndTestOne() /src/libfuzzer/FuzzerLoop.cpp:707:19 #11 0x44d1b5 in fuzzer::Fuzzer::Loop(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:838:5 #12 0x440a29 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:764:6 #13 0x434bf8 in main /src/libfuzzer/FuzzerMain.cpp:20:10 #14 0x7fba939a082f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #15 0x409bb8 in _start (/out/qimage_fuzzer+0x409bb8) Change-Id: I9ad78afc4ea9c5c8b7530aa17013abe91202e84b Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>

image/qppmhandler.cpp:260:53: runtime error: signed integer overflow: 44444444 * 255 cannot be represented in type 'int' #0 0x4cbc8a in read_pbm_body(QIODevice*, char, int, int, int, QImage*) /src/qt/qtbase/src/gui/image/qppmhandler.cpp:260:53 #1 0x4ca3d8 in QPpmHandler::read(QImage*) /src/qt/qtbase/src/gui/image/qppmhandler.cpp:514:10 #2 0x4b238d in QImageReader::read(QImage*) /src/qt/qtbase/src/gui/image/qimagereader.cpp:1253:22 #3 0x4b1b61 in QImageReader::read() /src/qt/qtbase/src/gui/image/qimagereader.cpp:1201:12 #4 0x486f66 in QImage::fromData(unsigned char const*, int, char const*) /src/qt/qtbase/src/gui/image/qimage.cpp:3624:37 #5 0x486cd8 in QImage::loadFromData(unsigned char const*, int, char const*) /src/qt/qtbase/src/gui/image/qimage.cpp:3590:13 #6 0x434b2e in LLVMFuzzerTestOneInput /src/qimage_fuzzer.cc:28:7 #7 0x44b167 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:570:15 #8 0x44a535 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:479:3 #9 0x44c428 in fuzzer::Fuzzer::MutateAndTestOne() /src/libfuzzer/FuzzerLoop.cpp:707:19 #10 0x44d1b5 in fuzzer::Fuzzer::Loop(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:838:5 #11 0x440a29 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:764:6 #12 0x434bf8 in main /src/libfuzzer/FuzzerMain.cpp:20:10 #13 0x7fe01697282f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #14 0x409bb8 in _start (/out/qimage_fuzzer+0x409bb8) Change-Id: Ibc5df6db52639f12319910b927f6443d927206d8 Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>

We can't guarantee that the library didn't define Objective-C classes that still have lingering references, resulting in warnings such as: Attempt to use unknown class 0x10e52e110. And possibly crashes such as: thread #1, queue = 'com.apple.main-thread' frame #0: 0x00007fff203829ee libsystem_kernel.dylib`__ulock_wait + 10 frame #1: 0x00007fff203fa0c5 libsystem_platform.dylib`_os_unfair_lock_lock_slow + 162 frame #2: 0x00007fff2026226b libobjc.A.dylib`unmap_image + 85 frame #3: 0x000000010001e11f dyld`dyld::removeImage(ImageLoader*) + 557 frame #4: 0x000000010002291d dyld`dyld::garbageCollectImages() + 956 frame #5: 0x000000010002e35d dyld`dlclose + 191 frame #6: 0x00007fff203cf1c9 libdyld.dylib`dlclose + 183 frame #7: 0x0000000103f9f2f1 libQt6Core_debug.6.dylib`QLibraryPrivate::unload_sys(this=0x000000011ba2c7d0) at qlibrary_unix.cpp:294:9 frame #8: 0x0000000103f93f3f libQt6Core_debug.6.dylib`QLibraryPrivate::unload(this=0x000000011ba2c7d0, flag=UnloadSys) at qlibrary.cpp:614:36 frame #9: 0x0000000103f971fb libQt6Core_debug.6.dylib`QLibraryStore::cleanup() at qlibrary.cpp:425:22 frame #10: 0x0000000103f970f9 libQt6Core_debug.6.dylib`qlibraryCleanup() at qlibrary.cpp:447:5 frame #11: 0x0000000103f970d1 libQt6Core_debug.6.dylib`(anonymous namespace)::qlibraryCleanup_dtor_class_::~qlibraryCleanup_dtor_class_(this=0x00000001041edd38) at qlibrary.cpp:449:1 frame #12: 0x0000000103f930f5 libQt6Core_debug.6.dylib`(anonymous namespace)::qlibraryCleanup_dtor_class_::~qlibraryCleanup_dtor_class_(this=0x00000001041edd38) at qlibrary.cpp:449:1 frame #13: 0x00007fff202e5d25 libsystem_c.dylib`__cxa_finalize_ranges + 316 frame #14: 0x00007fff202e6010 libsystem_c.dylib`exit + 53 frame #15: 0x00007fff203d1f44 libdyld.dylib`start + 8 frame #16: 0x00007fff203d1f3d libdyld.dylib`start + 1 thread #5, queue = 'com.apple.root.user-interactive-qos', stop reason = signal SIGABRT frame #0: 0x00007fff203a356e libsystem_kernel.dylib`__abort_with_payload + 10 frame #1: 0x00007fff203a4fbd libsystem_kernel.dylib`abort_with_payload_wrapper_internal + 80 frame #2: 0x00007fff203a4f6d libsystem_kernel.dylib`abort_with_reason + 19 frame #3: 0x00007fff202749e3 libobjc.A.dylib`_objc_fatalv(unsigned long long, unsigned long long, char const*, __va_list_tag*) + 114 frame #4: 0x00007fff20274971 libobjc.A.dylib`_objc_fatal(char const*, ...) + 135 frame #5: 0x00007fff20255ccb libobjc.A.dylib`lookUpImpOrForward + 881 frame #6: 0x00007fff2025539b libobjc.A.dylib`_objc_msgSend_uncached + 75 frame #7: 0x00007fff22f368d6 AppKit`-[_NSWindowTransformAnimation setCurrentProgress:] + 42 frame #8: 0x00007fff22f37a8a AppKit`__55-[NSAnimation(NSInternal) _advanceTimeWithDisplayLink:]_block_invoke + 31 frame #9: 0x00007fff22d0774f AppKit`NSPerformVisuallyAtomicChange + 132 frame #10: 0x00007fff22f379dc AppKit`-[NSAnimation(NSInternal) _advanceTimeWithDisplayLink:] + 172 frame #11: 0x00007fff22e9a184 AppKit`-[NSScreenDisplayLink _fire] + 180 frame #12: 0x00007fff2362f0b4 AppKit`___NSRunLoopTimerCreateWithHandler_block_invoke + 34 frame #13: 0x00007fff204c6be9 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20 frame #14: 0x00007fff204c66dd CoreFoundation`__CFRunLoopDoTimer + 927 frame #15: 0x00007fff204c623a CoreFoundation`__CFRunLoopDoTimers + 307 frame #16: 0x00007fff204ace13 CoreFoundation`__CFRunLoopRun + 1988 frame #17: 0x00007fff204abf8c CoreFoundation`CFRunLoopRunSpecific + 563 frame #18: 0x00007fff2123d607 Foundation`-[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212 frame #19: 0x00007fff22f378f0 AppKit`-[NSAnimation(NSInternal) _runBlocking] + 453 frame #20: 0x00007fff22f376ae AppKit`__42-[NSAnimation(NSInternal) _runInNewThread]_block_invoke + 97 frame #21: 0x0000000104edb032 libdispatch.dylib`_dispatch_call_block_and_release + 12 frame #22: 0x0000000104edc264 libdispatch.dylib`_dispatch_client_callout + 8 frame #23: 0x0000000104ef04ac libdispatch.dylib`_dispatch_root_queue_drain + 828 frame #24: 0x0000000104ef0d3f libdispatch.dylib`_dispatch_worker_thread2 + 127 frame #25: 0x0000000104f7eac7 libsystem_pthread.dylib`_pthread_wqthread + 244 frame #26: 0x0000000104f7dae3 libsystem_pthread.dylib`start_wqthread + 15 This has been e.g. observed when a QNSWindow isn't closed and released at application quit as expected. Although that is a corner case that shouldn't happen, the general case is still valid. Fixes: QTBUG-96208 Pick-to: 6.2 5.15 Change-Id: I6c9d220e6f5389707baf7ae983f3156e8e51c316 Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io> Reviewed-by: Morten Johan Sørvig <morten.sorvig@qt.io>

We can't guarantee that the library didn't define Objective-C classes that still have lingering references, resulting in warnings such as: Attempt to use unknown class 0x10e52e110. And possibly crashes such as: thread #1, queue = 'com.apple.main-thread' frame #0: 0x00007fff203829ee libsystem_kernel.dylib`__ulock_wait + 10 frame #1: 0x00007fff203fa0c5 libsystem_platform.dylib`_os_unfair_lock_lock_slow + 162 frame #2: 0x00007fff2026226b libobjc.A.dylib`unmap_image + 85 frame #3: 0x000000010001e11f dyld`dyld::removeImage(ImageLoader*) + 557 frame #4: 0x000000010002291d dyld`dyld::garbageCollectImages() + 956 frame #5: 0x000000010002e35d dyld`dlclose + 191 frame #6: 0x00007fff203cf1c9 libdyld.dylib`dlclose + 183 frame #7: 0x0000000103f9f2f1 libQt6Core_debug.6.dylib`QLibraryPrivate::unload_sys(this=0x000000011ba2c7d0) at qlibrary_unix.cpp:294:9 frame #8: 0x0000000103f93f3f libQt6Core_debug.6.dylib`QLibraryPrivate::unload(this=0x000000011ba2c7d0, flag=UnloadSys) at qlibrary.cpp:614:36 frame #9: 0x0000000103f971fb libQt6Core_debug.6.dylib`QLibraryStore::cleanup() at qlibrary.cpp:425:22 frame #10: 0x0000000103f970f9 libQt6Core_debug.6.dylib`qlibraryCleanup() at qlibrary.cpp:447:5 frame #11: 0x0000000103f970d1 libQt6Core_debug.6.dylib`(anonymous namespace)::qlibraryCleanup_dtor_class_::~qlibraryCleanup_dtor_class_(this=0x00000001041edd38) at qlibrary.cpp:449:1 frame #12: 0x0000000103f930f5 libQt6Core_debug.6.dylib`(anonymous namespace)::qlibraryCleanup_dtor_class_::~qlibraryCleanup_dtor_class_(this=0x00000001041edd38) at qlibrary.cpp:449:1 frame #13: 0x00007fff202e5d25 libsystem_c.dylib`__cxa_finalize_ranges + 316 frame #14: 0x00007fff202e6010 libsystem_c.dylib`exit + 53 frame #15: 0x00007fff203d1f44 libdyld.dylib`start + 8 frame #16: 0x00007fff203d1f3d libdyld.dylib`start + 1 thread #5, queue = 'com.apple.root.user-interactive-qos', stop reason = signal SIGABRT frame #0: 0x00007fff203a356e libsystem_kernel.dylib`__abort_with_payload + 10 frame #1: 0x00007fff203a4fbd libsystem_kernel.dylib`abort_with_payload_wrapper_internal + 80 frame #2: 0x00007fff203a4f6d libsystem_kernel.dylib`abort_with_reason + 19 frame #3: 0x00007fff202749e3 libobjc.A.dylib`_objc_fatalv(unsigned long long, unsigned long long, char const*, __va_list_tag*) + 114 frame #4: 0x00007fff20274971 libobjc.A.dylib`_objc_fatal(char const*, ...) + 135 frame #5: 0x00007fff20255ccb libobjc.A.dylib`lookUpImpOrForward + 881 frame #6: 0x00007fff2025539b libobjc.A.dylib`_objc_msgSend_uncached + 75 frame #7: 0x00007fff22f368d6 AppKit`-[_NSWindowTransformAnimation setCurrentProgress:] + 42 frame #8: 0x00007fff22f37a8a AppKit`__55-[NSAnimation(NSInternal) _advanceTimeWithDisplayLink:]_block_invoke + 31 frame #9: 0x00007fff22d0774f AppKit`NSPerformVisuallyAtomicChange + 132 frame #10: 0x00007fff22f379dc AppKit`-[NSAnimation(NSInternal) _advanceTimeWithDisplayLink:] + 172 frame #11: 0x00007fff22e9a184 AppKit`-[NSScreenDisplayLink _fire] + 180 frame #12: 0x00007fff2362f0b4 AppKit`___NSRunLoopTimerCreateWithHandler_block_invoke + 34 frame #13: 0x00007fff204c6be9 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20 frame #14: 0x00007fff204c66dd CoreFoundation`__CFRunLoopDoTimer + 927 frame #15: 0x00007fff204c623a CoreFoundation`__CFRunLoopDoTimers + 307 frame #16: 0x00007fff204ace13 CoreFoundation`__CFRunLoopRun + 1988 frame #17: 0x00007fff204abf8c CoreFoundation`CFRunLoopRunSpecific + 563 frame #18: 0x00007fff2123d607 Foundation`-[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212 frame #19: 0x00007fff22f378f0 AppKit`-[NSAnimation(NSInternal) _runBlocking] + 453 frame #20: 0x00007fff22f376ae AppKit`__42-[NSAnimation(NSInternal) _runInNewThread]_block_invoke + 97 frame #21: 0x0000000104edb032 libdispatch.dylib`_dispatch_call_block_and_release + 12 frame #22: 0x0000000104edc264 libdispatch.dylib`_dispatch_client_callout + 8 frame #23: 0x0000000104ef04ac libdispatch.dylib`_dispatch_root_queue_drain + 828 frame #24: 0x0000000104ef0d3f libdispatch.dylib`_dispatch_worker_thread2 + 127 frame #25: 0x0000000104f7eac7 libsystem_pthread.dylib`_pthread_wqthread + 244 frame #26: 0x0000000104f7dae3 libsystem_pthread.dylib`start_wqthread + 15 This has been e.g. observed when a QNSWindow isn't closed and released at application quit as expected. Although that is a corner case that shouldn't happen, the general case is still valid. Fixes: QTBUG-96208 Change-Id: I6c9d220e6f5389707baf7ae983f3156e8e51c316 Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io> Reviewed-by: Morten Johan Sørvig <morten.sorvig@qt.io> (cherry picked from commit b6200de) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>

