Closed
Conversation
Contributor
Author
|
You should consider https://nopullrequests.appspot.com/. |
AlienCowEatCake
pushed a commit
to AlienCowEatCake/qtbase
that referenced
this pull request
Oct 22, 2016
…ventFilter()
Found by UBSan:
tst_qwidget.cpp:10207:29: runtime error: member access within address 0x6060000e8880 which does not point to an object of type 'EnterTestModalDialog'
0x6060000e8880: note: object is of type 'QWidget'
eb 00 80 45 10 4b 32 ab 11 2b 00 00 80 df 08 00 60 61 00 00 c0 4c 32 ab 11 2b 00 00 00 00 be be
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'QWidget'
#0 0x6ca13f in EnterTestMainDialog::eventFilter(QObject*, QEvent*) tst_qwidget.cpp:10207
qt#1 0x2b11b8bc90c3 in QCoreApplicationPrivate::sendThroughApplicationEventFilters(QObject*, QEvent*) qcoreapplication.cpp:1081
qt#2 0x2b11a3c49b4a in QApplicationPrivate::notify_helper(QObject*, QEvent*) qapplication.cpp:3716
qt#3 0x2b11a3c8ec72 in QApplication::notify(QObject*, QEvent*) qapplication.cpp:3704
qt#4 0x2b11b8bccd0f in QCoreApplication::notifyInternal2(QObject*, QEvent*) qcoreapplication.cpp:988
qt#5 0x2b11aea5c34d in QCoreApplication::sendEvent(QObject*, QEvent*) qcoreapplication.h:231
qt#6 0x2b11aea5c34d in QGuiApplicationPrivate::_q_updateFocusObject(QObject*) qguiapplication.cpp:3690
qt#7 0x2b11aea61360 in QGuiApplication::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) .moc/moc_qguiapplication.cpp:177
qt#8 0x2b11b8d1dc86 in QMetaObject::activate(QObject*, int, int, void**) qobject.cpp:3787
qt#9 0x2b11aea784a3 in QWindow::focusObjectChanged(QObject*) .moc/moc_qwindow.cpp:760
qt#10 0x2b11a3fb24f2 in QWidget::clearFocus() qwidget.cpp:6705
qt#11 0x2b11a3fc87b1 in QWidget::~QWidget() qwidget.cpp:1608
qt#12 0x2b11a526688c in QDialog::~QDialog() qdialog.cpp:352
qt#13 0x6c43e2 in EnterTestModalDialog::~EnterTestModalDialog() tst_qwidget.cpp:10160
qt#14 0x6c43e2 in EnterTestModalDialog::~EnterTestModalDialog() tst_qwidget.cpp:10160
qt#15 0x492be3 in EnterTestMainDialog::buttonPressed() tst_qwidget.cpp:10188
qt#16 0x492be3 in EnterTestMainDialog::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) .moc/tst_qwidget.moc:2056
qt#17 0x2b11b8d1dc86 in QMetaObject::activate(QObject*, int, int, void**) qobject.cpp:3787
qt#18 0x2b11a45cb833 in QAbstractButton::clicked(bool) .moc/moc_qabstractbutton.cpp:307
qt#19 0x2b11a45cd54b in QAbstractButtonPrivate::emitClicked() qabstractbutton.cpp:411
qt#20 0x2b11a45df73a in QAbstractButtonPrivate::click() qabstractbutton.cpp:404
[...]
qt#41 0x6bb2cf in tst_QWidget::taskQTBUG_27643_enterEvents() tst_qwidget.cpp:10249
[...]
Fix by checking the event type first, and accessing
modal->button only if it's QEvent::Enter.
Change-Id: I2c7df3a1f43ecbfe14741b5861729078a91a32d6
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Oct 5, 2018
image/qppmhandler.cpp:77:25: runtime error: signed integer overflow: 10 * 300000000 cannot be represented in type 'int'
#0 0x4cecb5 in read_pbm_int(QIODevice*) /src/qt/qtbase/src/gui/image/qppmhandler.cpp:77:25
#1 0x4cb1ac in read_pbm_body(QIODevice*, char, int, int, int, QImage*) /src/qt/qtbase/src/gui/image/qppmhandler.cpp:271:29
#2 0x4ca3d8 in QPpmHandler::read(QImage*) /src/qt/qtbase/src/gui/image/qppmhandler.cpp:509:10
#3 0x4b238d in QImageReader::read(QImage*) /src/qt/qtbase/src/gui/image/qimagereader.cpp:1253:22
#4 0x4b1b61 in QImageReader::read() /src/qt/qtbase/src/gui/image/qimagereader.cpp:1201:12
#5 0x486f66 in QImage::fromData(unsigned char const*, int, char const*) /src/qt/qtbase/src/gui/image/qimage.cpp:3624:37
#6 0x486cd8 in QImage::loadFromData(unsigned char const*, int, char const*) /src/qt/qtbase/src/gui/image/qimage.cpp:3590:13
#7 0x434b2e in LLVMFuzzerTestOneInput /src/qimage_fuzzer.cc:28:7
#8 0x44b167 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:570:15
#9 0x44a535 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:479:3
#10 0x44c428 in fuzzer::Fuzzer::MutateAndTestOne() /src/libfuzzer/FuzzerLoop.cpp:707:19
#11 0x44d1b5 in fuzzer::Fuzzer::Loop(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:838:5
#12 0x440a29 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:764:6
#13 0x434bf8 in main /src/libfuzzer/FuzzerMain.cpp:20:10
#14 0x7fba939a082f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#15 0x409bb8 in _start (/out/qimage_fuzzer+0x409bb8)
Change-Id: I9ad78afc4ea9c5c8b7530aa17013abe91202e84b
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Oct 5, 2018
image/qppmhandler.cpp:260:53: runtime error: signed integer overflow: 44444444 * 255 cannot be represented in type 'int'
#0 0x4cbc8a in read_pbm_body(QIODevice*, char, int, int, int, QImage*) /src/qt/qtbase/src/gui/image/qppmhandler.cpp:260:53
#1 0x4ca3d8 in QPpmHandler::read(QImage*) /src/qt/qtbase/src/gui/image/qppmhandler.cpp:514:10
#2 0x4b238d in QImageReader::read(QImage*) /src/qt/qtbase/src/gui/image/qimagereader.cpp:1253:22
#3 0x4b1b61 in QImageReader::read() /src/qt/qtbase/src/gui/image/qimagereader.cpp:1201:12
#4 0x486f66 in QImage::fromData(unsigned char const*, int, char const*) /src/qt/qtbase/src/gui/image/qimage.cpp:3624:37
#5 0x486cd8 in QImage::loadFromData(unsigned char const*, int, char const*) /src/qt/qtbase/src/gui/image/qimage.cpp:3590:13
#6 0x434b2e in LLVMFuzzerTestOneInput /src/qimage_fuzzer.cc:28:7
#7 0x44b167 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:570:15
#8 0x44a535 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:479:3
#9 0x44c428 in fuzzer::Fuzzer::MutateAndTestOne() /src/libfuzzer/FuzzerLoop.cpp:707:19
#10 0x44d1b5 in fuzzer::Fuzzer::Loop(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:838:5
#11 0x440a29 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:764:6
#12 0x434bf8 in main /src/libfuzzer/FuzzerMain.cpp:20:10
#13 0x7fe01697282f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#14 0x409bb8 in _start (/out/qimage_fuzzer+0x409bb8)
Change-Id: Ibc5df6db52639f12319910b927f6443d927206d8
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Sep 17, 2021
We can't guarantee that the library didn't define Objective-C classes that still have lingering references, resulting in warnings such as: Attempt to use unknown class 0x10e52e110. And possibly crashes such as: thread #1, queue = 'com.apple.main-thread' frame #0: 0x00007fff203829ee libsystem_kernel.dylib`__ulock_wait + 10 frame #1: 0x00007fff203fa0c5 libsystem_platform.dylib`_os_unfair_lock_lock_slow + 162 frame #2: 0x00007fff2026226b libobjc.A.dylib`unmap_image + 85 frame #3: 0x000000010001e11f dyld`dyld::removeImage(ImageLoader*) + 557 frame #4: 0x000000010002291d dyld`dyld::garbageCollectImages() + 956 frame #5: 0x000000010002e35d dyld`dlclose + 191 frame #6: 0x00007fff203cf1c9 libdyld.dylib`dlclose + 183 frame #7: 0x0000000103f9f2f1 libQt6Core_debug.6.dylib`QLibraryPrivate::unload_sys(this=0x000000011ba2c7d0) at qlibrary_unix.cpp:294:9 frame #8: 0x0000000103f93f3f libQt6Core_debug.6.dylib`QLibraryPrivate::unload(this=0x000000011ba2c7d0, flag=UnloadSys) at qlibrary.cpp:614:36 frame #9: 0x0000000103f971fb libQt6Core_debug.6.dylib`QLibraryStore::cleanup() at qlibrary.cpp:425:22 frame #10: 0x0000000103f970f9 libQt6Core_debug.6.dylib`qlibraryCleanup() at qlibrary.cpp:447:5 frame #11: 0x0000000103f970d1 libQt6Core_debug.6.dylib`(anonymous namespace)::qlibraryCleanup_dtor_class_::~qlibraryCleanup_dtor_class_(this=0x00000001041edd38) at qlibrary.cpp:449:1 frame #12: 0x0000000103f930f5 libQt6Core_debug.6.dylib`(anonymous namespace)::qlibraryCleanup_dtor_class_::~qlibraryCleanup_dtor_class_(this=0x00000001041edd38) at qlibrary.cpp:449:1 frame #13: 0x00007fff202e5d25 libsystem_c.dylib`__cxa_finalize_ranges + 316 frame #14: 0x00007fff202e6010 libsystem_c.dylib`exit + 53 frame #15: 0x00007fff203d1f44 libdyld.dylib`start + 8 frame #16: 0x00007fff203d1f3d libdyld.dylib`start + 1 thread #5, queue = 'com.apple.root.user-interactive-qos', stop reason = signal SIGABRT frame #0: 0x00007fff203a356e libsystem_kernel.dylib`__abort_with_payload + 10 frame #1: 0x00007fff203a4fbd libsystem_kernel.dylib`abort_with_payload_wrapper_internal + 80 frame #2: 0x00007fff203a4f6d libsystem_kernel.dylib`abort_with_reason + 19 frame #3: 0x00007fff202749e3 libobjc.A.dylib`_objc_fatalv(unsigned long long, unsigned long long, char const*, __va_list_tag*) + 114 frame #4: 0x00007fff20274971 libobjc.A.dylib`_objc_fatal(char const*, ...) + 135 frame #5: 0x00007fff20255ccb libobjc.A.dylib`lookUpImpOrForward + 881 frame #6: 0x00007fff2025539b libobjc.A.dylib`_objc_msgSend_uncached + 75 frame #7: 0x00007fff22f368d6 AppKit`-[_NSWindowTransformAnimation setCurrentProgress:] + 42 frame #8: 0x00007fff22f37a8a AppKit`__55-[NSAnimation(NSInternal) _advanceTimeWithDisplayLink:]_block_invoke + 31 frame #9: 0x00007fff22d0774f AppKit`NSPerformVisuallyAtomicChange + 132 frame #10: 0x00007fff22f379dc AppKit`-[NSAnimation(NSInternal) _advanceTimeWithDisplayLink:] + 172 frame #11: 0x00007fff22e9a184 AppKit`-[NSScreenDisplayLink _fire] + 180 frame #12: 0x00007fff2362f0b4 AppKit`___NSRunLoopTimerCreateWithHandler_block_invoke + 34 frame #13: 0x00007fff204c6be9 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20 frame #14: 0x00007fff204c66dd CoreFoundation`__CFRunLoopDoTimer + 927 frame #15: 0x00007fff204c623a CoreFoundation`__CFRunLoopDoTimers + 307 frame #16: 0x00007fff204ace13 CoreFoundation`__CFRunLoopRun + 1988 frame #17: 0x00007fff204abf8c CoreFoundation`CFRunLoopRunSpecific + 563 frame #18: 0x00007fff2123d607 Foundation`-[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212 frame #19: 0x00007fff22f378f0 AppKit`-[NSAnimation(NSInternal) _runBlocking] + 453 frame #20: 0x00007fff22f376ae AppKit`__42-[NSAnimation(NSInternal) _runInNewThread]_block_invoke + 97 frame #21: 0x0000000104edb032 libdispatch.dylib`_dispatch_call_block_and_release + 12 frame #22: 0x0000000104edc264 libdispatch.dylib`_dispatch_client_callout + 8 frame #23: 0x0000000104ef04ac libdispatch.dylib`_dispatch_root_queue_drain + 828 frame #24: 0x0000000104ef0d3f libdispatch.dylib`_dispatch_worker_thread2 + 127 frame #25: 0x0000000104f7eac7 libsystem_pthread.dylib`_pthread_wqthread + 244 frame #26: 0x0000000104f7dae3 libsystem_pthread.dylib`start_wqthread + 15 This has been e.g. observed when a QNSWindow isn't closed and released at application quit as expected. Although that is a corner case that shouldn't happen, the general case is still valid. Fixes: QTBUG-96208 Pick-to: 6.2 5.15 Change-Id: I6c9d220e6f5389707baf7ae983f3156e8e51c316 Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io> Reviewed-by: Morten Johan Sørvig <morten.sorvig@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Sep 17, 2021
We can't guarantee that the library didn't define Objective-C classes that still have lingering references, resulting in warnings such as: Attempt to use unknown class 0x10e52e110. And possibly crashes such as: thread #1, queue = 'com.apple.main-thread' frame #0: 0x00007fff203829ee libsystem_kernel.dylib`__ulock_wait + 10 frame #1: 0x00007fff203fa0c5 libsystem_platform.dylib`_os_unfair_lock_lock_slow + 162 frame #2: 0x00007fff2026226b libobjc.A.dylib`unmap_image + 85 frame #3: 0x000000010001e11f dyld`dyld::removeImage(ImageLoader*) + 557 frame #4: 0x000000010002291d dyld`dyld::garbageCollectImages() + 956 frame #5: 0x000000010002e35d dyld`dlclose + 191 frame #6: 0x00007fff203cf1c9 libdyld.dylib`dlclose + 183 frame #7: 0x0000000103f9f2f1 libQt6Core_debug.6.dylib`QLibraryPrivate::unload_sys(this=0x000000011ba2c7d0) at qlibrary_unix.cpp:294:9 frame #8: 0x0000000103f93f3f libQt6Core_debug.6.dylib`QLibraryPrivate::unload(this=0x000000011ba2c7d0, flag=UnloadSys) at qlibrary.cpp:614:36 frame #9: 0x0000000103f971fb libQt6Core_debug.6.dylib`QLibraryStore::cleanup() at qlibrary.cpp:425:22 frame #10: 0x0000000103f970f9 libQt6Core_debug.6.dylib`qlibraryCleanup() at qlibrary.cpp:447:5 frame #11: 0x0000000103f970d1 libQt6Core_debug.6.dylib`(anonymous namespace)::qlibraryCleanup_dtor_class_::~qlibraryCleanup_dtor_class_(this=0x00000001041edd38) at qlibrary.cpp:449:1 frame #12: 0x0000000103f930f5 libQt6Core_debug.6.dylib`(anonymous namespace)::qlibraryCleanup_dtor_class_::~qlibraryCleanup_dtor_class_(this=0x00000001041edd38) at qlibrary.cpp:449:1 frame #13: 0x00007fff202e5d25 libsystem_c.dylib`__cxa_finalize_ranges + 316 frame #14: 0x00007fff202e6010 libsystem_c.dylib`exit + 53 frame #15: 0x00007fff203d1f44 libdyld.dylib`start + 8 frame #16: 0x00007fff203d1f3d libdyld.dylib`start + 1 thread #5, queue = 'com.apple.root.user-interactive-qos', stop reason = signal SIGABRT frame #0: 0x00007fff203a356e libsystem_kernel.dylib`__abort_with_payload + 10 frame #1: 0x00007fff203a4fbd libsystem_kernel.dylib`abort_with_payload_wrapper_internal + 80 frame #2: 0x00007fff203a4f6d libsystem_kernel.dylib`abort_with_reason + 19 frame #3: 0x00007fff202749e3 libobjc.A.dylib`_objc_fatalv(unsigned long long, unsigned long long, char const*, __va_list_tag*) + 114 frame #4: 0x00007fff20274971 libobjc.A.dylib`_objc_fatal(char const*, ...) + 135 frame #5: 0x00007fff20255ccb libobjc.A.dylib`lookUpImpOrForward + 881 frame #6: 0x00007fff2025539b libobjc.A.dylib`_objc_msgSend_uncached + 75 frame #7: 0x00007fff22f368d6 AppKit`-[_NSWindowTransformAnimation setCurrentProgress:] + 42 frame #8: 0x00007fff22f37a8a AppKit`__55-[NSAnimation(NSInternal) _advanceTimeWithDisplayLink:]_block_invoke + 31 frame #9: 0x00007fff22d0774f AppKit`NSPerformVisuallyAtomicChange + 132 frame #10: 0x00007fff22f379dc AppKit`-[NSAnimation(NSInternal) _advanceTimeWithDisplayLink:] + 172 frame #11: 0x00007fff22e9a184 AppKit`-[NSScreenDisplayLink _fire] + 180 frame #12: 0x00007fff2362f0b4 AppKit`___NSRunLoopTimerCreateWithHandler_block_invoke + 34 frame #13: 0x00007fff204c6be9 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20 frame #14: 0x00007fff204c66dd CoreFoundation`__CFRunLoopDoTimer + 927 frame #15: 0x00007fff204c623a CoreFoundation`__CFRunLoopDoTimers + 307 frame #16: 0x00007fff204ace13 CoreFoundation`__CFRunLoopRun + 1988 frame #17: 0x00007fff204abf8c CoreFoundation`CFRunLoopRunSpecific + 563 frame #18: 0x00007fff2123d607 Foundation`-[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212 frame #19: 0x00007fff22f378f0 AppKit`-[NSAnimation(NSInternal) _runBlocking] + 453 frame #20: 0x00007fff22f376ae AppKit`__42-[NSAnimation(NSInternal) _runInNewThread]_block_invoke + 97 frame #21: 0x0000000104edb032 libdispatch.dylib`_dispatch_call_block_and_release + 12 frame #22: 0x0000000104edc264 libdispatch.dylib`_dispatch_client_callout + 8 frame #23: 0x0000000104ef04ac libdispatch.dylib`_dispatch_root_queue_drain + 828 frame #24: 0x0000000104ef0d3f libdispatch.dylib`_dispatch_worker_thread2 + 127 frame #25: 0x0000000104f7eac7 libsystem_pthread.dylib`_pthread_wqthread + 244 frame #26: 0x0000000104f7dae3 libsystem_pthread.dylib`start_wqthread + 15 This has been e.g. observed when a QNSWindow isn't closed and released at application quit as expected. Although that is a corner case that shouldn't happen, the general case is still valid. Fixes: QTBUG-96208 Change-Id: I6c9d220e6f5389707baf7ae983f3156e8e51c316 Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io> Reviewed-by: Morten Johan Sørvig <morten.sorvig@qt.io> (cherry picked from commit b6200de) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
qtprojectorg
pushed a commit
that referenced
this pull request
May 24, 2022
Adjust implementation of rule LB8a of UAX #14. The rule was changed in version 41 (corresponding to Unicode 11.0.0): ZWJ × (ID | EB | EM) ⇒ ZWJ × Fixing this rule fixes 9 line break tests. Those are re-enabled. Task-number: QTBUG-97537 Pick-to: 6.2 6.3 Change-Id: I1570719590a46ae28c98ed7d5053e72b12915db7 Reviewed-by: Øystein Heskestad <oystein.heskestad@qt.io> Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
May 24, 2022
This rule was simplified in version UTS #14 version 45 (Unicode 13.0.0) to read: × IN Re-enabled 28 fixed line break tests. Task-number: QTBUG-97537 Pick-to: 6.2 6.3 Change-Id: I1c5565a8c1633428c22379917215d4e424ff0055 Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
May 24, 2022
Implement part of LB30b introduced by UAX #14, revision 47 (Unicode 14.0.0): [\p{Extended_Pictographic}&\p{Cn}] × EM This fixes one line breaking test. Task-number: QTBUG-97537 Pick-to: 6.3 Change-Id: I3fd2372a057b7391d8846e9c146f69a54686ea61 Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
May 24, 2022
This property is needed to properly implement the line breaking algorithm from UAX #14. Task-number: QTBUG-97537 Pick-to: 6.3 Change-Id: Ia83cc553c9ef19fae33560721630849d2a95af84 Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
May 24, 2022
UAX #14, revision 45 (Unicode 13) has changed rule LB30 to only trigger if the open parentheses is non-wide: (AL | HL | NU) × [OP-[\p{ea=F}\p{ea=W}\p{ea=H}]] This fixes the remaining 24 line break tests. Task-number: QTBUG-97537 Pick-to: 6.3 Change-Id: I9870588c04bf0f6ae0a98289739bef8490f67f69 Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
May 26, 2022
Adjust implementation of rule LB8a of UAX #14. The rule was changed in version 41 (corresponding to Unicode 11.0.0): ZWJ × (ID | EB | EM) ⇒ ZWJ × Fixing this rule fixes 9 line break tests. Those are re-enabled. Task-number: QTBUG-97537 Change-Id: I1570719590a46ae28c98ed7d5053e72b12915db7 Reviewed-by: Øystein Heskestad <oystein.heskestad@qt.io> Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> (cherry picked from commit 92d340e) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
qtprojectorg
pushed a commit
that referenced
this pull request
May 26, 2022
This rule was simplified in version UTS #14 version 45 (Unicode 13.0.0) to read: × IN Re-enabled 28 fixed line break tests. Task-number: QTBUG-97537 Change-Id: I1c5565a8c1633428c22379917215d4e424ff0055 Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> (cherry picked from commit 9a831bd) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
qtprojectorg
pushed a commit
that referenced
this pull request
May 26, 2022
Implement part of LB30b introduced by UAX #14, revision 47 (Unicode 14.0.0): [\p{Extended_Pictographic}&\p{Cn}] × EM This fixes one line breaking test. Task-number: QTBUG-97537 Change-Id: I3fd2372a057b7391d8846e9c146f69a54686ea61 Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> (cherry picked from commit 40b4ad1) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
qtprojectorg
pushed a commit
that referenced
this pull request
May 26, 2022
UAX #14, revision 45 (Unicode 13) has changed rule LB30 to only trigger if the open parentheses is non-wide: (AL | HL | NU) × [OP-[\p{ea=F}\p{ea=W}\p{ea=H}]] This fixes the remaining 24 line break tests. Task-number: QTBUG-97537 Change-Id: I9870588c04bf0f6ae0a98289739bef8490f67f69 Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> (cherry picked from commit 4d4d8da)
qtprojectorg
pushed a commit
that referenced
this pull request
Oct 27, 2022
We can't guarantee that the library didn't define Objective-C classes that still have lingering references, resulting in warnings such as: Attempt to use unknown class 0x10e52e110. And possibly crashes such as: thread #1, queue = 'com.apple.main-thread' frame #0: 0x00007fff203829ee libsystem_kernel.dylib`__ulock_wait + 10 frame #1: 0x00007fff203fa0c5 libsystem_platform.dylib`_os_unfair_lock_lock_slow + 162 frame #2: 0x00007fff2026226b libobjc.A.dylib`unmap_image + 85 frame #3: 0x000000010001e11f dyld`dyld::removeImage(ImageLoader*) + 557 frame #4: 0x000000010002291d dyld`dyld::garbageCollectImages() + 956 frame #5: 0x000000010002e35d dyld`dlclose + 191 frame #6: 0x00007fff203cf1c9 libdyld.dylib`dlclose + 183 frame #7: 0x0000000103f9f2f1 libQt6Core_debug.6.dylib`QLibraryPrivate::unload_sys(this=0x000000011ba2c7d0) at qlibrary_unix.cpp:294:9 frame #8: 0x0000000103f93f3f libQt6Core_debug.6.dylib`QLibraryPrivate::unload(this=0x000000011ba2c7d0, flag=UnloadSys) at qlibrary.cpp:614:36 frame #9: 0x0000000103f971fb libQt6Core_debug.6.dylib`QLibraryStore::cleanup() at qlibrary.cpp:425:22 frame #10: 0x0000000103f970f9 libQt6Core_debug.6.dylib`qlibraryCleanup() at qlibrary.cpp:447:5 frame #11: 0x0000000103f970d1 libQt6Core_debug.6.dylib`(anonymous namespace)::qlibraryCleanup_dtor_class_::~qlibraryCleanup_dtor_class_(this=0x00000001041edd38) at qlibrary.cpp:449:1 frame #12: 0x0000000103f930f5 libQt6Core_debug.6.dylib`(anonymous namespace)::qlibraryCleanup_dtor_class_::~qlibraryCleanup_dtor_class_(this=0x00000001041edd38) at qlibrary.cpp:449:1 frame #13: 0x00007fff202e5d25 libsystem_c.dylib`__cxa_finalize_ranges + 316 frame #14: 0x00007fff202e6010 libsystem_c.dylib`exit + 53 frame #15: 0x00007fff203d1f44 libdyld.dylib`start + 8 frame #16: 0x00007fff203d1f3d libdyld.dylib`start + 1 thread #5, queue = 'com.apple.root.user-interactive-qos', stop reason = signal SIGABRT frame #0: 0x00007fff203a356e libsystem_kernel.dylib`__abort_with_payload + 10 frame #1: 0x00007fff203a4fbd libsystem_kernel.dylib`abort_with_payload_wrapper_internal + 80 frame #2: 0x00007fff203a4f6d libsystem_kernel.dylib`abort_with_reason + 19 frame #3: 0x00007fff202749e3 libobjc.A.dylib`_objc_fatalv(unsigned long long, unsigned long long, char const*, __va_list_tag*) + 114 frame #4: 0x00007fff20274971 libobjc.A.dylib`_objc_fatal(char const*, ...) + 135 frame #5: 0x00007fff20255ccb libobjc.A.dylib`lookUpImpOrForward + 881 frame #6: 0x00007fff2025539b libobjc.A.dylib`_objc_msgSend_uncached + 75 frame #7: 0x00007fff22f368d6 AppKit`-[_NSWindowTransformAnimation setCurrentProgress:] + 42 frame #8: 0x00007fff22f37a8a AppKit`__55-[NSAnimation(NSInternal) _advanceTimeWithDisplayLink:]_block_invoke + 31 frame #9: 0x00007fff22d0774f AppKit`NSPerformVisuallyAtomicChange + 132 frame #10: 0x00007fff22f379dc AppKit`-[NSAnimation(NSInternal) _advanceTimeWithDisplayLink:] + 172 frame #11: 0x00007fff22e9a184 AppKit`-[NSScreenDisplayLink _fire] + 180 frame #12: 0x00007fff2362f0b4 AppKit`___NSRunLoopTimerCreateWithHandler_block_invoke + 34 frame #13: 0x00007fff204c6be9 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20 frame #14: 0x00007fff204c66dd CoreFoundation`__CFRunLoopDoTimer + 927 frame #15: 0x00007fff204c623a CoreFoundation`__CFRunLoopDoTimers + 307 frame #16: 0x00007fff204ace13 CoreFoundation`__CFRunLoopRun + 1988 frame #17: 0x00007fff204abf8c CoreFoundation`CFRunLoopRunSpecific + 563 frame #18: 0x00007fff2123d607 Foundation`-[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212 frame #19: 0x00007fff22f378f0 AppKit`-[NSAnimation(NSInternal) _runBlocking] + 453 frame #20: 0x00007fff22f376ae AppKit`__42-[NSAnimation(NSInternal) _runInNewThread]_block_invoke + 97 frame #21: 0x0000000104edb032 libdispatch.dylib`_dispatch_call_block_and_release + 12 frame #22: 0x0000000104edc264 libdispatch.dylib`_dispatch_client_callout + 8 frame #23: 0x0000000104ef04ac libdispatch.dylib`_dispatch_root_queue_drain + 828 frame #24: 0x0000000104ef0d3f libdispatch.dylib`_dispatch_worker_thread2 + 127 frame #25: 0x0000000104f7eac7 libsystem_pthread.dylib`_pthread_wqthread + 244 frame #26: 0x0000000104f7dae3 libsystem_pthread.dylib`start_wqthread + 15 This has been e.g. observed when a QNSWindow isn't closed and released at application quit as expected. Although that is a corner case that shouldn't happen, the general case is still valid. Fixes: QTBUG-96208 Change-Id: I6c9d220e6f5389707baf7ae983f3156e8e51c316 Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io> Reviewed-by: Morten Johan Sørvig <morten.sorvig@qt.io> (cherry picked from commit b6200de) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