There was a discrepancy that the multi-arg arg() overload would accept any number of digits in the placeholder, resolving up to value 999 (e.g., %000001 was interpreted as placeholder #1), but the single-arg arg() overload only supported exactly one or two digits. The single-arg behavior was documented, so use it. [ChangeLog][Important Behavior Changes] The QString::arg() overload taking multiple QString-like arguments is now fixed to interpret placeholders like the other arg() overloads: it will find at most two digits after the '%' character. That is, the sequence "%123" is now interpreted as placeholder #12 followed by character '3' (verbatim). Pick-to: 6.7 Fixes: QTBUG-118581 Change-Id: I455fe22ef4ad4b2f9b01fffd17c767a948d41138 Reviewed-by: Ahmad Samir <a.samirh78@gmail.com>

There was a discrepancy that the multi-arg arg() overload would accept any number of digits in the placeholder, resolving up to value 999 (e.g., %000001 was interpreted as placeholder #1), but the single-arg arg() overload only supported exactly one or two digits. The single-arg behavior was documented, so use it. [ChangeLog][Important Behavior Changes] The QString::arg() overload taking multiple QString-like arguments is now fixed to interpret placeholders like the other arg() overloads: it will find at most two digits after the '%' character. That is, the sequence "%123" is now interpreted as placeholder #12 followed by character '3' (verbatim). Fixes: QTBUG-118581 Change-Id: I455fe22ef4ad4b2f9b01fffd17c767a948d41138 Reviewed-by: Ahmad Samir <a.samirh78@gmail.com> (cherry picked from commit f0f2a9e) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>

Amends commit bfbd1a2. I've noticed this on my Mac, because the main thread crashed at the same time as the exitFromThread() thread was exiting and was running ~QLibraryStore: * thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x106) * frame #0: 0x00007ff8020533be libobjc.A.dylib`getMethodNoSuper_nolock(objc_class*, objc_selector*) + 47 ... frame #19: 0x0000000103839694 QtCore`QCoreApplication::exec() at qcoreapplication.cpp:1454:32 frame #20: 0x0000000101fc94ea QtGui`QGuiApplication::exec() at qguiapplication.cpp:1993:12 frame #21: 0x0000000100004b59 apphelper`exitFromThread(argc=1, argv=0x00007ff7bfeff318) at apphelper.cpp:50:5 thread #8, name = 'QThread' ... frame #11: 0x00007ff8020c4f94 dyld`dyld4::APIs::dlclose(void*) + 178 frame #12: 0x0000000103e82476 QtCore`QLibraryPrivate::unload_sys(this=0x0000600001254160) at qlibrary_unix.cpp:252:24 frame #13: 0x0000000103e793fc QtCore`QLibraryPrivate::unload(this=0x0000600001254160, flag=UnloadSys) at qlibrary.cpp:561:36 frame #14: 0x00000001039740c8 QtCore`QFactoryLoader::~QFactoryLoader(this=0x00000001029e5e70) at qfactoryloader.cpp:438:21 frame #15: 0x00000001039745e9 QtCore`QFactoryLoader::~QFactoryLoader(this=0x00000001029e5e70) at qfactoryloader.cpp:425:1 frame #16: 0x0000000101eb723c QtGui`void std::__1::__destroy_at[abi:sn180100]<QFactoryLoader, 0>(__loc=0x00000001029e5e70) at construct_at.h:67:11 frame #17: 0x0000000101eb7209 QtGui`void std::__1::destroy_at[abi:sn180100]<QFactoryLoader, 0>(__loc=0x00000001029e5e70) at construct_at.h:100:3 frame #18: 0x0000000102046762 QtGui`QtGlobalStatic::Storage<QFactoryLoader, (anonymous namespace)::Q_QGS_piLoader>::destroyYourself(nextState=Destroyed) at qglobalstatic.h:61:9 frame #19: 0x0000000102046736 QtGui`QtGlobalStatic::Holder<(anonymous namespace)::Q_QGS_piLoader, (anonymous namespace)::Q_QGS_piLoader>::~Holder(this=0x00000001029e5e61) at qglobalstatic.h:83:9 frame #20: 0x00000001020465d9 QtGui`QtGlobalStatic::Holder<(anonymous namespace)::Q_QGS_piLoader, (anonymous namespace)::Q_QGS_piLoader>::~Holder(this=0x00000001029e5e61) at qglobalstatic.h:82:5 frame #21: 0x00007ff8022f4231 libsystem_c.dylib`__cxa_finalize_ranges + 402 frame #22: 0x00007ff8022f4052 libsystem_c.dylib`exit + 35 frame #23: 0x000000010000755a apphelper`exitFromThread(int, char**)::$_1::operator()(this=0x000060000175612c) const at apphelper.cpp:47:9 Pick-to: 6.9 6.9.0 6.8 Change-Id: Ib1c72c7975b247cc2d17fffd6c5de89a95c22dad Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>

Amends commit bfbd1a2. I've noticed this on my Mac, because the main thread crashed at the same time as the exitFromThread() thread was exiting and was running ~QLibraryStore: * thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x106) * frame #0: 0x00007ff8020533be libobjc.A.dylib`getMethodNoSuper_nolock(objc_class*, objc_selector*) + 47 ... frame #19: 0x0000000103839694 QtCore`QCoreApplication::exec() at qcoreapplication.cpp:1454:32 frame #20: 0x0000000101fc94ea QtGui`QGuiApplication::exec() at qguiapplication.cpp:1993:12 frame #21: 0x0000000100004b59 apphelper`exitFromThread(argc=1, argv=0x00007ff7bfeff318) at apphelper.cpp:50:5 thread #8, name = 'QThread' ... frame #11: 0x00007ff8020c4f94 dyld`dyld4::APIs::dlclose(void*) + 178 frame #12: 0x0000000103e82476 QtCore`QLibraryPrivate::unload_sys(this=0x0000600001254160) at qlibrary_unix.cpp:252:24 frame #13: 0x0000000103e793fc QtCore`QLibraryPrivate::unload(this=0x0000600001254160, flag=UnloadSys) at qlibrary.cpp:561:36 frame #14: 0x00000001039740c8 QtCore`QFactoryLoader::~QFactoryLoader(this=0x00000001029e5e70) at qfactoryloader.cpp:438:21 frame #15: 0x00000001039745e9 QtCore`QFactoryLoader::~QFactoryLoader(this=0x00000001029e5e70) at qfactoryloader.cpp:425:1 frame #16: 0x0000000101eb723c QtGui`void std::__1::__destroy_at[abi:sn180100]<QFactoryLoader, 0>(__loc=0x00000001029e5e70) at construct_at.h:67:11 frame #17: 0x0000000101eb7209 QtGui`void std::__1::destroy_at[abi:sn180100]<QFactoryLoader, 0>(__loc=0x00000001029e5e70) at construct_at.h:100:3 frame #18: 0x0000000102046762 QtGui`QtGlobalStatic::Storage<QFactoryLoader, (anonymous namespace)::Q_QGS_piLoader>::destroyYourself(nextState=Destroyed) at qglobalstatic.h:61:9 frame #19: 0x0000000102046736 QtGui`QtGlobalStatic::Holder<(anonymous namespace)::Q_QGS_piLoader, (anonymous namespace)::Q_QGS_piLoader>::~Holder(this=0x00000001029e5e61) at qglobalstatic.h:83:9 frame #20: 0x00000001020465d9 QtGui`QtGlobalStatic::Holder<(anonymous namespace)::Q_QGS_piLoader, (anonymous namespace)::Q_QGS_piLoader>::~Holder(this=0x00000001029e5e61) at qglobalstatic.h:82:5 frame #21: 0x00007ff8022f4231 libsystem_c.dylib`__cxa_finalize_ranges + 402 frame #22: 0x00007ff8022f4052 libsystem_c.dylib`exit + 35 frame #23: 0x000000010000755a apphelper`exitFromThread(int, char**)::$_1::operator()(this=0x000060000175612c) const at apphelper.cpp:47:9 Pick-to: 6.9.0 6.8 Change-Id: Ib1c72c7975b247cc2d17fffd6c5de89a95c22dad Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io> (cherry picked from commit e6a6757) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>