qtprojectorg
pushed a commit
that referenced
this pull request
Jul 14, 2023
Adjust implementation of rule LB8a of UAX #14. The rule was changed in version 41 (corresponding to Unicode 11.0.0): ZWJ × (ID | EB | EM) ⇒ ZWJ × Fixing this rule fixes 9 line break tests. Those are re-enabled. Task-number: QTBUG-97537 Change-Id: I1570719590a46ae28c98ed7d5053e72b12915db7 Reviewed-by: Øystein Heskestad <oystein.heskestad@qt.io> Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> (cherry picked from commit 92d340e) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
qtprojectorg
pushed a commit
that referenced
this pull request
Jul 14, 2023
This rule was simplified in version UTS #14 version 45 (Unicode 13.0.0) to read: × IN Re-enabled 28 fixed line break tests. Task-number: QTBUG-97537 Change-Id: I1c5565a8c1633428c22379917215d4e424ff0055 Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> (cherry picked from commit 9a831bd) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
qtprojectorg
pushed a commit
that referenced
this pull request
Jul 14, 2023
UAX #14, revision 45 (Unicode 13) has changed rule LB30 to only trigger if the open parentheses is non-wide: (AL | HL | NU) × [OP-[\p{ea=F}\p{ea=W}\p{ea=H}]] This fixes the remaining 24 line break tests. Task-number: QTBUG-97537 Change-Id: I9870588c04bf0f6ae0a98289739bef8490f67f69 Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> (cherry picked from commit 4d4d8da)
qtprojectorg
pushed a commit
that referenced
this pull request
Feb 8, 2024
The new rules were added in Unicode 15.1 (TR #14, revision 51). The rules read: LB15a: (sot | BK | CR | LF | NL | OP | QU | GL | SP | ZW) [\p{Pi}&QU] SP* × LB15b: × [\p{Pf}&QU] (SP | GL | WJ | CL | QU | CP | EX | IS | SY | BK | CR | LF | NL | ZW | eot) Add two new line breaking classes LineBreak_QU_Pi and _QU_Pf to represent quotation characters with context that matches left side of LB15a and right side of LB15b respectively. This way it is still possible to use the line breaking classes table. Also add a coment about the original source of the line break table. Task-number: QTBUG-121529 Change-Id: Ib35f400e39e76819cd1c3299691f7b040ea37178 Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Feb 14, 2025
Similar to commit 12d4bf1, which was for QLocale. Like it, QResource can be used very late in the execution, like for example the logging system. For example (simplified): #9 0x00007ffff759d497 in resourceMutex () at /io/qresource.cpp:188 #10 0x00007ffff759d615 in QResourcePrivate::load (this=0x41c940, file=...) at /io/qresource.cpp:333 #11 0x00007ffff759dc19 in QResourcePrivate::ensureInitialized (this=0x41c940) at /io/qresource.cpp:386 #14 0x00007ffff75011a9 in QLibrarySettings::load() at /global/qlibraryinfo.cpp:80 #22 0x00007ffff7501756 in havePaths () at /global/qlibraryinfo.cpp:149 #23 0x00007ffff75028e3 in QLibraryInfoPrivate::paths (p=QLibraryInfo::DataPath, usageMode=QLibraryInfoPrivate::RegularUsage) at /global/qlibraryinfo.cpp:613 #26 0x00007ffff758e4f0 in QLoggingRegistry::initializeRules () at /io/qloggingregistry.cpp:309 #34 0x00007ffff758f007 in QLoggingRegistry::instance () at io/qloggingregistry.cpp:424 #35 0x00007ffff758c50b in QLoggingCategory::init () at io/qloggingcategory.cpp:188 #43 0x00007ffff758c6bb in QLoggingCategory::defaultCategory () at io/qloggingcategory.cpp:317 #44 0x00007ffff750ff8e in qt_message_print (msgType=QtWarningMsg, context=..., message=...) at global/qlogging.cpp:2036 #45 0x00007ffff7509515 in qt_message(msgType=QtWarningMsg, context=..., msg=...) at global/qlogging.cpp:360 #46 0x00007ffff750a712 in QMessageLogger::warning (this=0x7fffffffd8b0, msg=...) at global/qlogging.cpp:600 #47 0x00007ffff790e083 in QThreadStorageData::finish (p=0x41b588) at thread/qthreadstorage.cpp:160 #50 0x00007ffff78ed423 in QThreadPrivate::finish (this=0x41b5e0) at thread/qthread_unix.cpp:404 #51 0x00007ffff78ec8ed in destroy_current_thread_data (p=0x41b520) at thread/qthread_unix.cpp:154 #52 0x00007ffff78ec9ec in Cleanup::~Cleanup () at thread/qthread_unix.cpp:204 Task-number: QTBUG-133206 Task-number: QTBUG-133500 Pick-to: 6.9 6.8 Change-Id: I7b653afb1b41ef3c1c9afffdaa93e6558740016b Reviewed-by: Marc Mutz <marc.mutz@qt.io> Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Feb 15, 2025
Similar to commit 12d4bf1, which was for QLocale. Like it, QResource can be used very late in the execution, like for example the logging system. For example (simplified): #9 0x00007ffff759d497 in resourceMutex () at /io/qresource.cpp:188 #10 0x00007ffff759d615 in QResourcePrivate::load (this=0x41c940, file=...) at /io/qresource.cpp:333 #11 0x00007ffff759dc19 in QResourcePrivate::ensureInitialized (this=0x41c940) at /io/qresource.cpp:386 #14 0x00007ffff75011a9 in QLibrarySettings::load() at /global/qlibraryinfo.cpp:80 #22 0x00007ffff7501756 in havePaths () at /global/qlibraryinfo.cpp:149 #23 0x00007ffff75028e3 in QLibraryInfoPrivate::paths (p=QLibraryInfo::DataPath, usageMode=QLibraryInfoPrivate::RegularUsage) at /global/qlibraryinfo.cpp:613 #26 0x00007ffff758e4f0 in QLoggingRegistry::initializeRules () at /io/qloggingregistry.cpp:309 #34 0x00007ffff758f007 in QLoggingRegistry::instance () at io/qloggingregistry.cpp:424 #35 0x00007ffff758c50b in QLoggingCategory::init () at io/qloggingcategory.cpp:188 #43 0x00007ffff758c6bb in QLoggingCategory::defaultCategory () at io/qloggingcategory.cpp:317 #44 0x00007ffff750ff8e in qt_message_print (msgType=QtWarningMsg, context=..., message=...) at global/qlogging.cpp:2036 #45 0x00007ffff7509515 in qt_message(msgType=QtWarningMsg, context=..., msg=...) at global/qlogging.cpp:360 #46 0x00007ffff750a712 in QMessageLogger::warning (this=0x7fffffffd8b0, msg=...) at global/qlogging.cpp:600 #47 0x00007ffff790e083 in QThreadStorageData::finish (p=0x41b588) at thread/qthreadstorage.cpp:160 #50 0x00007ffff78ed423 in QThreadPrivate::finish (this=0x41b5e0) at thread/qthread_unix.cpp:404 #51 0x00007ffff78ec8ed in destroy_current_thread_data (p=0x41b520) at thread/qthread_unix.cpp:154 #52 0x00007ffff78ec9ec in Cleanup::~Cleanup () at thread/qthread_unix.cpp:204 Task-number: QTBUG-133206 Task-number: QTBUG-133500 Pick-to: 6.8 Change-Id: I7b653afb1b41ef3c1c9afffdaa93e6558740016b Reviewed-by: Marc Mutz <marc.mutz@qt.io> Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> (cherry picked from commit ba18ae3) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
qtprojectorg
pushed a commit
that referenced
this pull request
Feb 15, 2025
Similar to commit 12d4bf1, which was for QLocale. Like it, QResource can be used very late in the execution, like for example the logging system. For example (simplified): #9 0x00007ffff759d497 in resourceMutex () at /io/qresource.cpp:188 #10 0x00007ffff759d615 in QResourcePrivate::load (this=0x41c940, file=...) at /io/qresource.cpp:333 #11 0x00007ffff759dc19 in QResourcePrivate::ensureInitialized (this=0x41c940) at /io/qresource.cpp:386 #14 0x00007ffff75011a9 in QLibrarySettings::load() at /global/qlibraryinfo.cpp:80 #22 0x00007ffff7501756 in havePaths () at /global/qlibraryinfo.cpp:149 #23 0x00007ffff75028e3 in QLibraryInfoPrivate::paths (p=QLibraryInfo::DataPath, usageMode=QLibraryInfoPrivate::RegularUsage) at /global/qlibraryinfo.cpp:613 #26 0x00007ffff758e4f0 in QLoggingRegistry::initializeRules () at /io/qloggingregistry.cpp:309 #34 0x00007ffff758f007 in QLoggingRegistry::instance () at io/qloggingregistry.cpp:424 #35 0x00007ffff758c50b in QLoggingCategory::init () at io/qloggingcategory.cpp:188 #43 0x00007ffff758c6bb in QLoggingCategory::defaultCategory () at io/qloggingcategory.cpp:317 #44 0x00007ffff750ff8e in qt_message_print (msgType=QtWarningMsg, context=..., message=...) at global/qlogging.cpp:2036 #45 0x00007ffff7509515 in qt_message(msgType=QtWarningMsg, context=..., msg=...) at global/qlogging.cpp:360 #46 0x00007ffff750a712 in QMessageLogger::warning (this=0x7fffffffd8b0, msg=...) at global/qlogging.cpp:600 #47 0x00007ffff790e083 in QThreadStorageData::finish (p=0x41b588) at thread/qthreadstorage.cpp:160 #50 0x00007ffff78ed423 in QThreadPrivate::finish (this=0x41b5e0) at thread/qthread_unix.cpp:404 #51 0x00007ffff78ec8ed in destroy_current_thread_data (p=0x41b520) at thread/qthread_unix.cpp:154 #52 0x00007ffff78ec9ec in Cleanup::~Cleanup () at thread/qthread_unix.cpp:204 Task-number: QTBUG-133206 Task-number: QTBUG-133500 Change-Id: I7b653afb1b41ef3c1c9afffdaa93e6558740016b Reviewed-by: Marc Mutz <marc.mutz@qt.io> Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> (cherry picked from commit ba18ae3) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> (cherry picked from commit c6fdf95)
qtprojectorg
pushed a commit
that referenced
this pull request
Mar 9, 2025
Amends commit bfbd1a2. I've noticed this on my Mac, because the main thread crashed at the same time as the exitFromThread() thread was exiting and was running ~QLibraryStore: * thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x106) * frame #0: 0x00007ff8020533be libobjc.A.dylib`getMethodNoSuper_nolock(objc_class*, objc_selector*) + 47 ... frame #19: 0x0000000103839694 QtCore`QCoreApplication::exec() at qcoreapplication.cpp:1454:32 frame #20: 0x0000000101fc94ea QtGui`QGuiApplication::exec() at qguiapplication.cpp:1993:12 frame #21: 0x0000000100004b59 apphelper`exitFromThread(argc=1, argv=0x00007ff7bfeff318) at apphelper.cpp:50:5 thread #8, name = 'QThread' ... frame #11: 0x00007ff8020c4f94 dyld`dyld4::APIs::dlclose(void*) + 178 frame #12: 0x0000000103e82476 QtCore`QLibraryPrivate::unload_sys(this=0x0000600001254160) at qlibrary_unix.cpp:252:24 frame #13: 0x0000000103e793fc QtCore`QLibraryPrivate::unload(this=0x0000600001254160, flag=UnloadSys) at qlibrary.cpp:561:36 frame #14: 0x00000001039740c8 QtCore`QFactoryLoader::~QFactoryLoader(this=0x00000001029e5e70) at qfactoryloader.cpp:438:21 frame #15: 0x00000001039745e9 QtCore`QFactoryLoader::~QFactoryLoader(this=0x00000001029e5e70) at qfactoryloader.cpp:425:1 frame #16: 0x0000000101eb723c QtGui`void std::__1::__destroy_at[abi:sn180100]<QFactoryLoader, 0>(__loc=0x00000001029e5e70) at construct_at.h:67:11 frame #17: 0x0000000101eb7209 QtGui`void std::__1::destroy_at[abi:sn180100]<QFactoryLoader, 0>(__loc=0x00000001029e5e70) at construct_at.h:100:3 frame #18: 0x0000000102046762 QtGui`QtGlobalStatic::Storage<QFactoryLoader, (anonymous namespace)::Q_QGS_piLoader>::destroyYourself(nextState=Destroyed) at qglobalstatic.h:61:9 frame #19: 0x0000000102046736 QtGui`QtGlobalStatic::Holder<(anonymous namespace)::Q_QGS_piLoader, (anonymous namespace)::Q_QGS_piLoader>::~Holder(this=0x00000001029e5e61) at qglobalstatic.h:83:9 frame #20: 0x00000001020465d9 QtGui`QtGlobalStatic::Holder<(anonymous namespace)::Q_QGS_piLoader, (anonymous namespace)::Q_QGS_piLoader>::~Holder(this=0x00000001029e5e61) at qglobalstatic.h:82:5 frame #21: 0x00007ff8022f4231 libsystem_c.dylib`__cxa_finalize_ranges + 402 frame #22: 0x00007ff8022f4052 libsystem_c.dylib`exit + 35 frame #23: 0x000000010000755a apphelper`exitFromThread(int, char**)::$_1::operator()(this=0x000060000175612c) const at apphelper.cpp:47:9 Pick-to: 6.9 6.9.0 6.8 Change-Id: Ib1c72c7975b247cc2d17fffd6c5de89a95c22dad Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Mar 10, 2025
Amends commit bfbd1a2. I've noticed this on my Mac, because the main thread crashed at the same time as the exitFromThread() thread was exiting and was running ~QLibraryStore: * thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x106) * frame #0: 0x00007ff8020533be libobjc.A.dylib`getMethodNoSuper_nolock(objc_class*, objc_selector*) + 47 ... frame #19: 0x0000000103839694 QtCore`QCoreApplication::exec() at qcoreapplication.cpp:1454:32 frame #20: 0x0000000101fc94ea QtGui`QGuiApplication::exec() at qguiapplication.cpp:1993:12 frame #21: 0x0000000100004b59 apphelper`exitFromThread(argc=1, argv=0x00007ff7bfeff318) at apphelper.cpp:50:5 thread #8, name = 'QThread' ... frame #11: 0x00007ff8020c4f94 dyld`dyld4::APIs::dlclose(void*) + 178 frame #12: 0x0000000103e82476 QtCore`QLibraryPrivate::unload_sys(this=0x0000600001254160) at qlibrary_unix.cpp:252:24 frame #13: 0x0000000103e793fc QtCore`QLibraryPrivate::unload(this=0x0000600001254160, flag=UnloadSys) at qlibrary.cpp:561:36 frame #14: 0x00000001039740c8 QtCore`QFactoryLoader::~QFactoryLoader(this=0x00000001029e5e70) at qfactoryloader.cpp:438:21 frame #15: 0x00000001039745e9 QtCore`QFactoryLoader::~QFactoryLoader(this=0x00000001029e5e70) at qfactoryloader.cpp:425:1 frame #16: 0x0000000101eb723c QtGui`void std::__1::__destroy_at[abi:sn180100]<QFactoryLoader, 0>(__loc=0x00000001029e5e70) at construct_at.h:67:11 frame #17: 0x0000000101eb7209 QtGui`void std::__1::destroy_at[abi:sn180100]<QFactoryLoader, 0>(__loc=0x00000001029e5e70) at construct_at.h:100:3 frame #18: 0x0000000102046762 QtGui`QtGlobalStatic::Storage<QFactoryLoader, (anonymous namespace)::Q_QGS_piLoader>::destroyYourself(nextState=Destroyed) at qglobalstatic.h:61:9 frame #19: 0x0000000102046736 QtGui`QtGlobalStatic::Holder<(anonymous namespace)::Q_QGS_piLoader, (anonymous namespace)::Q_QGS_piLoader>::~Holder(this=0x00000001029e5e61) at qglobalstatic.h:83:9 frame #20: 0x00000001020465d9 QtGui`QtGlobalStatic::Holder<(anonymous namespace)::Q_QGS_piLoader, (anonymous namespace)::Q_QGS_piLoader>::~Holder(this=0x00000001029e5e61) at qglobalstatic.h:82:5 frame #21: 0x00007ff8022f4231 libsystem_c.dylib`__cxa_finalize_ranges + 402 frame #22: 0x00007ff8022f4052 libsystem_c.dylib`exit + 35 frame #23: 0x000000010000755a apphelper`exitFromThread(int, char**)::$_1::operator()(this=0x000060000175612c) const at apphelper.cpp:47:9 Pick-to: 6.9.0 6.8 Change-Id: Ib1c72c7975b247cc2d17fffd6c5de89a95c22dad Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io> (cherry picked from commit e6a6757) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
qtprojectorg
pushed a commit
that referenced
this pull request
Mar 10, 2025
Amends commit bfbd1a2. I've noticed this on my Mac, because the main thread crashed at the same time as the exitFromThread() thread was exiting and was running ~QLibraryStore: * thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x106) * frame #0: 0x00007ff8020533be libobjc.A.dylib`getMethodNoSuper_nolock(objc_class*, objc_selector*) + 47 ... frame #19: 0x0000000103839694 QtCore`QCoreApplication::exec() at qcoreapplication.cpp:1454:32 frame #20: 0x0000000101fc94ea QtGui`QGuiApplication::exec() at qguiapplication.cpp:1993:12 frame #21: 0x0000000100004b59 apphelper`exitFromThread(argc=1, argv=0x00007ff7bfeff318) at apphelper.cpp:50:5 thread #8, name = 'QThread' ... frame #11: 0x00007ff8020c4f94 dyld`dyld4::APIs::dlclose(void*) + 178 frame #12: 0x0000000103e82476 QtCore`QLibraryPrivate::unload_sys(this=0x0000600001254160) at qlibrary_unix.cpp:252:24 frame #13: 0x0000000103e793fc QtCore`QLibraryPrivate::unload(this=0x0000600001254160, flag=UnloadSys) at qlibrary.cpp:561:36 frame #14: 0x00000001039740c8 QtCore`QFactoryLoader::~QFactoryLoader(this=0x00000001029e5e70) at qfactoryloader.cpp:438:21 frame #15: 0x00000001039745e9 QtCore`QFactoryLoader::~QFactoryLoader(this=0x00000001029e5e70) at qfactoryloader.cpp:425:1 frame #16: 0x0000000101eb723c QtGui`void std::__1::__destroy_at[abi:sn180100]<QFactoryLoader, 0>(__loc=0x00000001029e5e70) at construct_at.h:67:11 frame #17: 0x0000000101eb7209 QtGui`void std::__1::destroy_at[abi:sn180100]<QFactoryLoader, 0>(__loc=0x00000001029e5e70) at construct_at.h:100:3 frame #18: 0x0000000102046762 QtGui`QtGlobalStatic::Storage<QFactoryLoader, (anonymous namespace)::Q_QGS_piLoader>::destroyYourself(nextState=Destroyed) at qglobalstatic.h:61:9 frame #19: 0x0000000102046736 QtGui`QtGlobalStatic::Holder<(anonymous namespace)::Q_QGS_piLoader, (anonymous namespace)::Q_QGS_piLoader>::~Holder(this=0x00000001029e5e61) at qglobalstatic.h:83:9 frame #20: 0x00000001020465d9 QtGui`QtGlobalStatic::Holder<(anonymous namespace)::Q_QGS_piLoader, (anonymous namespace)::Q_QGS_piLoader>::~Holder(this=0x00000001029e5e61) at qglobalstatic.h:82:5 frame #21: 0x00007ff8022f4231 libsystem_c.dylib`__cxa_finalize_ranges + 402 frame #22: 0x00007ff8022f4052 libsystem_c.dylib`exit + 35 frame #23: 0x000000010000755a apphelper`exitFromThread(int, char**)::$_1::operator()(this=0x000060000175612c) const at apphelper.cpp:47:9 Change-Id: Ib1c72c7975b247cc2d17fffd6c5de89a95c22dad Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io> (cherry picked from commit e6a6757) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> (cherry picked from commit 87c7908)
qtprojectorg
pushed a commit
that referenced
this pull request
Mar 10, 2025
Amends commit bfbd1a2. I've noticed this on my Mac, because the main thread crashed at the same time as the exitFromThread() thread was exiting and was running ~QLibraryStore: * thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x106) * frame #0: 0x00007ff8020533be libobjc.A.dylib`getMethodNoSuper_nolock(objc_class*, objc_selector*) + 47 ... frame #19: 0x0000000103839694 QtCore`QCoreApplication::exec() at qcoreapplication.cpp:1454:32 frame #20: 0x0000000101fc94ea QtGui`QGuiApplication::exec() at qguiapplication.cpp:1993:12 frame #21: 0x0000000100004b59 apphelper`exitFromThread(argc=1, argv=0x00007ff7bfeff318) at apphelper.cpp:50:5 thread #8, name = 'QThread' ... frame #11: 0x00007ff8020c4f94 dyld`dyld4::APIs::dlclose(void*) + 178 frame #12: 0x0000000103e82476 QtCore`QLibraryPrivate::unload_sys(this=0x0000600001254160) at qlibrary_unix.cpp:252:24 frame #13: 0x0000000103e793fc QtCore`QLibraryPrivate::unload(this=0x0000600001254160, flag=UnloadSys) at qlibrary.cpp:561:36 frame #14: 0x00000001039740c8 QtCore`QFactoryLoader::~QFactoryLoader(this=0x00000001029e5e70) at qfactoryloader.cpp:438:21 frame #15: 0x00000001039745e9 QtCore`QFactoryLoader::~QFactoryLoader(this=0x00000001029e5e70) at qfactoryloader.cpp:425:1 frame #16: 0x0000000101eb723c QtGui`void std::__1::__destroy_at[abi:sn180100]<QFactoryLoader, 0>(__loc=0x00000001029e5e70) at construct_at.h:67:11 frame #17: 0x0000000101eb7209 QtGui`void std::__1::destroy_at[abi:sn180100]<QFactoryLoader, 0>(__loc=0x00000001029e5e70) at construct_at.h:100:3 frame #18: 0x0000000102046762 QtGui`QtGlobalStatic::Storage<QFactoryLoader, (anonymous namespace)::Q_QGS_piLoader>::destroyYourself(nextState=Destroyed) at qglobalstatic.h:61:9 frame #19: 0x0000000102046736 QtGui`QtGlobalStatic::Holder<(anonymous namespace)::Q_QGS_piLoader, (anonymous namespace)::Q_QGS_piLoader>::~Holder(this=0x00000001029e5e61) at qglobalstatic.h:83:9 frame #20: 0x00000001020465d9 QtGui`QtGlobalStatic::Holder<(anonymous namespace)::Q_QGS_piLoader, (anonymous namespace)::Q_QGS_piLoader>::~Holder(this=0x00000001029e5e61) at qglobalstatic.h:82:5 frame #21: 0x00007ff8022f4231 libsystem_c.dylib`__cxa_finalize_ranges + 402 frame #22: 0x00007ff8022f4052 libsystem_c.dylib`exit + 35 frame #23: 0x000000010000755a apphelper`exitFromThread(int, char**)::$_1::operator()(this=0x000060000175612c) const at apphelper.cpp:47:9 Change-Id: Ib1c72c7975b247cc2d17fffd6c5de89a95c22dad Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io> (cherry picked from commit e6a6757) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> (cherry picked from commit 87c7908)
qtprojectorg
pushed a commit
that referenced
this pull request
Apr 3, 2025
Amends b6b489d, which introduced UB (invalid downcast): By the time the QMainWindowTabBars are destroyed, and they want to unregister themselves from the QMainWindow, the ex-QMainWindow has already been demoted to a QWidget. Says UBSan: qmainwindow.cpp:63:47: runtime error: member call on address 0x6040000267d0 which does not point to an object of type 'QMainWindow' 0x6040000267d0: note: object is of type 'QWidget' 00 00 00 00 28 c1 e6 f3 c7 7f 00 00 80 24 00 00 60 61 00 00 d8 c2 e6 f3 c7 7f 00 00 00 00 be be ^~~~~~~~~~~~~~~~~~~~~~~ vptr for 'QWidget' #0 0x7fc7f06da8c5 in QMainWindowPrivate::mainWindowLayout(QMainWindow const*) qmainwindow.cpp:63 #1 0x7fc7f06da8c5 in qt_mainwindow_layout(QMainWindow const*) qmainwindow.cpp:69 #2 0x7fc7f07bb4ed in QMainWindowTabBar::~QMainWindowTabBar() qmainwindowlayout.cpp:2042 #3 0x7fc7f07bf4e5 in QMainWindowTabBar::~QMainWindowTabBar() qmainwindowlayout.cpp:2047 #4 0x7fc7c69f9c2a in QObjectPrivate::deleteChildren() qobject.cpp:2226 #5 0x7fc7ef0b7f3d in QWidget::~QWidget() qwidget.cpp:1557 #6 0x7fc7f082c7c7 in QDockWidgetGroupWindow::~QDockWidgetGroupWindow() qmainwindowlayout_p.h:343 #7 0x7fc7f082c7c7 in QDockWidgetGroupWindow::~QDockWidgetGroupWindow() qmainwindowlayout_p.h:343 #8 0x7fc7c69f9c2a in QObjectPrivate::deleteChildren() qobject.cpp:2226 #9 0x7fc7ef0b7f3d in QWidget::~QWidget() qwidget.cpp:1557 #10 0x7fc7f06ce495 in QMainWindow::~QMainWindow() qmainwindow.cpp:338 #12 0x556a6180a84c in std::default_delete<QMainWindow>::operator()(QMainWindow*) const unique_ptr.h:85 #13 0x556a6180a84c in std::unique_ptr<QMainWindow, std::default_delete<QMainWindow> >::~unique_ptr() unique_ptr.h:361 #14 0x556a6180a84c in tst_QDockWidget::setFloatingReparenting() tst_qdockwidget.cpp:492 Use qobject_cast to verify that the mainWindow is not pointing to a QMainWindow that is being destroyed (and has passed the ~QMainWindow destructor). If the main window is destroyed, then removing the tab bar from the list of unused tab bars is unnecessary. Pick-to: 6.9 6.8 6.5 Change-Id: I25e12d79198137b75cd2576ff1440b6c94277eba Reviewed-by: Marc Mutz <marc.mutz@qt.io> Reviewed-by: Axel Spoerl <axel.spoerl@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Apr 3, 2025