Amends commit bfbd1a2. I've noticed this on my Mac, because the main thread crashed at the same time as the exitFromThread() thread was exiting and was running ~QLibraryStore: * thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x106) * frame #0: 0x00007ff8020533be libobjc.A.dylib`getMethodNoSuper_nolock(objc_class*, objc_selector*) + 47 ... frame #19: 0x0000000103839694 QtCore`QCoreApplication::exec() at qcoreapplication.cpp:1454:32 frame #20: 0x0000000101fc94ea QtGui`QGuiApplication::exec() at qguiapplication.cpp:1993:12 frame #21: 0x0000000100004b59 apphelper`exitFromThread(argc=1, argv=0x00007ff7bfeff318) at apphelper.cpp:50:5 thread #8, name = 'QThread' ... frame #11: 0x00007ff8020c4f94 dyld`dyld4::APIs::dlclose(void*) + 178 frame #12: 0x0000000103e82476 QtCore`QLibraryPrivate::unload_sys(this=0x0000600001254160) at qlibrary_unix.cpp:252:24 frame #13: 0x0000000103e793fc QtCore`QLibraryPrivate::unload(this=0x0000600001254160, flag=UnloadSys) at qlibrary.cpp:561:36 frame #14: 0x00000001039740c8 QtCore`QFactoryLoader::~QFactoryLoader(this=0x00000001029e5e70) at qfactoryloader.cpp:438:21 frame #15: 0x00000001039745e9 QtCore`QFactoryLoader::~QFactoryLoader(this=0x00000001029e5e70) at qfactoryloader.cpp:425:1 frame #16: 0x0000000101eb723c QtGui`void std::__1::__destroy_at[abi:sn180100]<QFactoryLoader, 0>(__loc=0x00000001029e5e70) at construct_at.h:67:11 frame #17: 0x0000000101eb7209 QtGui`void std::__1::destroy_at[abi:sn180100]<QFactoryLoader, 0>(__loc=0x00000001029e5e70) at construct_at.h:100:3 frame #18: 0x0000000102046762 QtGui`QtGlobalStatic::Storage<QFactoryLoader, (anonymous namespace)::Q_QGS_piLoader>::destroyYourself(nextState=Destroyed) at qglobalstatic.h:61:9 frame #19: 0x0000000102046736 QtGui`QtGlobalStatic::Holder<(anonymous namespace)::Q_QGS_piLoader, (anonymous namespace)::Q_QGS_piLoader>::~Holder(this=0x00000001029e5e61) at qglobalstatic.h:83:9 frame #20: 0x00000001020465d9 QtGui`QtGlobalStatic::Holder<(anonymous namespace)::Q_QGS_piLoader, (anonymous namespace)::Q_QGS_piLoader>::~Holder(this=0x00000001029e5e61) at qglobalstatic.h:82:5 frame #21: 0x00007ff8022f4231 libsystem_c.dylib`__cxa_finalize_ranges + 402 frame #22: 0x00007ff8022f4052 libsystem_c.dylib`exit + 35 frame #23: 0x000000010000755a apphelper`exitFromThread(int, char**)::$_1::operator()(this=0x000060000175612c) const at apphelper.cpp:47:9 Change-Id: Ib1c72c7975b247cc2d17fffd6c5de89a95c22dad Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io> (cherry picked from commit e6a6757) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> (cherry picked from commit 87c7908)

Amends b6b489d, which introduced UB (invalid downcast): By the time the QMainWindowTabBars are destroyed, and they want to unregister themselves from the QMainWindow, the ex-QMainWindow has already been demoted to a QWidget. Says UBSan: qmainwindow.cpp:63:47: runtime error: member call on address 0x6040000267d0 which does not point to an object of type 'QMainWindow' 0x6040000267d0: note: object is of type 'QWidget' 00 00 00 00 28 c1 e6 f3 c7 7f 00 00 80 24 00 00 60 61 00 00 d8 c2 e6 f3 c7 7f 00 00 00 00 be be ^~~~~~~~~~~~~~~~~~~~~~~ vptr for 'QWidget' #0 0x7fc7f06da8c5 in QMainWindowPrivate::mainWindowLayout(QMainWindow const*) qmainwindow.cpp:63 #1 0x7fc7f06da8c5 in qt_mainwindow_layout(QMainWindow const*) qmainwindow.cpp:69 #2 0x7fc7f07bb4ed in QMainWindowTabBar::~QMainWindowTabBar() qmainwindowlayout.cpp:2042 #3 0x7fc7f07bf4e5 in QMainWindowTabBar::~QMainWindowTabBar() qmainwindowlayout.cpp:2047 #4 0x7fc7c69f9c2a in QObjectPrivate::deleteChildren() qobject.cpp:2226 #5 0x7fc7ef0b7f3d in QWidget::~QWidget() qwidget.cpp:1557 #6 0x7fc7f082c7c7 in QDockWidgetGroupWindow::~QDockWidgetGroupWindow() qmainwindowlayout_p.h:343 #7 0x7fc7f082c7c7 in QDockWidgetGroupWindow::~QDockWidgetGroupWindow() qmainwindowlayout_p.h:343 #8 0x7fc7c69f9c2a in QObjectPrivate::deleteChildren() qobject.cpp:2226 #9 0x7fc7ef0b7f3d in QWidget::~QWidget() qwidget.cpp:1557 #10 0x7fc7f06ce495 in QMainWindow::~QMainWindow() qmainwindow.cpp:338 #12 0x556a6180a84c in std::default_delete<QMainWindow>::operator()(QMainWindow*) const unique_ptr.h:85 #13 0x556a6180a84c in std::unique_ptr<QMainWindow, std::default_delete<QMainWindow> >::~unique_ptr() unique_ptr.h:361 #14 0x556a6180a84c in tst_QDockWidget::setFloatingReparenting() tst_qdockwidget.cpp:492 Use qobject_cast to verify that the mainWindow is not pointing to a QMainWindow that is being destroyed (and has passed the ~QMainWindow destructor). If the main window is destroyed, then removing the tab bar from the list of unused tab bars is unnecessary. Pick-to: 6.9 6.8 6.5 Change-Id: I25e12d79198137b75cd2576ff1440b6c94277eba Reviewed-by: Marc Mutz <marc.mutz@qt.io> Reviewed-by: Axel Spoerl <axel.spoerl@qt.io>

Amends b6b489d, which introduced UB (invalid downcast): By the time the QMainWindowTabBars are destroyed, and they want to unregister themselves from the QMainWindow, the ex-QMainWindow has already been demoted to a QWidget. Says UBSan: qmainwindow.cpp:63:47: runtime error: member call on address 0x6040000267d0 which does not point to an object of type 'QMainWindow' 0x6040000267d0: note: object is of type 'QWidget' 00 00 00 00 28 c1 e6 f3 c7 7f 00 00 80 24 00 00 60 61 00 00 d8 c2 e6 f3 c7 7f 00 00 00 00 be be ^~~~~~~~~~~~~~~~~~~~~~~ vptr for 'QWidget' #0 0x7fc7f06da8c5 in QMainWindowPrivate::mainWindowLayout(QMainWindow const*) qmainwindow.cpp:63 #1 0x7fc7f06da8c5 in qt_mainwindow_layout(QMainWindow const*) qmainwindow.cpp:69 #2 0x7fc7f07bb4ed in QMainWindowTabBar::~QMainWindowTabBar() qmainwindowlayout.cpp:2042 #3 0x7fc7f07bf4e5 in QMainWindowTabBar::~QMainWindowTabBar() qmainwindowlayout.cpp:2047 #4 0x7fc7c69f9c2a in QObjectPrivate::deleteChildren() qobject.cpp:2226 #5 0x7fc7ef0b7f3d in QWidget::~QWidget() qwidget.cpp:1557 #6 0x7fc7f082c7c7 in QDockWidgetGroupWindow::~QDockWidgetGroupWindow() qmainwindowlayout_p.h:343 #7 0x7fc7f082c7c7 in QDockWidgetGroupWindow::~QDockWidgetGroupWindow() qmainwindowlayout_p.h:343 #8 0x7fc7c69f9c2a in QObjectPrivate::deleteChildren() qobject.cpp:2226 #9 0x7fc7ef0b7f3d in QWidget::~QWidget() qwidget.cpp:1557 #10 0x7fc7f06ce495 in QMainWindow::~QMainWindow() qmainwindow.cpp:338 #12 0x556a6180a84c in std::default_delete<QMainWindow>::operator()(QMainWindow*) const unique_ptr.h:85 #13 0x556a6180a84c in std::unique_ptr<QMainWindow, std::default_delete<QMainWindow> >::~unique_ptr() unique_ptr.h:361 #14 0x556a6180a84c in tst_QDockWidget::setFloatingReparenting() tst_qdockwidget.cpp:492 Use qobject_cast to verify that the mainWindow is not pointing to a QMainWindow that is being destroyed (and has passed the ~QMainWindow destructor). If the main window is destroyed, then removing the tab bar from the list of unused tab bars is unnecessary. Pick-to: 6.8 6.5 Change-Id: I25e12d79198137b75cd2576ff1440b6c94277eba Reviewed-by: Marc Mutz <marc.mutz@qt.io> Reviewed-by: Axel Spoerl <axel.spoerl@qt.io> (cherry picked from commit 1bbbacb) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>

The process by which the QDockAreaLayout changes a QDockAreaLayoutInfo from representing a QWidget that's being deleted to representing a QPlaceholderItem involves the construction of the latter from the former. If a QDockWidget is being deleted, however, at the time the QDockAreaLayout notices, the ex-QDockWidget has been demoted to a QObject, causing the calls to QWidget member functions to be UB: Says UBSan: qdockarealayout.cpp:46:25: runtime error: member call on address 0x7ffe74a429d0 which does not point to an object of type 'QWidget' 0x7ffe74a429d0: note: object is of type 'QObject' 33 7f 00 00 c0 ea 73 6e 33 7f 00 00 00 12 00 00 70 61 00 00 40 cd 41 83 33 7f 00 00 00 00 00 00 ^~~~~~~~~~~~~~~~~~~~~~~ vptr for 'QObject' #0 0x7f339546e251 in QPlaceHolderItem::QPlaceHolderItem(QWidget*) qdockarealayout.cpp:46 #1 0x7f33955169a8 in QDockAreaLayoutInfo::takeAt(int*, int) qdockarealayout.cpp:1780 #2 0x7f3395517175 in QDockAreaLayout::takeAt(int*, int) qdockarealayout.cpp:3432 #3 0x7f33959e38a8 in QMainWindowLayoutState::takeAt(int, int*) qmainwindowlayout.cpp:927 #4 0x7f33959e38a8 in QMainWindowLayoutState::takeAt(int, int*) qmainwindowlayout.cpp:919 #5 0x7f3395a42cdd in QMainWindowLayout::takeAt(int) qmainwindowlayout.cpp:2238 #6 0x7f3393fae246 in removeWidgetRecursively qlayout.cpp:485 #7 0x7f3393fb8300 in QLayout::widgetEvent(QEvent*) qlayout.cpp:544 #8 0x7f3393bde28a in QApplicationPrivate::notify_helper(QObject*, QEvent*) qapplication.cpp:3298 #9 0x7f3393c5f74a in QApplication::notify(QObject*, QEvent*) qapplication.cpp:3259 #10 0x7f336b784ada in QCoreApplication::notifyInternal2(QObject*, QEvent*) qcoreapplication.cpp:1111 #11 0x7f336b7874e3 in QCoreApplication::sendEvent(QObject*, QEvent*) qcoreapplication.cpp:1551 #12 0x7f336bcc624a in QObjectPrivate::setParent_helper(QObject*) qobject.cpp:2271 #13 0x7f336bccd76c in QObject::~QObject() qobject.cpp:1146 #14 0x7f339434e126 in QWidget::~QWidget() qwidget.cpp:1584 #15 0x7f33955b5815 in QDockWidget::~QDockWidget() qdockwidget.cpp:1362 [...] qwidget.h:816:25: runtime error: member call on address 0x7ffe74a429d0 which does not point to an object of type 'QWidget' 0x7ffe74a429d0: note: object is of type 'QObject' 33 7f 00 00 c0 ea 73 6e 33 7f 00 00 00 12 00 00 70 61 00 00 40 cd 41 83 33 7f 00 00 00 00 00 00 ^~~~~~~~~~~~~~~~~~~~~~~ vptr for 'QObject' #0 0x7f339546e0bb in QWidget::isWindow() const qwidget.h:816 #1 0x7f339546e0bb in QPlaceHolderItem::QPlaceHolderItem(QWidget*) qdockarealayout.cpp:47 [... rest as above...] Fix by dragging the setParent(nullptr) up into ~QDockWidget(). Ordinarily, that call happens only in ~QObject(). But that's what caused the layout to react to the ChildRemoved element too late. When doing it here, the dock widget is still itself, and all the QDockAreaLayout machinery can still access its QWidget-ness. Amends the start of the public history. After consulting with QtWidgets maintainer, not picking to 5.15, since, even though slim, there's a non-zero chance this might break something, somewhere. Pick-to: 6.9 6.8 6.5 Change-Id: I5472bbb0fcab9fb74272a1da6c2a2896226e12bb Reviewed-by: Richard Moe Gustavsen <richard.gustavsen@qt.io>

…howAndHide() The event filter was still active when the QDialogButtonBox in its destruction process had already been demoted to QWidget. The ignoreShowAndHide guard came too late, because by the time we check it, in Private::handleButtonShowAndHide(), we had already cast q_ptr to QDialogButtonBox. Says UBSan: qdialogbuttonbox_p.h:26:5: runtime error: downcast of address 0x7fffefab47e0 which does not point to an object of type 'QDialogButtonBox' 0x7fffefab47e0: note: object is of type 'QWidget' 00 00 00 00 28 c1 5b 6e 6d 7f 00 00 80 22 10 00 90 61 00 00 d8 c2 5b 6e 6d 7f 00 00 00 00 00 00 ^~~~~~~~~~~~~~~~~~~~~~~ vptr for 'QWidget' #0 0x7f6d6b51141d in QDialogButtonBoxPrivate::q_func() qdialogbuttonbox_p.h:26 #1 0x7f6d6b51141d in QDialogButtonBoxPrivate::handleButtonShowAndHide(QAbstractButton*, QEvent*) qdialogbuttonbox.cpp:913 #2 0x7f6d6b51436c in eventFilter qdialogbuttonbox.cpp:127 #3 0x7f6d40c1a8f1 in QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) qcoreapplication.cpp:1248 #4 0x7f6d690b23d5 in QApplicationPrivate::notify_helper(QObject*, QEvent*) qapplication.cpp:3303 #5 0x7f6d69132a3a in QApplication::notify(QObject*, QEvent*) qapplication.cpp:3259 #6 0x7f6d40c1da6a in QCoreApplication::notifyInternal2(QObject*, QEvent*) qcoreapplication.cpp:1111 #7 0x7f6d40c20473 in QCoreApplication::sendEvent(QObject*, QEvent*) qcoreapplication.cpp:1551 #8 0x7f6d690fe76c in QApplicationPrivate::setActiveWindow(QWidget*) qapplication.cpp:1857 #9 0x7f6d695ac796 in QWidgetPrivate::deactivateWidgetCleanup() qwidget.cpp:2326 #10 0x7f6d6976f8ce in QWidgetPrivate::hide_sys() qwidget.cpp:8256 #11 0x7f6d69814579 in QWidgetPrivate::hide_helper() qwidget.cpp:8199 #12 0x7f6d69887c1f in QWidgetPrivate::setVisible(bool) qwidget.cpp:8406 #13 0x7f6d69775d23 in QWidget::setVisible(bool) qwidget.cpp:8314 #14 0x7f6d695fb018 in QWidget::hide() qwidget.cpp:8179 #15 0x7f6d6981a183 in QWidgetPrivate::handleClose(QWidgetPrivate::CloseMode) qwidget.cpp:8580 #16 0x7f6d699e6fc6 in QWidgetWindow::closeEvent(QCloseEvent*) qwidgetwindow.cpp:871 #17 0x7f6d52ef9f5d in QWindow::event(QEvent*) qwindow.cpp:2721 #18 0x7f6d69a575f8 in QWidgetWindow::event(QEvent*) qwidgetwindow.cpp:398 #19 0x7f6d690b2491 in QApplicationPrivate::notify_helper(QObject*, QEvent*) qapplication.cpp:3309 #20 0x7f6d69132a3a in QApplication::notify(QObject*, QEvent*) qapplication.cpp:3259 #21 0x7f6d40c1da6a in QCoreApplication::notifyInternal2(QObject*, QEvent*) qcoreapplication.cpp:1111 #22 0x7f6d40c205b3 in QCoreApplication::sendSpontaneousEvent(QObject*, QEvent*) qcoreapplication.cpp:1565 #23 0x7f6d5287415b in QGuiApplicationPrivate::processCloseEvent(QWindowSystemInterfacePrivate::CloseEvent*) qguiapplication.cpp:2911 #24 0x7f6d528b543f in QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) qguiapplication.cpp:2259 #25 0x7f6d52fb5b02 in QWindowSystemEventHandler::sendEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) qwindowsysteminterface.cpp:190 #26 0x7f6d52fb5b02 in bool QWindowSystemHelper<QWindowSystemInterface::SynchronousDelivery>::handleEvent<QWindowSystemInterfacePrivate::CloseEvent, QWindow*>(QWindow*) qwindowsysteminterface.cpp:102 #27 0x7f6d52fb5b02 in handleWindowSystemEvent<QWindowSystemInterfacePrivate::CloseEvent, QWindowSystemInterface::SynchronousDelivery, QWindow*> qwindowsysteminterface.cpp:138 #28 0x7f6d52fb5b02 in bool QWindowSystemInterface::handleCloseEvent<QWindowSystemInterface::SynchronousDelivery>(QWindow*) qwindowsysteminterface.cpp:351 #29 0x7f6d52cb6f1e in QPlatformWindow::close() qplatformwindow.cpp:348 #30 0x7f6d52e7e158 in QWindow::close() qwindow.cpp:2449 #31 0x7f6d6981b4d2 in QWidgetPrivate::close() qwidget.cpp:8632 #32 0x7f6d698205c6 in QWidget::~QWidget() qwidget.cpp:1508 #33 0x7f6d6b4f6bf0 in QDialogButtonBox::~QDialogButtonBox() qdialogbuttonbox.cpp:496 To fix, don't delay the Q_Q to until after the ignoreShowAndHide check, since that woould be brittle. Instead, do as we for signal/slot connections, which we disconnect explicitly in ~QDialogButtonBox(), and delete the EventFilter explicitly there, too. This way, it's more natural, and also prevents all those useless event filter invocations from having to be processed later on. Amends aff0915. The original code, using QDialogButtonBox::eventFilter(), was not affected, since by the time QDialogButtonBox was demoted to QWidget, QWidget::eventFilter(), not QDialogButtonBox::eventFilter() would been invoked. Which just goes to show that one needs to be very careful with delegating too much responsibilites to the Private class, as it lives, fully derived, until ~QWidget() executes. Pick-to: 6.9 6.8 6.5 Change-Id: I04f36fd6d7d160932bfe1494fdff464786b85047 Reviewed-by: Axel Spoerl <axel.spoerl@qt.io>

Amends b6b489d, which introduced UB (invalid downcast): By the time the QMainWindowTabBars are destroyed, and they want to unregister themselves from the QMainWindow, the ex-QMainWindow has already been demoted to a QWidget. Says UBSan: qmainwindow.cpp:63:47: runtime error: member call on address 0x6040000267d0 which does not point to an object of type 'QMainWindow' 0x6040000267d0: note: object is of type 'QWidget' 00 00 00 00 28 c1 e6 f3 c7 7f 00 00 80 24 00 00 60 61 00 00 d8 c2 e6 f3 c7 7f 00 00 00 00 be be ^~~~~~~~~~~~~~~~~~~~~~~ vptr for 'QWidget' #0 0x7fc7f06da8c5 in QMainWindowPrivate::mainWindowLayout(QMainWindow const*) qmainwindow.cpp:63 #1 0x7fc7f06da8c5 in qt_mainwindow_layout(QMainWindow const*) qmainwindow.cpp:69 #2 0x7fc7f07bb4ed in QMainWindowTabBar::~QMainWindowTabBar() qmainwindowlayout.cpp:2042 #3 0x7fc7f07bf4e5 in QMainWindowTabBar::~QMainWindowTabBar() qmainwindowlayout.cpp:2047 #4 0x7fc7c69f9c2a in QObjectPrivate::deleteChildren() qobject.cpp:2226 #5 0x7fc7ef0b7f3d in QWidget::~QWidget() qwidget.cpp:1557 #6 0x7fc7f082c7c7 in QDockWidgetGroupWindow::~QDockWidgetGroupWindow() qmainwindowlayout_p.h:343 #7 0x7fc7f082c7c7 in QDockWidgetGroupWindow::~QDockWidgetGroupWindow() qmainwindowlayout_p.h:343 #8 0x7fc7c69f9c2a in QObjectPrivate::deleteChildren() qobject.cpp:2226 #9 0x7fc7ef0b7f3d in QWidget::~QWidget() qwidget.cpp:1557 #10 0x7fc7f06ce495 in QMainWindow::~QMainWindow() qmainwindow.cpp:338 #12 0x556a6180a84c in std::default_delete<QMainWindow>::operator()(QMainWindow*) const unique_ptr.h:85 #13 0x556a6180a84c in std::unique_ptr<QMainWindow, std::default_delete<QMainWindow> >::~unique_ptr() unique_ptr.h:361 #14 0x556a6180a84c in tst_QDockWidget::setFloatingReparenting() tst_qdockwidget.cpp:492 Use qobject_cast to verify that the mainWindow is not pointing to a QMainWindow that is being destroyed (and has passed the ~QMainWindow destructor). If the main window is destroyed, then removing the tab bar from the list of unused tab bars is unnecessary. Pick-to: 6.5 Change-Id: I25e12d79198137b75cd2576ff1440b6c94277eba Reviewed-by: Marc Mutz <marc.mutz@qt.io> Reviewed-by: Axel Spoerl <axel.spoerl@qt.io> (cherry picked from commit 1bbbacb) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> (cherry picked from commit 19c4db4)