Amends b6b489d, which introduced UB (invalid downcast): By the time the QMainWindowTabBars are destroyed, and they want to unregister themselves from the QMainWindow, the ex-QMainWindow has already been demoted to a QWidget. Says UBSan: qmainwindow.cpp:63:47: runtime error: member call on address 0x6040000267d0 which does not point to an object of type 'QMainWindow' 0x6040000267d0: note: object is of type 'QWidget' 00 00 00 00 28 c1 e6 f3 c7 7f 00 00 80 24 00 00 60 61 00 00 d8 c2 e6 f3 c7 7f 00 00 00 00 be be ^~~~~~~~~~~~~~~~~~~~~~~ vptr for 'QWidget' #0 0x7fc7f06da8c5 in QMainWindowPrivate::mainWindowLayout(QMainWindow const*) qmainwindow.cpp:63 #1 0x7fc7f06da8c5 in qt_mainwindow_layout(QMainWindow const*) qmainwindow.cpp:69 #2 0x7fc7f07bb4ed in QMainWindowTabBar::~QMainWindowTabBar() qmainwindowlayout.cpp:2042 #3 0x7fc7f07bf4e5 in QMainWindowTabBar::~QMainWindowTabBar() qmainwindowlayout.cpp:2047 #4 0x7fc7c69f9c2a in QObjectPrivate::deleteChildren() qobject.cpp:2226 #5 0x7fc7ef0b7f3d in QWidget::~QWidget() qwidget.cpp:1557 #6 0x7fc7f082c7c7 in QDockWidgetGroupWindow::~QDockWidgetGroupWindow() qmainwindowlayout_p.h:343 #7 0x7fc7f082c7c7 in QDockWidgetGroupWindow::~QDockWidgetGroupWindow() qmainwindowlayout_p.h:343 #8 0x7fc7c69f9c2a in QObjectPrivate::deleteChildren() qobject.cpp:2226 #9 0x7fc7ef0b7f3d in QWidget::~QWidget() qwidget.cpp:1557 #10 0x7fc7f06ce495 in QMainWindow::~QMainWindow() qmainwindow.cpp:338 #12 0x556a6180a84c in std::default_delete<QMainWindow>::operator()(QMainWindow*) const unique_ptr.h:85 #13 0x556a6180a84c in std::unique_ptr<QMainWindow, std::default_delete<QMainWindow> >::~unique_ptr() unique_ptr.h:361 #14 0x556a6180a84c in tst_QDockWidget::setFloatingReparenting() tst_qdockwidget.cpp:492 Use qobject_cast to verify that the mainWindow is not pointing to a QMainWindow that is being destroyed (and has passed the ~QMainWindow destructor). If the main window is destroyed, then removing the tab bar from the list of unused tab bars is unnecessary. Pick-to: 6.8 6.5 Change-Id: I25e12d79198137b75cd2576ff1440b6c94277eba Reviewed-by: Marc Mutz <marc.mutz@qt.io> Reviewed-by: Axel Spoerl <axel.spoerl@qt.io> (cherry picked from commit 1bbbacb) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
qtprojectorg
pushed a commit
that referenced
this pull request
Apr 4, 2025
The process by which the QDockAreaLayout changes a QDockAreaLayoutInfo
from representing a QWidget that's being deleted to representing a
QPlaceholderItem involves the construction of the latter from the
former. If a QDockWidget is being deleted, however, at the time the
QDockAreaLayout notices, the ex-QDockWidget has been demoted to a
QObject, causing the calls to QWidget member functions to be UB:
Says UBSan:
qdockarealayout.cpp:46:25: runtime error: member call on address 0x7ffe74a429d0 which does not point to an object of type 'QWidget'
0x7ffe74a429d0: note: object is of type 'QObject'
33 7f 00 00 c0 ea 73 6e 33 7f 00 00 00 12 00 00 70 61 00 00 40 cd 41 83 33 7f 00 00 00 00 00 00
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'QObject'
#0 0x7f339546e251 in QPlaceHolderItem::QPlaceHolderItem(QWidget*) qdockarealayout.cpp:46
#1 0x7f33955169a8 in QDockAreaLayoutInfo::takeAt(int*, int) qdockarealayout.cpp:1780
#2 0x7f3395517175 in QDockAreaLayout::takeAt(int*, int) qdockarealayout.cpp:3432
#3 0x7f33959e38a8 in QMainWindowLayoutState::takeAt(int, int*) qmainwindowlayout.cpp:927
#4 0x7f33959e38a8 in QMainWindowLayoutState::takeAt(int, int*) qmainwindowlayout.cpp:919
#5 0x7f3395a42cdd in QMainWindowLayout::takeAt(int) qmainwindowlayout.cpp:2238
#6 0x7f3393fae246 in removeWidgetRecursively qlayout.cpp:485
#7 0x7f3393fb8300 in QLayout::widgetEvent(QEvent*) qlayout.cpp:544
#8 0x7f3393bde28a in QApplicationPrivate::notify_helper(QObject*, QEvent*) qapplication.cpp:3298
#9 0x7f3393c5f74a in QApplication::notify(QObject*, QEvent*) qapplication.cpp:3259
#10 0x7f336b784ada in QCoreApplication::notifyInternal2(QObject*, QEvent*) qcoreapplication.cpp:1111
#11 0x7f336b7874e3 in QCoreApplication::sendEvent(QObject*, QEvent*) qcoreapplication.cpp:1551
#12 0x7f336bcc624a in QObjectPrivate::setParent_helper(QObject*) qobject.cpp:2271
#13 0x7f336bccd76c in QObject::~QObject() qobject.cpp:1146
#14 0x7f339434e126 in QWidget::~QWidget() qwidget.cpp:1584
#15 0x7f33955b5815 in QDockWidget::~QDockWidget() qdockwidget.cpp:1362
[...]
qwidget.h:816:25: runtime error: member call on address 0x7ffe74a429d0 which does not point to an object of type 'QWidget'
0x7ffe74a429d0: note: object is of type 'QObject'
33 7f 00 00 c0 ea 73 6e 33 7f 00 00 00 12 00 00 70 61 00 00 40 cd 41 83 33 7f 00 00 00 00 00 00
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'QObject'
#0 0x7f339546e0bb in QWidget::isWindow() const qwidget.h:816
#1 0x7f339546e0bb in QPlaceHolderItem::QPlaceHolderItem(QWidget*) qdockarealayout.cpp:47
[... rest as above...]
Fix by dragging the setParent(nullptr) up into ~QDockWidget().
Ordinarily, that call happens only in ~QObject(). But that's what
caused the layout to react to the ChildRemoved element too late. When
doing it here, the dock widget is still itself, and all the
QDockAreaLayout machinery can still access its QWidget-ness.
Amends the start of the public history.
After consulting with QtWidgets maintainer, not picking to 5.15,
since, even though slim, there's a non-zero chance this might break
something, somewhere.
Pick-to: 6.9 6.8 6.5
Change-Id: I5472bbb0fcab9fb74272a1da6c2a2896226e12bb
Reviewed-by: Richard Moe Gustavsen <richard.gustavsen@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Apr 4, 2025
…howAndHide()
The event filter was still active when the QDialogButtonBox in its
destruction process had already been demoted to QWidget. The
ignoreShowAndHide guard came too late, because by the time we check
it, in Private::handleButtonShowAndHide(), we had already cast q_ptr
to QDialogButtonBox.
Says UBSan:
qdialogbuttonbox_p.h:26:5: runtime error: downcast of address 0x7fffefab47e0 which does not point to an object of type 'QDialogButtonBox'
0x7fffefab47e0: note: object is of type 'QWidget'
00 00 00 00 28 c1 5b 6e 6d 7f 00 00 80 22 10 00 90 61 00 00 d8 c2 5b 6e 6d 7f 00 00 00 00 00 00
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'QWidget'
#0 0x7f6d6b51141d in QDialogButtonBoxPrivate::q_func() qdialogbuttonbox_p.h:26
#1 0x7f6d6b51141d in QDialogButtonBoxPrivate::handleButtonShowAndHide(QAbstractButton*, QEvent*) qdialogbuttonbox.cpp:913
#2 0x7f6d6b51436c in eventFilter qdialogbuttonbox.cpp:127
#3 0x7f6d40c1a8f1 in QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) qcoreapplication.cpp:1248
#4 0x7f6d690b23d5 in QApplicationPrivate::notify_helper(QObject*, QEvent*) qapplication.cpp:3303
#5 0x7f6d69132a3a in QApplication::notify(QObject*, QEvent*) qapplication.cpp:3259
#6 0x7f6d40c1da6a in QCoreApplication::notifyInternal2(QObject*, QEvent*) qcoreapplication.cpp:1111
#7 0x7f6d40c20473 in QCoreApplication::sendEvent(QObject*, QEvent*) qcoreapplication.cpp:1551
#8 0x7f6d690fe76c in QApplicationPrivate::setActiveWindow(QWidget*) qapplication.cpp:1857
#9 0x7f6d695ac796 in QWidgetPrivate::deactivateWidgetCleanup() qwidget.cpp:2326
#10 0x7f6d6976f8ce in QWidgetPrivate::hide_sys() qwidget.cpp:8256
#11 0x7f6d69814579 in QWidgetPrivate::hide_helper() qwidget.cpp:8199
#12 0x7f6d69887c1f in QWidgetPrivate::setVisible(bool) qwidget.cpp:8406
#13 0x7f6d69775d23 in QWidget::setVisible(bool) qwidget.cpp:8314
#14 0x7f6d695fb018 in QWidget::hide() qwidget.cpp:8179
#15 0x7f6d6981a183 in QWidgetPrivate::handleClose(QWidgetPrivate::CloseMode) qwidget.cpp:8580
#16 0x7f6d699e6fc6 in QWidgetWindow::closeEvent(QCloseEvent*) qwidgetwindow.cpp:871
#17 0x7f6d52ef9f5d in QWindow::event(QEvent*) qwindow.cpp:2721
#18 0x7f6d69a575f8 in QWidgetWindow::event(QEvent*) qwidgetwindow.cpp:398
#19 0x7f6d690b2491 in QApplicationPrivate::notify_helper(QObject*, QEvent*) qapplication.cpp:3309
#20 0x7f6d69132a3a in QApplication::notify(QObject*, QEvent*) qapplication.cpp:3259
#21 0x7f6d40c1da6a in QCoreApplication::notifyInternal2(QObject*, QEvent*) qcoreapplication.cpp:1111
#22 0x7f6d40c205b3 in QCoreApplication::sendSpontaneousEvent(QObject*, QEvent*) qcoreapplication.cpp:1565
#23 0x7f6d5287415b in QGuiApplicationPrivate::processCloseEvent(QWindowSystemInterfacePrivate::CloseEvent*) qguiapplication.cpp:2911
#24 0x7f6d528b543f in QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) qguiapplication.cpp:2259
#25 0x7f6d52fb5b02 in QWindowSystemEventHandler::sendEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) qwindowsysteminterface.cpp:190
#26 0x7f6d52fb5b02 in bool QWindowSystemHelper<QWindowSystemInterface::SynchronousDelivery>::handleEvent<QWindowSystemInterfacePrivate::CloseEvent, QWindow*>(QWindow*) qwindowsysteminterface.cpp:102
#27 0x7f6d52fb5b02 in handleWindowSystemEvent<QWindowSystemInterfacePrivate::CloseEvent, QWindowSystemInterface::SynchronousDelivery, QWindow*> qwindowsysteminterface.cpp:138
#28 0x7f6d52fb5b02 in bool QWindowSystemInterface::handleCloseEvent<QWindowSystemInterface::SynchronousDelivery>(QWindow*) qwindowsysteminterface.cpp:351
#29 0x7f6d52cb6f1e in QPlatformWindow::close() qplatformwindow.cpp:348
#30 0x7f6d52e7e158 in QWindow::close() qwindow.cpp:2449
#31 0x7f6d6981b4d2 in QWidgetPrivate::close() qwidget.cpp:8632
#32 0x7f6d698205c6 in QWidget::~QWidget() qwidget.cpp:1508
#33 0x7f6d6b4f6bf0 in QDialogButtonBox::~QDialogButtonBox() qdialogbuttonbox.cpp:496
To fix, don't delay the Q_Q to until after the ignoreShowAndHide
check, since that woould be brittle. Instead, do as we for signal/slot
connections, which we disconnect explicitly in ~QDialogButtonBox(),
and delete the EventFilter explicitly there, too. This way, it's more
natural, and also prevents all those useless event filter invocations
from having to be processed later on.
Amends aff0915. The original code,
using QDialogButtonBox::eventFilter(), was not affected, since by the
time QDialogButtonBox was demoted to QWidget, QWidget::eventFilter(),
not QDialogButtonBox::eventFilter() would been invoked. Which just
goes to show that one needs to be very careful with delegating too
much responsibilites to the Private class, as it lives, fully derived,
until ~QWidget() executes.