…veButtonsFromMenuBar() The function can be called from ~QMdiSubwindow(), and we checked for QWidgetPrivate::data.in_destructor before proceeding with the removal of buttons from the menubar, but we called QPointer<QMdiSubwindow>::data()->window(), which, at this point in time, had already been demoted to a QWidget: Says UBSan: qpointer.h:75:14: runtime error: downcast of address 0x6040000aca10 which does not point to an object of type 'QMdiSubWindow' 0x6040000aca10: note: object is of type 'QWidget' 00 00 00 00 28 01 99 bc ff 7e 00 00 80 dc 0f 00 90 61 00 00 d8 02 99 bc ff 7e 00 00 00 00 be be ^~~~~~~~~~~~~~~~~~~~~~~ vptr for 'QWidget' #0 0x7effb955f95a in QPointer<QMdiSubWindow>::data() const qpointer.h:75 #1 0x7effb955f95a in QPointer<QMdiSubWindow>::operator->() const qpointer.h:79 #2 0x7effb955f95a in QMdi::ControlContainer::removeButtonsFromMenuBar(QMenuBar*) qmdisubwindow.cpp:795 #3 0x7effb9563031 in QMdi::ControlContainer::~ControlContainer() qmdisubwindow.cpp:717 #4 0x7effb9566595 in QMdi::ControlContainer::~ControlContainer() qmdisubwindow.cpp:723 #5 0x7eff8f4f2b7a in QObjectPrivate::deleteChildren() qobject.cpp:2226 #6 0x7effb7bf732d in QWidget::~QWidget() qwidget.cpp:1557 #7 0x7effb95cc02c in QMdiSubWindow::~QMdiSubWindow() qmdisubwindow.cpp:2254 #8 0x7effb95cc1d5 in QMdiSubWindow::~QMdiSubWindow() qmdisubwindow.cpp:2254 #9 0x7eff8f4f2b7a in QObjectPrivate::deleteChildren() qobject.cpp:2226 #10 0x7effb7bf732d in QWidget::~QWidget() qwidget.cpp:1557 #11 0x7effb7bffba5 in QWidget::~QWidget() qwidget.cpp:1584 #12 0x7eff8f4f2b7a in QObjectPrivate::deleteChildren() qobject.cpp:2226 #13 0x7effb7bf732d in QWidget::~QWidget() qwidget.cpp:1557 #14 0x7effb85f0dc5 in QFrame::~QFrame() qframe.cpp:235 #15 0x7effb859c747 in QAbstractScrollArea::~QAbstractScrollArea() qabstractscrollarea.cpp:478 #16 0x7effb93c08a6 in QMdiArea::~QMdiArea() qmdiarea.cpp:1703 #17 0x7effb93c0e55 in QMdiArea::~QMdiArea() qmdiarea.cpp:1703 #18 0x7eff8f4f2b7a in QObjectPrivate::deleteChildren() qobject.cpp:2226 #19 0x7effb7bf732d in QWidget::~QWidget() qwidget.cpp:1557 #20 0x7effb920a425 in QMainWindow::~QMainWindow() qmainwindow.cpp:338 Fix by deleting the ControlContainer already from ~QMdiSubwindow(), ie. when we have not yet been demoted to QWidget. Amends the start of the public history. Pick-to: 6.9 6.8 6.5 5.15 Change-Id: Ia43c857bc1842b2b4957cc79e00f790b045d8f94 Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io>

…howAndHide() The event filter was still active when the QDialogButtonBox in its destruction process had already been demoted to QWidget. The ignoreShowAndHide guard came too late, because by the time we check it, in Private::handleButtonShowAndHide(), we had already cast q_ptr to QDialogButtonBox. Says UBSan: qdialogbuttonbox_p.h:26:5: runtime error: downcast of address 0x7fffefab47e0 which does not point to an object of type 'QDialogButtonBox' 0x7fffefab47e0: note: object is of type 'QWidget' 00 00 00 00 28 c1 5b 6e 6d 7f 00 00 80 22 10 00 90 61 00 00 d8 c2 5b 6e 6d 7f 00 00 00 00 00 00 ^~~~~~~~~~~~~~~~~~~~~~~ vptr for 'QWidget' #0 0x7f6d6b51141d in QDialogButtonBoxPrivate::q_func() qdialogbuttonbox_p.h:26 #1 0x7f6d6b51141d in QDialogButtonBoxPrivate::handleButtonShowAndHide(QAbstractButton*, QEvent*) qdialogbuttonbox.cpp:913 #2 0x7f6d6b51436c in eventFilter qdialogbuttonbox.cpp:127 #3 0x7f6d40c1a8f1 in QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) qcoreapplication.cpp:1248 #4 0x7f6d690b23d5 in QApplicationPrivate::notify_helper(QObject*, QEvent*) qapplication.cpp:3303 #5 0x7f6d69132a3a in QApplication::notify(QObject*, QEvent*) qapplication.cpp:3259 #6 0x7f6d40c1da6a in QCoreApplication::notifyInternal2(QObject*, QEvent*) qcoreapplication.cpp:1111 #7 0x7f6d40c20473 in QCoreApplication::sendEvent(QObject*, QEvent*) qcoreapplication.cpp:1551 #8 0x7f6d690fe76c in QApplicationPrivate::setActiveWindow(QWidget*) qapplication.cpp:1857 #9 0x7f6d695ac796 in QWidgetPrivate::deactivateWidgetCleanup() qwidget.cpp:2326 #10 0x7f6d6976f8ce in QWidgetPrivate::hide_sys() qwidget.cpp:8256 #11 0x7f6d69814579 in QWidgetPrivate::hide_helper() qwidget.cpp:8199 #12 0x7f6d69887c1f in QWidgetPrivate::setVisible(bool) qwidget.cpp:8406 #13 0x7f6d69775d23 in QWidget::setVisible(bool) qwidget.cpp:8314 #14 0x7f6d695fb018 in QWidget::hide() qwidget.cpp:8179 #15 0x7f6d6981a183 in QWidgetPrivate::handleClose(QWidgetPrivate::CloseMode) qwidget.cpp:8580 #16 0x7f6d699e6fc6 in QWidgetWindow::closeEvent(QCloseEvent*) qwidgetwindow.cpp:871 #17 0x7f6d52ef9f5d in QWindow::event(QEvent*) qwindow.cpp:2721 #18 0x7f6d69a575f8 in QWidgetWindow::event(QEvent*) qwidgetwindow.cpp:398 #19 0x7f6d690b2491 in QApplicationPrivate::notify_helper(QObject*, QEvent*) qapplication.cpp:3309 #20 0x7f6d69132a3a in QApplication::notify(QObject*, QEvent*) qapplication.cpp:3259 #21 0x7f6d40c1da6a in QCoreApplication::notifyInternal2(QObject*, QEvent*) qcoreapplication.cpp:1111 #22 0x7f6d40c205b3 in QCoreApplication::sendSpontaneousEvent(QObject*, QEvent*) qcoreapplication.cpp:1565 #23 0x7f6d5287415b in QGuiApplicationPrivate::processCloseEvent(QWindowSystemInterfacePrivate::CloseEvent*) qguiapplication.cpp:2911 #24 0x7f6d528b543f in QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) qguiapplication.cpp:2259 #25 0x7f6d52fb5b02 in QWindowSystemEventHandler::sendEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) qwindowsysteminterface.cpp:190 #26 0x7f6d52fb5b02 in bool QWindowSystemHelper<QWindowSystemInterface::SynchronousDelivery>::handleEvent<QWindowSystemInterfacePrivate::CloseEvent, QWindow*>(QWindow*) qwindowsysteminterface.cpp:102 #27 0x7f6d52fb5b02 in handleWindowSystemEvent<QWindowSystemInterfacePrivate::CloseEvent, QWindowSystemInterface::SynchronousDelivery, QWindow*> qwindowsysteminterface.cpp:138 #28 0x7f6d52fb5b02 in bool QWindowSystemInterface::handleCloseEvent<QWindowSystemInterface::SynchronousDelivery>(QWindow*) qwindowsysteminterface.cpp:351 #29 0x7f6d52cb6f1e in QPlatformWindow::close() qplatformwindow.cpp:348 #30 0x7f6d52e7e158 in QWindow::close() qwindow.cpp:2449 #31 0x7f6d6981b4d2 in QWidgetPrivate::close() qwidget.cpp:8632 #32 0x7f6d698205c6 in QWidget::~QWidget() qwidget.cpp:1508 #33 0x7f6d6b4f6bf0 in QDialogButtonBox::~QDialogButtonBox() qdialogbuttonbox.cpp:496 To fix, don't delay the Q_Q to until after the ignoreShowAndHide check, since that woould be brittle. Instead, do as we for signal/slot connections, which we disconnect explicitly in ~QDialogButtonBox(), and delete the EventFilter explicitly there, too. This way, it's more natural, and also prevents all those useless event filter invocations from having to be processed later on. Amends aff0915. The original code, using QDialogButtonBox::eventFilter(), was not affected, since by the time QDialogButtonBox was demoted to QWidget, QWidget::eventFilter(), not QDialogButtonBox::eventFilter() would been invoked. Which just goes to show that one needs to be very careful with delegating too much responsibilites to the Private class, as it lives, fully derived, until ~QWidget() executes. Pick-to: 6.8 6.5 Change-Id: I04f36fd6d7d160932bfe1494fdff464786b85047 Reviewed-by: Axel Spoerl <axel.spoerl@qt.io> (cherry picked from commit dceff0a) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>

…howAndHide() The event filter was still active when the QDialogButtonBox in its destruction process had already been demoted to QWidget. The ignoreShowAndHide guard came too late, because by the time we check it, in Private::handleButtonShowAndHide(), we had already cast q_ptr to QDialogButtonBox. Says UBSan: qdialogbuttonbox_p.h:26:5: runtime error: downcast of address 0x7fffefab47e0 which does not point to an object of type 'QDialogButtonBox' 0x7fffefab47e0: note: object is of type 'QWidget' 00 00 00 00 28 c1 5b 6e 6d 7f 00 00 80 22 10 00 90 61 00 00 d8 c2 5b 6e 6d 7f 00 00 00 00 00 00 ^~~~~~~~~~~~~~~~~~~~~~~ vptr for 'QWidget' #0 0x7f6d6b51141d in QDialogButtonBoxPrivate::q_func() qdialogbuttonbox_p.h:26 #1 0x7f6d6b51141d in QDialogButtonBoxPrivate::handleButtonShowAndHide(QAbstractButton*, QEvent*) qdialogbuttonbox.cpp:913 #2 0x7f6d6b51436c in eventFilter qdialogbuttonbox.cpp:127 #3 0x7f6d40c1a8f1 in QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) qcoreapplication.cpp:1248 #4 0x7f6d690b23d5 in QApplicationPrivate::notify_helper(QObject*, QEvent*) qapplication.cpp:3303 #5 0x7f6d69132a3a in QApplication::notify(QObject*, QEvent*) qapplication.cpp:3259 #6 0x7f6d40c1da6a in QCoreApplication::notifyInternal2(QObject*, QEvent*) qcoreapplication.cpp:1111 #7 0x7f6d40c20473 in QCoreApplication::sendEvent(QObject*, QEvent*) qcoreapplication.cpp:1551 #8 0x7f6d690fe76c in QApplicationPrivate::setActiveWindow(QWidget*) qapplication.cpp:1857 #9 0x7f6d695ac796 in QWidgetPrivate::deactivateWidgetCleanup() qwidget.cpp:2326 #10 0x7f6d6976f8ce in QWidgetPrivate::hide_sys() qwidget.cpp:8256 #11 0x7f6d69814579 in QWidgetPrivate::hide_helper() qwidget.cpp:8199 #12 0x7f6d69887c1f in QWidgetPrivate::setVisible(bool) qwidget.cpp:8406 #13 0x7f6d69775d23 in QWidget::setVisible(bool) qwidget.cpp:8314 #14 0x7f6d695fb018 in QWidget::hide() qwidget.cpp:8179 #15 0x7f6d6981a183 in QWidgetPrivate::handleClose(QWidgetPrivate::CloseMode) qwidget.cpp:8580 #16 0x7f6d699e6fc6 in QWidgetWindow::closeEvent(QCloseEvent*) qwidgetwindow.cpp:871 #17 0x7f6d52ef9f5d in QWindow::event(QEvent*) qwindow.cpp:2721 #18 0x7f6d69a575f8 in QWidgetWindow::event(QEvent*) qwidgetwindow.cpp:398 #19 0x7f6d690b2491 in QApplicationPrivate::notify_helper(QObject*, QEvent*) qapplication.cpp:3309 #20 0x7f6d69132a3a in QApplication::notify(QObject*, QEvent*) qapplication.cpp:3259 #21 0x7f6d40c1da6a in QCoreApplication::notifyInternal2(QObject*, QEvent*) qcoreapplication.cpp:1111 #22 0x7f6d40c205b3 in QCoreApplication::sendSpontaneousEvent(QObject*, QEvent*) qcoreapplication.cpp:1565 #23 0x7f6d5287415b in QGuiApplicationPrivate::processCloseEvent(QWindowSystemInterfacePrivate::CloseEvent*) qguiapplication.cpp:2911 #24 0x7f6d528b543f in QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) qguiapplication.cpp:2259 #25 0x7f6d52fb5b02 in QWindowSystemEventHandler::sendEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) qwindowsysteminterface.cpp:190 #26 0x7f6d52fb5b02 in bool QWindowSystemHelper<QWindowSystemInterface::SynchronousDelivery>::handleEvent<QWindowSystemInterfacePrivate::CloseEvent, QWindow*>(QWindow*) qwindowsysteminterface.cpp:102 #27 0x7f6d52fb5b02 in handleWindowSystemEvent<QWindowSystemInterfacePrivate::CloseEvent, QWindowSystemInterface::SynchronousDelivery, QWindow*> qwindowsysteminterface.cpp:138 #28 0x7f6d52fb5b02 in bool QWindowSystemInterface::handleCloseEvent<QWindowSystemInterface::SynchronousDelivery>(QWindow*) qwindowsysteminterface.cpp:351 #29 0x7f6d52cb6f1e in QPlatformWindow::close() qplatformwindow.cpp:348 #30 0x7f6d52e7e158 in QWindow::close() qwindow.cpp:2449 #31 0x7f6d6981b4d2 in QWidgetPrivate::close() qwidget.cpp:8632 #32 0x7f6d698205c6 in QWidget::~QWidget() qwidget.cpp:1508 #33 0x7f6d6b4f6bf0 in QDialogButtonBox::~QDialogButtonBox() qdialogbuttonbox.cpp:496 To fix, don't delay the Q_Q to until after the ignoreShowAndHide check, since that woould be brittle. Instead, do as we for signal/slot connections, which we disconnect explicitly in ~QDialogButtonBox(), and delete the EventFilter explicitly there, too. This way, it's more natural, and also prevents all those useless event filter invocations from having to be processed later on. Amends aff0915. The original code, using QDialogButtonBox::eventFilter(), was not affected, since by the time QDialogButtonBox was demoted to QWidget, QWidget::eventFilter(), not QDialogButtonBox::eventFilter() would been invoked. Which just goes to show that one needs to be very careful with delegating too much responsibilites to the Private class, as it lives, fully derived, until ~QWidget() executes. Pick-to: 6.5 Change-Id: I04f36fd6d7d160932bfe1494fdff464786b85047 Reviewed-by: Axel Spoerl <axel.spoerl@qt.io> (cherry picked from commit dceff0a) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> (cherry picked from commit 6753ab4)

…veButtonsFromMenuBar() The function can be called from ~QMdiSubwindow(), and we checked for QWidgetPrivate::data.in_destructor before proceeding with the removal of buttons from the menubar, but we called QPointer<QMdiSubwindow>::data()->window(), which, at this point in time, had already been demoted to a QWidget: Says UBSan: qpointer.h:75:14: runtime error: downcast of address 0x6040000aca10 which does not point to an object of type 'QMdiSubWindow' 0x6040000aca10: note: object is of type 'QWidget' 00 00 00 00 28 01 99 bc ff 7e 00 00 80 dc 0f 00 90 61 00 00 d8 02 99 bc ff 7e 00 00 00 00 be be ^~~~~~~~~~~~~~~~~~~~~~~ vptr for 'QWidget' #0 0x7effb955f95a in QPointer<QMdiSubWindow>::data() const qpointer.h:75 #1 0x7effb955f95a in QPointer<QMdiSubWindow>::operator->() const qpointer.h:79 #2 0x7effb955f95a in QMdi::ControlContainer::removeButtonsFromMenuBar(QMenuBar*) qmdisubwindow.cpp:795 #3 0x7effb9563031 in QMdi::ControlContainer::~ControlContainer() qmdisubwindow.cpp:717 #4 0x7effb9566595 in QMdi::ControlContainer::~ControlContainer() qmdisubwindow.cpp:723 #5 0x7eff8f4f2b7a in QObjectPrivate::deleteChildren() qobject.cpp:2226 #6 0x7effb7bf732d in QWidget::~QWidget() qwidget.cpp:1557 #7 0x7effb95cc02c in QMdiSubWindow::~QMdiSubWindow() qmdisubwindow.cpp:2254 #8 0x7effb95cc1d5 in QMdiSubWindow::~QMdiSubWindow() qmdisubwindow.cpp:2254 #9 0x7eff8f4f2b7a in QObjectPrivate::deleteChildren() qobject.cpp:2226 #10 0x7effb7bf732d in QWidget::~QWidget() qwidget.cpp:1557 #11 0x7effb7bffba5 in QWidget::~QWidget() qwidget.cpp:1584 #12 0x7eff8f4f2b7a in QObjectPrivate::deleteChildren() qobject.cpp:2226 #13 0x7effb7bf732d in QWidget::~QWidget() qwidget.cpp:1557 #14 0x7effb85f0dc5 in QFrame::~QFrame() qframe.cpp:235 #15 0x7effb859c747 in QAbstractScrollArea::~QAbstractScrollArea() qabstractscrollarea.cpp:478 #16 0x7effb93c08a6 in QMdiArea::~QMdiArea() qmdiarea.cpp:1703 #17 0x7effb93c0e55 in QMdiArea::~QMdiArea() qmdiarea.cpp:1703 #18 0x7eff8f4f2b7a in QObjectPrivate::deleteChildren() qobject.cpp:2226 #19 0x7effb7bf732d in QWidget::~QWidget() qwidget.cpp:1557 #20 0x7effb920a425 in QMainWindow::~QMainWindow() qmainwindow.cpp:338 Fix by deleting the ControlContainer already from ~QMdiSubwindow(), ie. when we have not yet been demoted to QWidget. Amends the start of the public history. Pick-to: 6.8 6.5 5.15 Change-Id: Ia43c857bc1842b2b4957cc79e00f790b045d8f94 Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io> (cherry picked from commit 2e3d391) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>

The process by which the QDockAreaLayout changes a QDockAreaLayoutInfo from representing a QWidget that's being deleted to representing a QPlaceholderItem involves the construction of the latter from the former. If a QDockWidget is being deleted, however, at the time the QDockAreaLayout notices, the ex-QDockWidget has been demoted to a QObject, causing the calls to QWidget member functions to be UB: Says UBSan: qdockarealayout.cpp:46:25: runtime error: member call on address 0x7ffe74a429d0 which does not point to an object of type 'QWidget' 0x7ffe74a429d0: note: object is of type 'QObject' 33 7f 00 00 c0 ea 73 6e 33 7f 00 00 00 12 00 00 70 61 00 00 40 cd 41 83 33 7f 00 00 00 00 00 00 ^~~~~~~~~~~~~~~~~~~~~~~ vptr for 'QObject' #0 0x7f339546e251 in QPlaceHolderItem::QPlaceHolderItem(QWidget*) qdockarealayout.cpp:46 #1 0x7f33955169a8 in QDockAreaLayoutInfo::takeAt(int*, int) qdockarealayout.cpp:1780 #2 0x7f3395517175 in QDockAreaLayout::takeAt(int*, int) qdockarealayout.cpp:3432 #3 0x7f33959e38a8 in QMainWindowLayoutState::takeAt(int, int*) qmainwindowlayout.cpp:927 #4 0x7f33959e38a8 in QMainWindowLayoutState::takeAt(int, int*) qmainwindowlayout.cpp:919 #5 0x7f3395a42cdd in QMainWindowLayout::takeAt(int) qmainwindowlayout.cpp:2238 #6 0x7f3393fae246 in removeWidgetRecursively qlayout.cpp:485 #7 0x7f3393fb8300 in QLayout::widgetEvent(QEvent*) qlayout.cpp:544 #8 0x7f3393bde28a in QApplicationPrivate::notify_helper(QObject*, QEvent*) qapplication.cpp:3298 #9 0x7f3393c5f74a in QApplication::notify(QObject*, QEvent*) qapplication.cpp:3259 #10 0x7f336b784ada in QCoreApplication::notifyInternal2(QObject*, QEvent*) qcoreapplication.cpp:1111 #11 0x7f336b7874e3 in QCoreApplication::sendEvent(QObject*, QEvent*) qcoreapplication.cpp:1551 #12 0x7f336bcc624a in QObjectPrivate::setParent_helper(QObject*) qobject.cpp:2271 #13 0x7f336bccd76c in QObject::~QObject() qobject.cpp:1146 #14 0x7f339434e126 in QWidget::~QWidget() qwidget.cpp:1584 #15 0x7f33955b5815 in QDockWidget::~QDockWidget() qdockwidget.cpp:1362 [...] qwidget.h:816:25: runtime error: member call on address 0x7ffe74a429d0 which does not point to an object of type 'QWidget' 0x7ffe74a429d0: note: object is of type 'QObject' 33 7f 00 00 c0 ea 73 6e 33 7f 00 00 00 12 00 00 70 61 00 00 40 cd 41 83 33 7f 00 00 00 00 00 00 ^~~~~~~~~~~~~~~~~~~~~~~ vptr for 'QObject' #0 0x7f339546e0bb in QWidget::isWindow() const qwidget.h:816 #1 0x7f339546e0bb in QPlaceHolderItem::QPlaceHolderItem(QWidget*) qdockarealayout.cpp:47 [... rest as above...] Fix by dragging the setParent(nullptr) up into ~QDockWidget(). Ordinarily, that call happens only in ~QObject(). But that's what caused the layout to react to the ChildRemoved element too late. When doing it here, the dock widget is still itself, and all the QDockAreaLayout machinery can still access its QWidget-ness. Amends the start of the public history. After consulting with QtWidgets maintainer, not picking to 5.15, since, even though slim, there's a non-zero chance this might break something, somewhere. Pick-to: 6.8 6.5 Change-Id: I5472bbb0fcab9fb74272a1da6c2a2896226e12bb Reviewed-by: Richard Moe Gustavsen <richard.gustavsen@qt.io> (cherry picked from commit 2c67d47) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>