Pick-to: 6.9 6.8 6.5
Change-Id: I04f36fd6d7d160932bfe1494fdff464786b85047
Reviewed-by: Axel Spoerl <axel.spoerl@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Apr 4, 2025
Amends b6b489d, which introduced UB (invalid downcast): By the time the QMainWindowTabBars are destroyed, and they want to unregister themselves from the QMainWindow, the ex-QMainWindow has already been demoted to a QWidget. Says UBSan: qmainwindow.cpp:63:47: runtime error: member call on address 0x6040000267d0 which does not point to an object of type 'QMainWindow' 0x6040000267d0: note: object is of type 'QWidget' 00 00 00 00 28 c1 e6 f3 c7 7f 00 00 80 24 00 00 60 61 00 00 d8 c2 e6 f3 c7 7f 00 00 00 00 be be ^~~~~~~~~~~~~~~~~~~~~~~ vptr for 'QWidget' #0 0x7fc7f06da8c5 in QMainWindowPrivate::mainWindowLayout(QMainWindow const*) qmainwindow.cpp:63 #1 0x7fc7f06da8c5 in qt_mainwindow_layout(QMainWindow const*) qmainwindow.cpp:69 #2 0x7fc7f07bb4ed in QMainWindowTabBar::~QMainWindowTabBar() qmainwindowlayout.cpp:2042 #3 0x7fc7f07bf4e5 in QMainWindowTabBar::~QMainWindowTabBar() qmainwindowlayout.cpp:2047 #4 0x7fc7c69f9c2a in QObjectPrivate::deleteChildren() qobject.cpp:2226 #5 0x7fc7ef0b7f3d in QWidget::~QWidget() qwidget.cpp:1557 #6 0x7fc7f082c7c7 in QDockWidgetGroupWindow::~QDockWidgetGroupWindow() qmainwindowlayout_p.h:343 #7 0x7fc7f082c7c7 in QDockWidgetGroupWindow::~QDockWidgetGroupWindow() qmainwindowlayout_p.h:343 #8 0x7fc7c69f9c2a in QObjectPrivate::deleteChildren() qobject.cpp:2226 #9 0x7fc7ef0b7f3d in QWidget::~QWidget() qwidget.cpp:1557 #10 0x7fc7f06ce495 in QMainWindow::~QMainWindow() qmainwindow.cpp:338 #12 0x556a6180a84c in std::default_delete<QMainWindow>::operator()(QMainWindow*) const unique_ptr.h:85 #13 0x556a6180a84c in std::unique_ptr<QMainWindow, std::default_delete<QMainWindow> >::~unique_ptr() unique_ptr.h:361 #14 0x556a6180a84c in tst_QDockWidget::setFloatingReparenting() tst_qdockwidget.cpp:492 Use qobject_cast to verify that the mainWindow is not pointing to a QMainWindow that is being destroyed (and has passed the ~QMainWindow destructor). If the main window is destroyed, then removing the tab bar from the list of unused tab bars is unnecessary. Pick-to: 6.5 Change-Id: I25e12d79198137b75cd2576ff1440b6c94277eba Reviewed-by: Marc Mutz <marc.mutz@qt.io> Reviewed-by: Axel Spoerl <axel.spoerl@qt.io> (cherry picked from commit 1bbbacb) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> (cherry picked from commit 19c4db4)
qtprojectorg
pushed a commit
that referenced
this pull request
Apr 10, 2025
…veButtonsFromMenuBar()
The function can be called from ~QMdiSubwindow(), and we checked for
QWidgetPrivate::data.in_destructor before proceeding with the removal
of buttons from the menubar, but we called
QPointer<QMdiSubwindow>::data()->window(), which, at this point in
time, had already been demoted to a QWidget:
Says UBSan:
qpointer.h:75:14: runtime error: downcast of address 0x6040000aca10 which does not point to an object of type 'QMdiSubWindow'
0x6040000aca10: note: object is of type 'QWidget'
00 00 00 00 28 01 99 bc ff 7e 00 00 80 dc 0f 00 90 61 00 00 d8 02 99 bc ff 7e 00 00 00 00 be be
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'QWidget'
#0 0x7effb955f95a in QPointer<QMdiSubWindow>::data() const qpointer.h:75
#1 0x7effb955f95a in QPointer<QMdiSubWindow>::operator->() const qpointer.h:79
#2 0x7effb955f95a in QMdi::ControlContainer::removeButtonsFromMenuBar(QMenuBar*) qmdisubwindow.cpp:795
#3 0x7effb9563031 in QMdi::ControlContainer::~ControlContainer() qmdisubwindow.cpp:717
#4 0x7effb9566595 in QMdi::ControlContainer::~ControlContainer() qmdisubwindow.cpp:723
#5 0x7eff8f4f2b7a in QObjectPrivate::deleteChildren() qobject.cpp:2226
#6 0x7effb7bf732d in QWidget::~QWidget() qwidget.cpp:1557
#7 0x7effb95cc02c in QMdiSubWindow::~QMdiSubWindow() qmdisubwindow.cpp:2254
#8 0x7effb95cc1d5 in QMdiSubWindow::~QMdiSubWindow() qmdisubwindow.cpp:2254
#9 0x7eff8f4f2b7a in QObjectPrivate::deleteChildren() qobject.cpp:2226
#10 0x7effb7bf732d in QWidget::~QWidget() qwidget.cpp:1557
#11 0x7effb7bffba5 in QWidget::~QWidget() qwidget.cpp:1584
#12 0x7eff8f4f2b7a in QObjectPrivate::deleteChildren() qobject.cpp:2226
#13 0x7effb7bf732d in QWidget::~QWidget() qwidget.cpp:1557
#14 0x7effb85f0dc5 in QFrame::~QFrame() qframe.cpp:235
#15 0x7effb859c747 in QAbstractScrollArea::~QAbstractScrollArea() qabstractscrollarea.cpp:478
#16 0x7effb93c08a6 in QMdiArea::~QMdiArea() qmdiarea.cpp:1703
#17 0x7effb93c0e55 in QMdiArea::~QMdiArea() qmdiarea.cpp:1703
#18 0x7eff8f4f2b7a in QObjectPrivate::deleteChildren() qobject.cpp:2226
#19 0x7effb7bf732d in QWidget::~QWidget() qwidget.cpp:1557
#20 0x7effb920a425 in QMainWindow::~QMainWindow() qmainwindow.cpp:338
Fix by deleting the ControlContainer already from ~QMdiSubwindow(),
ie. when we have not yet been demoted to QWidget.
Amends the start of the public history.
Pick-to: 6.9 6.8 6.5 5.15
Change-Id: Ia43c857bc1842b2b4957cc79e00f790b045d8f94
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Apr 12, 2025
…howAndHide()
The event filter was still active when the QDialogButtonBox in its
destruction process had already been demoted to QWidget. The
ignoreShowAndHide guard came too late, because by the time we check
it, in Private::handleButtonShowAndHide(), we had already cast q_ptr
to QDialogButtonBox.
Says UBSan:
qdialogbuttonbox_p.h:26:5: runtime error: downcast of address 0x7fffefab47e0 which does not point to an object of type 'QDialogButtonBox'
0x7fffefab47e0: note: object is of type 'QWidget'
00 00 00 00 28 c1 5b 6e 6d 7f 00 00 80 22 10 00 90 61 00 00 d8 c2 5b 6e 6d 7f 00 00 00 00 00 00
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'QWidget'
#0 0x7f6d6b51141d in QDialogButtonBoxPrivate::q_func() qdialogbuttonbox_p.h:26
#1 0x7f6d6b51141d in QDialogButtonBoxPrivate::handleButtonShowAndHide(QAbstractButton*, QEvent*) qdialogbuttonbox.cpp:913
#2 0x7f6d6b51436c in eventFilter qdialogbuttonbox.cpp:127
#3 0x7f6d40c1a8f1 in QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) qcoreapplication.cpp:1248
#4 0x7f6d690b23d5 in QApplicationPrivate::notify_helper(QObject*, QEvent*) qapplication.cpp:3303
#5 0x7f6d69132a3a in QApplication::notify(QObject*, QEvent*) qapplication.cpp:3259
#6 0x7f6d40c1da6a in QCoreApplication::notifyInternal2(QObject*, QEvent*) qcoreapplication.cpp:1111
#7 0x7f6d40c20473 in QCoreApplication::sendEvent(QObject*, QEvent*) qcoreapplication.cpp:1551
#8 0x7f6d690fe76c in QApplicationPrivate::setActiveWindow(QWidget*) qapplication.cpp:1857
#9 0x7f6d695ac796 in QWidgetPrivate::deactivateWidgetCleanup() qwidget.cpp:2326
#10 0x7f6d6976f8ce in QWidgetPrivate::hide_sys() qwidget.cpp:8256
#11 0x7f6d69814579 in QWidgetPrivate::hide_helper() qwidget.cpp:8199
#12 0x7f6d69887c1f in QWidgetPrivate::setVisible(bool) qwidget.cpp:8406
#13 0x7f6d69775d23 in QWidget::setVisible(bool) qwidget.cpp:8314
#14 0x7f6d695fb018 in QWidget::hide() qwidget.cpp:8179
#15 0x7f6d6981a183 in QWidgetPrivate::handleClose(QWidgetPrivate::CloseMode) qwidget.cpp:8580
#16 0x7f6d699e6fc6 in QWidgetWindow::closeEvent(QCloseEvent*) qwidgetwindow.cpp:871
#17 0x7f6d52ef9f5d in QWindow::event(QEvent*) qwindow.cpp:2721
#18 0x7f6d69a575f8 in QWidgetWindow::event(QEvent*) qwidgetwindow.cpp:398
#19 0x7f6d690b2491 in QApplicationPrivate::notify_helper(QObject*, QEvent*) qapplication.cpp:3309
#20 0x7f6d69132a3a in QApplication::notify(QObject*, QEvent*) qapplication.cpp:3259
#21 0x7f6d40c1da6a in QCoreApplication::notifyInternal2(QObject*, QEvent*) qcoreapplication.cpp:1111
#22 0x7f6d40c205b3 in QCoreApplication::sendSpontaneousEvent(QObject*, QEvent*) qcoreapplication.cpp:1565
#23 0x7f6d5287415b in QGuiApplicationPrivate::processCloseEvent(QWindowSystemInterfacePrivate::CloseEvent*) qguiapplication.cpp:2911
#24 0x7f6d528b543f in QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) qguiapplication.cpp:2259
#25 0x7f6d52fb5b02 in QWindowSystemEventHandler::sendEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) qwindowsysteminterface.cpp:190
#26 0x7f6d52fb5b02 in bool QWindowSystemHelper<QWindowSystemInterface::SynchronousDelivery>::handleEvent<QWindowSystemInterfacePrivate::CloseEvent, QWindow*>(QWindow*) qwindowsysteminterface.cpp:102
#27 0x7f6d52fb5b02 in handleWindowSystemEvent<QWindowSystemInterfacePrivate::CloseEvent, QWindowSystemInterface::SynchronousDelivery, QWindow*> qwindowsysteminterface.cpp:138
#28 0x7f6d52fb5b02 in bool QWindowSystemInterface::handleCloseEvent<QWindowSystemInterface::SynchronousDelivery>(QWindow*) qwindowsysteminterface.cpp:351
#29 0x7f6d52cb6f1e in QPlatformWindow::close() qplatformwindow.cpp:348
#30 0x7f6d52e7e158 in QWindow::close() qwindow.cpp:2449
#31 0x7f6d6981b4d2 in QWidgetPrivate::close() qwidget.cpp:8632
#32 0x7f6d698205c6 in QWidget::~QWidget() qwidget.cpp:1508
#33 0x7f6d6b4f6bf0 in QDialogButtonBox::~QDialogButtonBox() qdialogbuttonbox.cpp:496
To fix, don't delay the Q_Q to until after the ignoreShowAndHide
check, since that woould be brittle. Instead, do as we for signal/slot
connections, which we disconnect explicitly in ~QDialogButtonBox(),
and delete the EventFilter explicitly there, too. This way, it's more
natural, and also prevents all those useless event filter invocations
from having to be processed later on.
Amends aff0915. The original code,
using QDialogButtonBox::eventFilter(), was not affected, since by the
time QDialogButtonBox was demoted to QWidget, QWidget::eventFilter(),
not QDialogButtonBox::eventFilter() would been invoked. Which just
goes to show that one needs to be very careful with delegating too
much responsibilites to the Private class, as it lives, fully derived,
until ~QWidget() executes.
Pick-to: 6.8 6.5
Change-Id: I04f36fd6d7d160932bfe1494fdff464786b85047
Reviewed-by: Axel Spoerl <axel.spoerl@qt.io>
(cherry picked from commit dceff0a)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
qtprojectorg
pushed a commit
that referenced
this pull request
Apr 12, 2025
…howAndHide()
The event filter was still active when the QDialogButtonBox in its
destruction process had already been demoted to QWidget. The
ignoreShowAndHide guard came too late, because by the time we check
it, in Private::handleButtonShowAndHide(), we had already cast q_ptr
to QDialogButtonBox.