The process by which the QDockAreaLayout changes a QDockAreaLayoutInfo from representing a QWidget that's being deleted to representing a QPlaceholderItem involves the construction of the latter from the former. If a QDockWidget is being deleted, however, at the time the QDockAreaLayout notices, the ex-QDockWidget has been demoted to a QObject, causing the calls to QWidget member functions to be UB: Says UBSan: qdockarealayout.cpp:46:25: runtime error: member call on address 0x7ffe74a429d0 which does not point to an object of type 'QWidget' 0x7ffe74a429d0: note: object is of type 'QObject' 33 7f 00 00 c0 ea 73 6e 33 7f 00 00 00 12 00 00 70 61 00 00 40 cd 41 83 33 7f 00 00 00 00 00 00 ^~~~~~~~~~~~~~~~~~~~~~~ vptr for 'QObject' #0 0x7f339546e251 in QPlaceHolderItem::QPlaceHolderItem(QWidget*) qdockarealayout.cpp:46 #1 0x7f33955169a8 in QDockAreaLayoutInfo::takeAt(int*, int) qdockarealayout.cpp:1780 #2 0x7f3395517175 in QDockAreaLayout::takeAt(int*, int) qdockarealayout.cpp:3432 #3 0x7f33959e38a8 in QMainWindowLayoutState::takeAt(int, int*) qmainwindowlayout.cpp:927 #4 0x7f33959e38a8 in QMainWindowLayoutState::takeAt(int, int*) qmainwindowlayout.cpp:919 #5 0x7f3395a42cdd in QMainWindowLayout::takeAt(int) qmainwindowlayout.cpp:2238 #6 0x7f3393fae246 in removeWidgetRecursively qlayout.cpp:485 #7 0x7f3393fb8300 in QLayout::widgetEvent(QEvent*) qlayout.cpp:544 #8 0x7f3393bde28a in QApplicationPrivate::notify_helper(QObject*, QEvent*) qapplication.cpp:3298 #9 0x7f3393c5f74a in QApplication::notify(QObject*, QEvent*) qapplication.cpp:3259 #10 0x7f336b784ada in QCoreApplication::notifyInternal2(QObject*, QEvent*) qcoreapplication.cpp:1111 #11 0x7f336b7874e3 in QCoreApplication::sendEvent(QObject*, QEvent*) qcoreapplication.cpp:1551 #12 0x7f336bcc624a in QObjectPrivate::setParent_helper(QObject*) qobject.cpp:2271 #13 0x7f336bccd76c in QObject::~QObject() qobject.cpp:1146 #14 0x7f339434e126 in QWidget::~QWidget() qwidget.cpp:1584 #15 0x7f33955b5815 in QDockWidget::~QDockWidget() qdockwidget.cpp:1362 [...] qwidget.h:816:25: runtime error: member call on address 0x7ffe74a429d0 which does not point to an object of type 'QWidget' 0x7ffe74a429d0: note: object is of type 'QObject' 33 7f 00 00 c0 ea 73 6e 33 7f 00 00 00 12 00 00 70 61 00 00 40 cd 41 83 33 7f 00 00 00 00 00 00 ^~~~~~~~~~~~~~~~~~~~~~~ vptr for 'QObject' #0 0x7f339546e0bb in QWidget::isWindow() const qwidget.h:816 #1 0x7f339546e0bb in QPlaceHolderItem::QPlaceHolderItem(QWidget*) qdockarealayout.cpp:47 [... rest as above...] Fix by dragging the setParent(nullptr) up into ~QDockWidget(). Ordinarily, that call happens only in ~QObject(). But that's what caused the layout to react to the ChildRemoved element too late. When doing it here, the dock widget is still itself, and all the QDockAreaLayout machinery can still access its QWidget-ness. Amends the start of the public history. After consulting with QtWidgets maintainer, not picking to 5.15, since, even though slim, there's a non-zero chance this might break something, somewhere. Pick-to: 6.5 Change-Id: I5472bbb0fcab9fb74272a1da6c2a2896226e12bb Reviewed-by: Richard Moe Gustavsen <richard.gustavsen@qt.io> (cherry picked from commit 2c67d47) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> (cherry picked from commit 72dfe79)

…veButtonsFromMenuBar() The function can be called from ~QMdiSubwindow(), and we checked for QWidgetPrivate::data.in_destructor before proceeding with the removal of buttons from the menubar, but we called QPointer<QMdiSubwindow>::data()->window(), which, at this point in time, had already been demoted to a QWidget: Says UBSan: qpointer.h:75:14: runtime error: downcast of address 0x6040000aca10 which does not point to an object of type 'QMdiSubWindow' 0x6040000aca10: note: object is of type 'QWidget' 00 00 00 00 28 01 99 bc ff 7e 00 00 80 dc 0f 00 90 61 00 00 d8 02 99 bc ff 7e 00 00 00 00 be be ^~~~~~~~~~~~~~~~~~~~~~~ vptr for 'QWidget' #0 0x7effb955f95a in QPointer<QMdiSubWindow>::data() const qpointer.h:75 #1 0x7effb955f95a in QPointer<QMdiSubWindow>::operator->() const qpointer.h:79 #2 0x7effb955f95a in QMdi::ControlContainer::removeButtonsFromMenuBar(QMenuBar*) qmdisubwindow.cpp:795 #3 0x7effb9563031 in QMdi::ControlContainer::~ControlContainer() qmdisubwindow.cpp:717 #4 0x7effb9566595 in QMdi::ControlContainer::~ControlContainer() qmdisubwindow.cpp:723 #5 0x7eff8f4f2b7a in QObjectPrivate::deleteChildren() qobject.cpp:2226 #6 0x7effb7bf732d in QWidget::~QWidget() qwidget.cpp:1557 #7 0x7effb95cc02c in QMdiSubWindow::~QMdiSubWindow() qmdisubwindow.cpp:2254 #8 0x7effb95cc1d5 in QMdiSubWindow::~QMdiSubWindow() qmdisubwindow.cpp:2254 #9 0x7eff8f4f2b7a in QObjectPrivate::deleteChildren() qobject.cpp:2226 #10 0x7effb7bf732d in QWidget::~QWidget() qwidget.cpp:1557 #11 0x7effb7bffba5 in QWidget::~QWidget() qwidget.cpp:1584 #12 0x7eff8f4f2b7a in QObjectPrivate::deleteChildren() qobject.cpp:2226 #13 0x7effb7bf732d in QWidget::~QWidget() qwidget.cpp:1557 #14 0x7effb85f0dc5 in QFrame::~QFrame() qframe.cpp:235 #15 0x7effb859c747 in QAbstractScrollArea::~QAbstractScrollArea() qabstractscrollarea.cpp:478 #16 0x7effb93c08a6 in QMdiArea::~QMdiArea() qmdiarea.cpp:1703 #17 0x7effb93c0e55 in QMdiArea::~QMdiArea() qmdiarea.cpp:1703 #18 0x7eff8f4f2b7a in QObjectPrivate::deleteChildren() qobject.cpp:2226 #19 0x7effb7bf732d in QWidget::~QWidget() qwidget.cpp:1557 #20 0x7effb920a425 in QMainWindow::~QMainWindow() qmainwindow.cpp:338 Fix by deleting the ControlContainer already from ~QMdiSubwindow(), ie. when we have not yet been demoted to QWidget. Amends the start of the public history. Pick-to: 6.5 5.15 Change-Id: Ia43c857bc1842b2b4957cc79e00f790b045d8f94 Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io> (cherry picked from commit 2e3d391) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> (cherry picked from commit 0859415)

During application shutdown our global static list of loggers may be torn down, and then some other part of Qt issues logging during its own destruction. For example, QThreadStorage will emit: QThreadStorage: entry 1 destroyed before end of thread 0x106432bd0 which would crash: frame #7: 0x000000010a8d97a8 QtCore`qt_assert_x(where="Type *QGlobalStatic<QtGlobalStatic::Holder<QTest::(anonymous namespace)::Q_QGS_loggers>>::operator->() [Holder = QtGlobalStatic::Holder<QTest::(anonymous namespace)::Q_QGS_loggers>]", what="The global static was used after being destroyed", file="/Users/torarne/dev/qt/qtbase/src/corelib/global/qglobalstatic.h", line=88) at qassert.cpp:126:14 frame #8: 0x0000000101016e5c QtTest`QGlobalStatic<QtGlobalStatic::Holder<QTest::(anonymous namespace)::Q_QGS_loggers>>::operator->(this=0x00000001010808c8) at qglobalstatic.h:87:9 frame #9: 0x0000000101018f78 QtTest`QTest::messageHandler(type=QtWarningMsg, context=0x000000016fdfb848, message=0x000000016fdfb790) at qtestlog.cpp:308:30 frame #10: 0x000000010a131018 QtCore`qt_message_print(msgType=QtWarningMsg, context=0x000000016fdfb848, message=0x000000016fdfb790) at qlogging.cpp:2133:9 frame #11: 0x000000010a12bc50 QtCore`qt_message(msgType=QtWarningMsg, context=0x000000016fdfb848, msg="QThreadStorage: entry %d destroyed before end of thread %p", ap="\U00000001") at qlogging.cpp:411:5 frame #12: 0x000000010a8d9904 QtCore`QMessageLogger::warning(this=0x000000016fdfba30, msg="QThreadStorage: entry %d destroyed before end of thread %p") const at qlogging.cpp:651:5 frame #13: 0x000000010a62b8b8 QtCore`QThreadStoragePrivate::finish(tls=0x00000008c6c102e8) at qthreadstorage.cpp:169:17 frame #14: 0x000000010a617aec QtCore`QThreadPrivate::finish()::$_0::operator()(this=0x000000016fdfbb20) const at qthread_unix.cpp:468:9 frame #15: 0x000000010a6159a4 QtCore`void (anonymous namespace)::terminate_on_exception<QThreadPrivate::finish()::$_0>(t=0x000000016fdfbb20) at qthread_unix.cpp:380:5 frame #16: 0x000000010a615960 QtCore`QThreadPrivate::finish(this=0x00000008c707c000) at qthread_unix.cpp:450:5 frame #17: 0x000000010a617190 QtCore`destroy_current_thread_data(data=0x00000008c6c10280) at qthread_unix.cpp:172:19 frame #18: 0x000000010a617330 QtCore`(anonymous namespace)::QThreadDataDestroyer::EarlyMainThread::~EarlyMainThread(this=0x000000010aa9e640) at qthread_unix.cpp:232:17 frame #19: 0x000000010a6172b4 QtCore`(anonymous namespace)::QThreadDataDestroyer::EarlyMainThread::~EarlyMainThread(this=0x000000010aa9e640) at qthread_unix.cpp:229:9 frame #20: 0x0000000181ac542c libsystem_c.dylib`__cxa_finalize_ranges + 480 frame #21: 0x0000000181ac51ec libsystem_c.dylib`exit + 44 Pick-to: 6.11 6.10 6.8 Change-Id: Ie85788e49a34aa75fe44b52fb488bd0e763b78f9 Reviewed-by: Tim Blechmann <tim.blechmann@qt.io>

During application shutdown our global static list of loggers may be torn down, and then some other part of Qt issues logging during its own destruction. For example, QThreadStorage will emit: QThreadStorage: entry 1 destroyed before end of thread 0x106432bd0 which would crash: frame #7: 0x000000010a8d97a8 QtCore`qt_assert_x(where="Type *QGlobalStatic<QtGlobalStatic::Holder<QTest::(anonymous namespace)::Q_QGS_loggers>>::operator->() [Holder = QtGlobalStatic::Holder<QTest::(anonymous namespace)::Q_QGS_loggers>]", what="The global static was used after being destroyed", file="/Users/torarne/dev/qt/qtbase/src/corelib/global/qglobalstatic.h", line=88) at qassert.cpp:126:14 frame #8: 0x0000000101016e5c QtTest`QGlobalStatic<QtGlobalStatic::Holder<QTest::(anonymous namespace)::Q_QGS_loggers>>::operator->(this=0x00000001010808c8) at qglobalstatic.h:87:9 frame #9: 0x0000000101018f78 QtTest`QTest::messageHandler(type=QtWarningMsg, context=0x000000016fdfb848, message=0x000000016fdfb790) at qtestlog.cpp:308:30 frame #10: 0x000000010a131018 QtCore`qt_message_print(msgType=QtWarningMsg, context=0x000000016fdfb848, message=0x000000016fdfb790) at qlogging.cpp:2133:9 frame #11: 0x000000010a12bc50 QtCore`qt_message(msgType=QtWarningMsg, context=0x000000016fdfb848, msg="QThreadStorage: entry %d destroyed before end of thread %p", ap="\U00000001") at qlogging.cpp:411:5 frame #12: 0x000000010a8d9904 QtCore`QMessageLogger::warning(this=0x000000016fdfba30, msg="QThreadStorage: entry %d destroyed before end of thread %p") const at qlogging.cpp:651:5 frame #13: 0x000000010a62b8b8 QtCore`QThreadStoragePrivate::finish(tls=0x00000008c6c102e8) at qthreadstorage.cpp:169:17 frame #14: 0x000000010a617aec QtCore`QThreadPrivate::finish()::$_0::operator()(this=0x000000016fdfbb20) const at qthread_unix.cpp:468:9 frame #15: 0x000000010a6159a4 QtCore`void (anonymous namespace)::terminate_on_exception<QThreadPrivate::finish()::$_0>(t=0x000000016fdfbb20) at qthread_unix.cpp:380:5 frame #16: 0x000000010a615960 QtCore`QThreadPrivate::finish(this=0x00000008c707c000) at qthread_unix.cpp:450:5 frame #17: 0x000000010a617190 QtCore`destroy_current_thread_data(data=0x00000008c6c10280) at qthread_unix.cpp:172:19 frame #18: 0x000000010a617330 QtCore`(anonymous namespace)::QThreadDataDestroyer::EarlyMainThread::~EarlyMainThread(this=0x000000010aa9e640) at qthread_unix.cpp:232:17 frame #19: 0x000000010a6172b4 QtCore`(anonymous namespace)::QThreadDataDestroyer::EarlyMainThread::~EarlyMainThread(this=0x000000010aa9e640) at qthread_unix.cpp:229:9 frame #20: 0x0000000181ac542c libsystem_c.dylib`__cxa_finalize_ranges + 480 frame #21: 0x0000000181ac51ec libsystem_c.dylib`exit + 44 Pick-to: 6.10 6.8 Change-Id: Ie85788e49a34aa75fe44b52fb488bd0e763b78f9 Reviewed-by: Tim Blechmann <tim.blechmann@qt.io> (cherry picked from commit 5c8cd2a) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>

During application shutdown our global static list of loggers may be torn down, and then some other part of Qt issues logging during its own destruction. For example, QThreadStorage will emit: QThreadStorage: entry 1 destroyed before end of thread 0x106432bd0 which would crash: frame #7: 0x000000010a8d97a8 QtCore`qt_assert_x(where="Type *QGlobalStatic<QtGlobalStatic::Holder<QTest::(anonymous namespace)::Q_QGS_loggers>>::operator->() [Holder = QtGlobalStatic::Holder<QTest::(anonymous namespace)::Q_QGS_loggers>]", what="The global static was used after being destroyed", file="/Users/torarne/dev/qt/qtbase/src/corelib/global/qglobalstatic.h", line=88) at qassert.cpp:126:14 frame #8: 0x0000000101016e5c QtTest`QGlobalStatic<QtGlobalStatic::Holder<QTest::(anonymous namespace)::Q_QGS_loggers>>::operator->(this=0x00000001010808c8) at qglobalstatic.h:87:9 frame #9: 0x0000000101018f78 QtTest`QTest::messageHandler(type=QtWarningMsg, context=0x000000016fdfb848, message=0x000000016fdfb790) at qtestlog.cpp:308:30 frame #10: 0x000000010a131018 QtCore`qt_message_print(msgType=QtWarningMsg, context=0x000000016fdfb848, message=0x000000016fdfb790) at qlogging.cpp:2133:9 frame #11: 0x000000010a12bc50 QtCore`qt_message(msgType=QtWarningMsg, context=0x000000016fdfb848, msg="QThreadStorage: entry %d destroyed before end of thread %p", ap="\U00000001") at qlogging.cpp:411:5 frame #12: 0x000000010a8d9904 QtCore`QMessageLogger::warning(this=0x000000016fdfba30, msg="QThreadStorage: entry %d destroyed before end of thread %p") const at qlogging.cpp:651:5 frame #13: 0x000000010a62b8b8 QtCore`QThreadStoragePrivate::finish(tls=0x00000008c6c102e8) at qthreadstorage.cpp:169:17 frame #14: 0x000000010a617aec QtCore`QThreadPrivate::finish()::$_0::operator()(this=0x000000016fdfbb20) const at qthread_unix.cpp:468:9 frame #15: 0x000000010a6159a4 QtCore`void (anonymous namespace)::terminate_on_exception<QThreadPrivate::finish()::$_0>(t=0x000000016fdfbb20) at qthread_unix.cpp:380:5 frame #16: 0x000000010a615960 QtCore`QThreadPrivate::finish(this=0x00000008c707c000) at qthread_unix.cpp:450:5 frame #17: 0x000000010a617190 QtCore`destroy_current_thread_data(data=0x00000008c6c10280) at qthread_unix.cpp:172:19 frame #18: 0x000000010a617330 QtCore`(anonymous namespace)::QThreadDataDestroyer::EarlyMainThread::~EarlyMainThread(this=0x000000010aa9e640) at qthread_unix.cpp:232:17 frame #19: 0x000000010a6172b4 QtCore`(anonymous namespace)::QThreadDataDestroyer::EarlyMainThread::~EarlyMainThread(this=0x000000010aa9e640) at qthread_unix.cpp:229:9 frame #20: 0x0000000181ac542c libsystem_c.dylib`__cxa_finalize_ranges + 480 frame #21: 0x0000000181ac51ec libsystem_c.dylib`exit + 44 Pick-to: 6.8 Change-Id: Ie85788e49a34aa75fe44b52fb488bd0e763b78f9 Reviewed-by: Tim Blechmann <tim.blechmann@qt.io> (cherry picked from commit 5c8cd2a) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> (cherry picked from commit b33274a)

In the scenario described in the linked bug-report we are in an environment where a host is configured to 'REJECT' our connection. Specifically, the local nftables is configured to reject connections to a given IP. Because we are REJECTed and not DROPped it is generating an ICMP "port unreachable" message. We are getting this message on the event dispatcher, though our event code doesn't propagate the activation reason: (gdb) p *(GPollFD*)0x7fffec0017a0 $5 = {fd = 5, events = 28, revents = 28} 28 = 0x1c = POLLOUT | POLLERR | POLLHUP We simply propagate that there was an event activating the socket, and the socket notifier calls the nativeConnect again by way of this chain: \#5 QNativeSocketEnginePrivate::nativeConnect \#6 QNativeSocketEngine::connectToHost \#7 QNativeSocketEngine::connectionNotification \#8 QWriteNotifier::event \#9 QCoreApplicationPrivate::notify_helper \#10 QCoreApplication::notifyInternal2 \#11 QCoreApplication::sendEvent \#12 socketNotifierSourceDispatch \#13 g_main_dispatch For some reason, this triggers it to send us the same event again. And so the loop repeats, consuming excessive CPU time. Eventually the connect() call returns with an error, ECONNREFUSED, ending the loop. By not immediately calling connect() but instead using getsockopt with SO_ERROR and then, if that doesn't return any error, we can then call connect() to see if we have established connection. If SO_ERROR, however, did return any error, we skip the connect() call and handle the error as we would if it came from connect() itself, avoiding the cycle and CPU usage. Fixes: QTBUG-141419 Pick-to: 6.11 Change-Id: I8fcfd55e360a0f837ff8ae90784659d6299021f3 Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>

In the scenario described in the linked bug-report we are in an environment where a host is configured to 'REJECT' our connection. Specifically, the local nftables is configured to reject connections to a given IP. Because we are REJECTed and not DROPped it is generating an ICMP "port unreachable" message. We are getting this message on the event dispatcher, though our event code doesn't propagate the activation reason: (gdb) p *(GPollFD*)0x7fffec0017a0 $5 = {fd = 5, events = 28, revents = 28} 28 = 0x1c = POLLOUT | POLLERR | POLLHUP We simply propagate that there was an event activating the socket, and the socket notifier calls the nativeConnect again by way of this chain: \#5 QNativeSocketEnginePrivate::nativeConnect \#6 QNativeSocketEngine::connectToHost \#7 QNativeSocketEngine::connectionNotification \#8 QWriteNotifier::event \#9 QCoreApplicationPrivate::notify_helper \#10 QCoreApplication::notifyInternal2 \#11 QCoreApplication::sendEvent \#12 socketNotifierSourceDispatch \#13 g_main_dispatch For some reason, this triggers it to send us the same event again. And so the loop repeats, consuming excessive CPU time. Eventually the connect() call returns with an error, ECONNREFUSED, ending the loop. By not immediately calling connect() but instead using getsockopt with SO_ERROR and then, if that doesn't return any error, we can then call connect() to see if we have established connection. If SO_ERROR, however, did return any error, we skip the connect() call and handle the error as we would if it came from connect() itself, avoiding the cycle and CPU usage. Fixes: QTBUG-141419 Change-Id: I8fcfd55e360a0f837ff8ae90784659d6299021f3 Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> (cherry picked from commit 9d27af9) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>

tomotaco closed this May 18, 2016

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Applying widget toolTipDuration to items#12

Applying widget toolTipDuration to items#12
tomotaco wants to merge 1 commit intoqt:devfrom
tomotaco:patch-1

tomotaco commented May 18, 2016

Uh oh!

tomotaco commented May 18, 2016

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

1 participant

Conversation

tomotaco commented May 18, 2016

Uh oh!

tomotaco commented May 18, 2016

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

1 participant