Says UBSan:
qdialogbuttonbox_p.h:26:5: runtime error: downcast of address 0x7fffefab47e0 which does not point to an object of type 'QDialogButtonBox'
0x7fffefab47e0: note: object is of type 'QWidget'
00 00 00 00 28 c1 5b 6e 6d 7f 00 00 80 22 10 00 90 61 00 00 d8 c2 5b 6e 6d 7f 00 00 00 00 00 00
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'QWidget'
#0 0x7f6d6b51141d in QDialogButtonBoxPrivate::q_func() qdialogbuttonbox_p.h:26
#1 0x7f6d6b51141d in QDialogButtonBoxPrivate::handleButtonShowAndHide(QAbstractButton*, QEvent*) qdialogbuttonbox.cpp:913
#2 0x7f6d6b51436c in eventFilter qdialogbuttonbox.cpp:127
#3 0x7f6d40c1a8f1 in QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) qcoreapplication.cpp:1248
#4 0x7f6d690b23d5 in QApplicationPrivate::notify_helper(QObject*, QEvent*) qapplication.cpp:3303
#5 0x7f6d69132a3a in QApplication::notify(QObject*, QEvent*) qapplication.cpp:3259
#6 0x7f6d40c1da6a in QCoreApplication::notifyInternal2(QObject*, QEvent*) qcoreapplication.cpp:1111
#7 0x7f6d40c20473 in QCoreApplication::sendEvent(QObject*, QEvent*) qcoreapplication.cpp:1551
#8 0x7f6d690fe76c in QApplicationPrivate::setActiveWindow(QWidget*) qapplication.cpp:1857
#9 0x7f6d695ac796 in QWidgetPrivate::deactivateWidgetCleanup() qwidget.cpp:2326
#10 0x7f6d6976f8ce in QWidgetPrivate::hide_sys() qwidget.cpp:8256
#11 0x7f6d69814579 in QWidgetPrivate::hide_helper() qwidget.cpp:8199
#12 0x7f6d69887c1f in QWidgetPrivate::setVisible(bool) qwidget.cpp:8406
#13 0x7f6d69775d23 in QWidget::setVisible(bool) qwidget.cpp:8314
#14 0x7f6d695fb018 in QWidget::hide() qwidget.cpp:8179
#15 0x7f6d6981a183 in QWidgetPrivate::handleClose(QWidgetPrivate::CloseMode) qwidget.cpp:8580
#16 0x7f6d699e6fc6 in QWidgetWindow::closeEvent(QCloseEvent*) qwidgetwindow.cpp:871
#17 0x7f6d52ef9f5d in QWindow::event(QEvent*) qwindow.cpp:2721
#18 0x7f6d69a575f8 in QWidgetWindow::event(QEvent*) qwidgetwindow.cpp:398
#19 0x7f6d690b2491 in QApplicationPrivate::notify_helper(QObject*, QEvent*) qapplication.cpp:3309
#20 0x7f6d69132a3a in QApplication::notify(QObject*, QEvent*) qapplication.cpp:3259
#21 0x7f6d40c1da6a in QCoreApplication::notifyInternal2(QObject*, QEvent*) qcoreapplication.cpp:1111
#22 0x7f6d40c205b3 in QCoreApplication::sendSpontaneousEvent(QObject*, QEvent*) qcoreapplication.cpp:1565
#23 0x7f6d5287415b in QGuiApplicationPrivate::processCloseEvent(QWindowSystemInterfacePrivate::CloseEvent*) qguiapplication.cpp:2911
#24 0x7f6d528b543f in QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) qguiapplication.cpp:2259
#25 0x7f6d52fb5b02 in QWindowSystemEventHandler::sendEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) qwindowsysteminterface.cpp:190
#26 0x7f6d52fb5b02 in bool QWindowSystemHelper<QWindowSystemInterface::SynchronousDelivery>::handleEvent<QWindowSystemInterfacePrivate::CloseEvent, QWindow*>(QWindow*) qwindowsysteminterface.cpp:102
#27 0x7f6d52fb5b02 in handleWindowSystemEvent<QWindowSystemInterfacePrivate::CloseEvent, QWindowSystemInterface::SynchronousDelivery, QWindow*> qwindowsysteminterface.cpp:138
#28 0x7f6d52fb5b02 in bool QWindowSystemInterface::handleCloseEvent<QWindowSystemInterface::SynchronousDelivery>(QWindow*) qwindowsysteminterface.cpp:351
#29 0x7f6d52cb6f1e in QPlatformWindow::close() qplatformwindow.cpp:348
#30 0x7f6d52e7e158 in QWindow::close() qwindow.cpp:2449
#31 0x7f6d6981b4d2 in QWidgetPrivate::close() qwidget.cpp:8632
#32 0x7f6d698205c6 in QWidget::~QWidget() qwidget.cpp:1508
#33 0x7f6d6b4f6bf0 in QDialogButtonBox::~QDialogButtonBox() qdialogbuttonbox.cpp:496
To fix, don't delay the Q_Q to until after the ignoreShowAndHide
check, since that woould be brittle. Instead, do as we for signal/slot
connections, which we disconnect explicitly in ~QDialogButtonBox(),
and delete the EventFilter explicitly there, too. This way, it's more
natural, and also prevents all those useless event filter invocations
from having to be processed later on.
Amends aff0915. The original code,
using QDialogButtonBox::eventFilter(), was not affected, since by the
time QDialogButtonBox was demoted to QWidget, QWidget::eventFilter(),
not QDialogButtonBox::eventFilter() would been invoked. Which just
goes to show that one needs to be very careful with delegating too
much responsibilites to the Private class, as it lives, fully derived,
until ~QWidget() executes.
Pick-to: 6.5
Change-Id: I04f36fd6d7d160932bfe1494fdff464786b85047
Reviewed-by: Axel Spoerl <axel.spoerl@qt.io>
(cherry picked from commit dceff0a)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 6753ab4)
qtprojectorg
pushed a commit
that referenced
this pull request
Apr 13, 2025
…veButtonsFromMenuBar()
The function can be called from ~QMdiSubwindow(), and we checked for
QWidgetPrivate::data.in_destructor before proceeding with the removal
of buttons from the menubar, but we called
QPointer<QMdiSubwindow>::data()->window(), which, at this point in
time, had already been demoted to a QWidget:
Says UBSan:
qpointer.h:75:14: runtime error: downcast of address 0x6040000aca10 which does not point to an object of type 'QMdiSubWindow'
0x6040000aca10: note: object is of type 'QWidget'
00 00 00 00 28 01 99 bc ff 7e 00 00 80 dc 0f 00 90 61 00 00 d8 02 99 bc ff 7e 00 00 00 00 be be
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'QWidget'
#0 0x7effb955f95a in QPointer<QMdiSubWindow>::data() const qpointer.h:75
#1 0x7effb955f95a in QPointer<QMdiSubWindow>::operator->() const qpointer.h:79
#2 0x7effb955f95a in QMdi::ControlContainer::removeButtonsFromMenuBar(QMenuBar*) qmdisubwindow.cpp:795
#3 0x7effb9563031 in QMdi::ControlContainer::~ControlContainer() qmdisubwindow.cpp:717
#4 0x7effb9566595 in QMdi::ControlContainer::~ControlContainer() qmdisubwindow.cpp:723
#5 0x7eff8f4f2b7a in QObjectPrivate::deleteChildren() qobject.cpp:2226
#6 0x7effb7bf732d in QWidget::~QWidget() qwidget.cpp:1557
#7 0x7effb95cc02c in QMdiSubWindow::~QMdiSubWindow() qmdisubwindow.cpp:2254
#8 0x7effb95cc1d5 in QMdiSubWindow::~QMdiSubWindow() qmdisubwindow.cpp:2254
#9 0x7eff8f4f2b7a in QObjectPrivate::deleteChildren() qobject.cpp:2226
#10 0x7effb7bf732d in QWidget::~QWidget() qwidget.cpp:1557
#11 0x7effb7bffba5 in QWidget::~QWidget() qwidget.cpp:1584
#12 0x7eff8f4f2b7a in QObjectPrivate::deleteChildren() qobject.cpp:2226
#13 0x7effb7bf732d in QWidget::~QWidget() qwidget.cpp:1557
#14 0x7effb85f0dc5 in QFrame::~QFrame() qframe.cpp:235
#15 0x7effb859c747 in QAbstractScrollArea::~QAbstractScrollArea() qabstractscrollarea.cpp:478
#16 0x7effb93c08a6 in QMdiArea::~QMdiArea() qmdiarea.cpp:1703
#17 0x7effb93c0e55 in QMdiArea::~QMdiArea() qmdiarea.cpp:1703
#18 0x7eff8f4f2b7a in QObjectPrivate::deleteChildren() qobject.cpp:2226
#19 0x7effb7bf732d in QWidget::~QWidget() qwidget.cpp:1557
#20 0x7effb920a425 in QMainWindow::~QMainWindow() qmainwindow.cpp:338
Fix by deleting the ControlContainer already from ~QMdiSubwindow(),
ie. when we have not yet been demoted to QWidget.
Amends the start of the public history.
Pick-to: 6.8 6.5 5.15
Change-Id: Ia43c857bc1842b2b4957cc79e00f790b045d8f94
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io>
(cherry picked from commit 2e3d391)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
qtprojectorg
pushed a commit
that referenced
this pull request
Apr 13, 2025
The process by which the QDockAreaLayout changes a QDockAreaLayoutInfo
from representing a QWidget that's being deleted to representing a
QPlaceholderItem involves the construction of the latter from the
former. If a QDockWidget is being deleted, however, at the time the
QDockAreaLayout notices, the ex-QDockWidget has been demoted to a
QObject, causing the calls to QWidget member functions to be UB:
Says UBSan:
qdockarealayout.cpp:46:25: runtime error: member call on address 0x7ffe74a429d0 which does not point to an object of type 'QWidget'
0x7ffe74a429d0: note: object is of type 'QObject'
33 7f 00 00 c0 ea 73 6e 33 7f 00 00 00 12 00 00 70 61 00 00 40 cd 41 83 33 7f 00 00 00 00 00 00
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'QObject'
#0 0x7f339546e251 in QPlaceHolderItem::QPlaceHolderItem(QWidget*) qdockarealayout.cpp:46
#1 0x7f33955169a8 in QDockAreaLayoutInfo::takeAt(int*, int) qdockarealayout.cpp:1780
#2 0x7f3395517175 in QDockAreaLayout::takeAt(int*, int) qdockarealayout.cpp:3432
#3 0x7f33959e38a8 in QMainWindowLayoutState::takeAt(int, int*) qmainwindowlayout.cpp:927
#4 0x7f33959e38a8 in QMainWindowLayoutState::takeAt(int, int*) qmainwindowlayout.cpp:919
#5 0x7f3395a42cdd in QMainWindowLayout::takeAt(int) qmainwindowlayout.cpp:2238
#6 0x7f3393fae246 in removeWidgetRecursively qlayout.cpp:485
#7 0x7f3393fb8300 in QLayout::widgetEvent(QEvent*) qlayout.cpp:544
#8 0x7f3393bde28a in QApplicationPrivate::notify_helper(QObject*, QEvent*) qapplication.cpp:3298
#9 0x7f3393c5f74a in QApplication::notify(QObject*, QEvent*) qapplication.cpp:3259
#10 0x7f336b784ada in QCoreApplication::notifyInternal2(QObject*, QEvent*) qcoreapplication.cpp:1111
#11 0x7f336b7874e3 in QCoreApplication::sendEvent(QObject*, QEvent*) qcoreapplication.cpp:1551
#12 0x7f336bcc624a in QObjectPrivate::setParent_helper(QObject*) qobject.cpp:2271
#13 0x7f336bccd76c in QObject::~QObject() qobject.cpp:1146
#14 0x7f339434e126 in QWidget::~QWidget() qwidget.cpp:1584
#15 0x7f33955b5815 in QDockWidget::~QDockWidget() qdockwidget.cpp:1362
[...]
qwidget.h:816:25: runtime error: member call on address 0x7ffe74a429d0 which does not point to an object of type 'QWidget'
0x7ffe74a429d0: note: object is of type 'QObject'
33 7f 00 00 c0 ea 73 6e 33 7f 00 00 00 12 00 00 70 61 00 00 40 cd 41 83 33 7f 00 00 00 00 00 00
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'QObject'
#0 0x7f339546e0bb in QWidget::isWindow() const qwidget.h:816
#1 0x7f339546e0bb in QPlaceHolderItem::QPlaceHolderItem(QWidget*) qdockarealayout.cpp:47
[... rest as above...]
Fix by dragging the setParent(nullptr) up into ~QDockWidget().
Ordinarily, that call happens only in ~QObject(). But that's what
caused the layout to react to the ChildRemoved element too late. When
doing it here, the dock widget is still itself, and all the
QDockAreaLayout machinery can still access its QWidget-ness.
Amends the start of the public history.
After consulting with QtWidgets maintainer, not picking to 5.15,
since, even though slim, there's a non-zero chance this might break
something, somewhere.
Pick-to: 6.8 6.5
Change-Id: I5472bbb0fcab9fb74272a1da6c2a2896226e12bb
Reviewed-by: Richard Moe Gustavsen <richard.gustavsen@qt.io>
(cherry picked from commit 2c67d47)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
qtprojectorg
pushed a commit
that referenced
this pull request
Apr 14, 2025
The process by which the QDockAreaLayout changes a QDockAreaLayoutInfo
from representing a QWidget that's being deleted to representing a
QPlaceholderItem involves the construction of the latter from the
former. If a QDockWidget is being deleted, however, at the time the
QDockAreaLayout notices, the ex-QDockWidget has been demoted to a
QObject, causing the calls to QWidget member functions to be UB:
Says UBSan:
qdockarealayout.cpp:46:25: runtime error: member call on address 0x7ffe74a429d0 which does not point to an object of type 'QWidget'
0x7ffe74a429d0: note: object is of type 'QObject'
33 7f 00 00 c0 ea 73 6e 33 7f 00 00 00 12 00 00 70 61 00 00 40 cd 41 83 33 7f 00 00 00 00 00 00
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'QObject'
#0 0x7f339546e251 in QPlaceHolderItem::QPlaceHolderItem(QWidget*) qdockarealayout.cpp:46
#1 0x7f33955169a8 in QDockAreaLayoutInfo::takeAt(int*, int) qdockarealayout.cpp:1780
#2 0x7f3395517175 in QDockAreaLayout::takeAt(int*, int) qdockarealayout.cpp:3432
#3 0x7f33959e38a8 in QMainWindowLayoutState::takeAt(int, int*) qmainwindowlayout.cpp:927
#4 0x7f33959e38a8 in QMainWindowLayoutState::takeAt(int, int*) qmainwindowlayout.cpp:919
#5 0x7f3395a42cdd in QMainWindowLayout::takeAt(int) qmainwindowlayout.cpp:2238
#6 0x7f3393fae246 in removeWidgetRecursively qlayout.cpp:485
#7 0x7f3393fb8300 in QLayout::widgetEvent(QEvent*) qlayout.cpp:544
#8 0x7f3393bde28a in QApplicationPrivate::notify_helper(QObject*, QEvent*) qapplication.cpp:3298
#9 0x7f3393c5f74a in QApplication::notify(QObject*, QEvent*) qapplication.cpp:3259
#10 0x7f336b784ada in QCoreApplication::notifyInternal2(QObject*, QEvent*) qcoreapplication.cpp:1111
#11 0x7f336b7874e3 in QCoreApplication::sendEvent(QObject*, QEvent*) qcoreapplication.cpp:1551
#12 0x7f336bcc624a in QObjectPrivate::setParent_helper(QObject*) qobject.cpp:2271
#13 0x7f336bccd76c in QObject::~QObject() qobject.cpp:1146
#14 0x7f339434e126 in QWidget::~QWidget() qwidget.cpp:1584
#15 0x7f33955b5815 in QDockWidget::~QDockWidget() qdockwidget.cpp:1362
[...]
qwidget.h:816:25: runtime error: member call on address 0x7ffe74a429d0 which does not point to an object of type 'QWidget'
0x7ffe74a429d0: note: object is of type 'QObject'
33 7f 00 00 c0 ea 73 6e 33 7f 00 00 00 12 00 00 70 61 00 00 40 cd 41 83 33 7f 00 00 00 00 00 00
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'QObject'
#0 0x7f339546e0bb in QWidget::isWindow() const qwidget.h:816
#1 0x7f339546e0bb in QPlaceHolderItem::QPlaceHolderItem(QWidget*) qdockarealayout.cpp:47
[... rest as above...]
Fix by dragging the setParent(nullptr) up into ~QDockWidget().
Ordinarily, that call happens only in ~QObject(). But that's what
caused the layout to react to the ChildRemoved element too late. When
doing it here, the dock widget is still itself, and all the
QDockAreaLayout machinery can still access its QWidget-ness.
Amends the start of the public history.
After consulting with QtWidgets maintainer, not picking to 5.15,
since, even though slim, there's a non-zero chance this might break
something, somewhere.
Pick-to: 6.5
Change-Id: I5472bbb0fcab9fb74272a1da6c2a2896226e12bb
Reviewed-by: Richard Moe Gustavsen <richard.gustavsen@qt.io>
(cherry picked from commit 2c67d47)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 72dfe79)
qtprojectorg
pushed a commit
that referenced
this pull request
Apr 14, 2025
…veButtonsFromMenuBar()
The function can be called from ~QMdiSubwindow(), and we checked for
QWidgetPrivate::data.in_destructor before proceeding with the removal
of buttons from the menubar, but we called
QPointer<QMdiSubwindow>::data()->window(), which, at this point in
time, had already been demoted to a QWidget:
Says UBSan:
qpointer.h:75:14: runtime error: downcast of address 0x6040000aca10 which does not point to an object of type 'QMdiSubWindow'
0x6040000aca10: note: object is of type 'QWidget'
00 00 00 00 28 01 99 bc ff 7e 00 00 80 dc 0f 00 90 61 00 00 d8 02 99 bc ff 7e 00 00 00 00 be be
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'QWidget'
#0 0x7effb955f95a in QPointer<QMdiSubWindow>::data() const qpointer.h:75
#1 0x7effb955f95a in QPointer<QMdiSubWindow>::operator->() const qpointer.h:79
#2 0x7effb955f95a in QMdi::ControlContainer::removeButtonsFromMenuBar(QMenuBar*) qmdisubwindow.cpp:795
#3 0x7effb9563031 in QMdi::ControlContainer::~ControlContainer() qmdisubwindow.cpp:717
#4 0x7effb9566595 in QMdi::ControlContainer::~ControlContainer() qmdisubwindow.cpp:723
#5 0x7eff8f4f2b7a in QObjectPrivate::deleteChildren() qobject.cpp:2226
#6 0x7effb7bf732d in QWidget::~QWidget() qwidget.cpp:1557
#7 0x7effb95cc02c in QMdiSubWindow::~QMdiSubWindow() qmdisubwindow.cpp:2254
#8 0x7effb95cc1d5 in QMdiSubWindow::~QMdiSubWindow() qmdisubwindow.cpp:2254
#9 0x7eff8f4f2b7a in QObjectPrivate::deleteChildren() qobject.cpp:2226
#10 0x7effb7bf732d in QWidget::~QWidget() qwidget.cpp:1557
#11 0x7effb7bffba5 in QWidget::~QWidget() qwidget.cpp:1584
#12 0x7eff8f4f2b7a in QObjectPrivate::deleteChildren() qobject.cpp:2226
#13 0x7effb7bf732d in QWidget::~QWidget() qwidget.cpp:1557
#14 0x7effb85f0dc5 in QFrame::~QFrame() qframe.cpp:235
#15 0x7effb859c747 in QAbstractScrollArea::~QAbstractScrollArea() qabstractscrollarea.cpp:478
#16 0x7effb93c08a6 in QMdiArea::~QMdiArea() qmdiarea.cpp:1703
#17 0x7effb93c0e55 in QMdiArea::~QMdiArea() qmdiarea.cpp:1703
#18 0x7eff8f4f2b7a in QObjectPrivate::deleteChildren() qobject.cpp:2226
#19 0x7effb7bf732d in QWidget::~QWidget() qwidget.cpp:1557
#20 0x7effb920a425 in QMainWindow::~QMainWindow() qmainwindow.cpp:338
Fix by deleting the ControlContainer already from ~QMdiSubwindow(),
ie. when we have not yet been demoted to QWidget.
Amends the start of the public history.
Pick-to: 6.5 5.15
Change-Id: Ia43c857bc1842b2b4957cc79e00f790b045d8f94
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io>
(cherry picked from commit 2e3d391)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 0859415)
qtprojectorg
pushed a commit
that referenced
this pull request
Dec 16, 2025
During application shutdown our global static list of loggers may
be torn down, and then some other part of Qt issues logging during
its own destruction.
For example, QThreadStorage will emit:
QThreadStorage: entry 1 destroyed before end of thread 0x106432bd0
which would crash:
frame #7: 0x000000010a8d97a8 QtCore`qt_assert_x(where="Type *QGlobalStatic<QtGlobalStatic::Holder<QTest::(anonymous namespace)::Q_QGS_loggers>>::operator->() [Holder = QtGlobalStatic::Holder<QTest::(anonymous namespace)::Q_QGS_loggers>]", what="The global static was used after being destroyed", file="/Users/torarne/dev/qt/qtbase/src/corelib/global/qglobalstatic.h", line=88) at qassert.cpp:126:14
frame #8: 0x0000000101016e5c QtTest`QGlobalStatic<QtGlobalStatic::Holder<QTest::(anonymous namespace)::Q_QGS_loggers>>::operator->(this=0x00000001010808c8) at qglobalstatic.h:87:9
frame #9: 0x0000000101018f78 QtTest`QTest::messageHandler(type=QtWarningMsg, context=0x000000016fdfb848, message=0x000000016fdfb790) at qtestlog.cpp:308:30
frame #10: 0x000000010a131018 QtCore`qt_message_print(msgType=QtWarningMsg, context=0x000000016fdfb848, message=0x000000016fdfb790) at qlogging.cpp:2133:9
frame #11: 0x000000010a12bc50 QtCore`qt_message(msgType=QtWarningMsg, context=0x000000016fdfb848, msg="QThreadStorage: entry %d destroyed before end of thread %p", ap="\U00000001") at qlogging.cpp:411:5
frame #12: 0x000000010a8d9904 QtCore`QMessageLogger::warning(this=0x000000016fdfba30, msg="QThreadStorage: entry %d destroyed before end of thread %p") const at qlogging.cpp:651:5
frame #13: 0x000000010a62b8b8 QtCore`QThreadStoragePrivate::finish(tls=0x00000008c6c102e8) at qthreadstorage.cpp:169:17
frame #14: 0x000000010a617aec QtCore`QThreadPrivate::finish()::$_0::operator()(this=0x000000016fdfbb20) const at qthread_unix.cpp:468:9
frame #15: 0x000000010a6159a4 QtCore`void (anonymous namespace)::terminate_on_exception<QThreadPrivate::finish()::$_0>(t=0x000000016fdfbb20) at qthread_unix.cpp:380:5
frame #16: 0x000000010a615960 QtCore`QThreadPrivate::finish(this=0x00000008c707c000) at qthread_unix.cpp:450:5
frame #17: 0x000000010a617190 QtCore`destroy_current_thread_data(data=0x00000008c6c10280) at qthread_unix.cpp:172:19
frame #18: 0x000000010a617330 QtCore`(anonymous namespace)::QThreadDataDestroyer::EarlyMainThread::~EarlyMainThread(this=0x000000010aa9e640) at qthread_unix.cpp:232:17
frame #19: 0x000000010a6172b4 QtCore`(anonymous namespace)::QThreadDataDestroyer::EarlyMainThread::~EarlyMainThread(this=0x000000010aa9e640) at qthread_unix.cpp:229:9
frame #20: 0x0000000181ac542c libsystem_c.dylib`__cxa_finalize_ranges + 480
frame #21: 0x0000000181ac51ec libsystem_c.dylib`exit + 44
Pick-to: 6.11 6.10 6.8
Change-Id: Ie85788e49a34aa75fe44b52fb488bd0e763b78f9
Reviewed-by: Tim Blechmann <tim.blechmann@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Dec 16, 2025
During application shutdown our global static list of loggers may
be torn down, and then some other part of Qt issues logging during
its own destruction.
For example, QThreadStorage will emit:
QThreadStorage: entry 1 destroyed before end of thread 0x106432bd0
which would crash:
frame #7: 0x000000010a8d97a8 QtCore`qt_assert_x(where="Type *QGlobalStatic<QtGlobalStatic::Holder<QTest::(anonymous namespace)::Q_QGS_loggers>>::operator->() [Holder = QtGlobalStatic::Holder<QTest::(anonymous namespace)::Q_QGS_loggers>]", what="The global static was used after being destroyed", file="/Users/torarne/dev/qt/qtbase/src/corelib/global/qglobalstatic.h", line=88) at qassert.cpp:126:14
frame #8: 0x0000000101016e5c QtTest`QGlobalStatic<QtGlobalStatic::Holder<QTest::(anonymous namespace)::Q_QGS_loggers>>::operator->(this=0x00000001010808c8) at qglobalstatic.h:87:9
frame #9: 0x0000000101018f78 QtTest`QTest::messageHandler(type=QtWarningMsg, context=0x000000016fdfb848, message=0x000000016fdfb790) at qtestlog.cpp:308:30
frame #10: 0x000000010a131018 QtCore`qt_message_print(msgType=QtWarningMsg, context=0x000000016fdfb848, message=0x000000016fdfb790) at qlogging.cpp:2133:9
frame #11: 0x000000010a12bc50 QtCore`qt_message(msgType=QtWarningMsg, context=0x000000016fdfb848, msg="QThreadStorage: entry %d destroyed before end of thread %p", ap="\U00000001") at qlogging.cpp:411:5
frame #12: 0x000000010a8d9904 QtCore`QMessageLogger::warning(this=0x000000016fdfba30, msg="QThreadStorage: entry %d destroyed before end of thread %p") const at qlogging.cpp:651:5
frame #13: 0x000000010a62b8b8 QtCore`QThreadStoragePrivate::finish(tls=0x00000008c6c102e8) at qthreadstorage.cpp:169:17
frame #14: 0x000000010a617aec QtCore`QThreadPrivate::finish()::$_0::operator()(this=0x000000016fdfbb20) const at qthread_unix.cpp:468:9
frame #15: 0x000000010a6159a4 QtCore`void (anonymous namespace)::terminate_on_exception<QThreadPrivate::finish()::$_0>(t=0x000000016fdfbb20) at qthread_unix.cpp:380:5
frame #16: 0x000000010a615960 QtCore`QThreadPrivate::finish(this=0x00000008c707c000) at qthread_unix.cpp:450:5
frame #17: 0x000000010a617190 QtCore`destroy_current_thread_data(data=0x00000008c6c10280) at qthread_unix.cpp:172:19
frame #18: 0x000000010a617330 QtCore`(anonymous namespace)::QThreadDataDestroyer::EarlyMainThread::~EarlyMainThread(this=0x000000010aa9e640) at qthread_unix.cpp:232:17
frame #19: 0x000000010a6172b4 QtCore`(anonymous namespace)::QThreadDataDestroyer::EarlyMainThread::~EarlyMainThread(this=0x000000010aa9e640) at qthread_unix.cpp:229:9
frame #20: 0x0000000181ac542c libsystem_c.dylib`__cxa_finalize_ranges + 480
frame #21: 0x0000000181ac51ec libsystem_c.dylib`exit + 44
Pick-to: 6.10 6.8
Change-Id: Ie85788e49a34aa75fe44b52fb488bd0e763b78f9
Reviewed-by: Tim Blechmann <tim.blechmann@qt.io>
(cherry picked from commit 5c8cd2a)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
qtprojectorg
pushed a commit
that referenced
this pull request
Dec 17, 2025
During application shutdown our global static list of loggers may
be torn down, and then some other part of Qt issues logging during
its own destruction.
For example, QThreadStorage will emit:
QThreadStorage: entry 1 destroyed before end of thread 0x106432bd0
which would crash:
frame #7: 0x000000010a8d97a8 QtCore`qt_assert_x(where="Type *QGlobalStatic<QtGlobalStatic::Holder<QTest::(anonymous namespace)::Q_QGS_loggers>>::operator->() [Holder = QtGlobalStatic::Holder<QTest::(anonymous namespace)::Q_QGS_loggers>]", what="The global static was used after being destroyed", file="/Users/torarne/dev/qt/qtbase/src/corelib/global/qglobalstatic.h", line=88) at qassert.cpp:126:14
frame #8: 0x0000000101016e5c QtTest`QGlobalStatic<QtGlobalStatic::Holder<QTest::(anonymous namespace)::Q_QGS_loggers>>::operator->(this=0x00000001010808c8) at qglobalstatic.h:87:9
frame #9: 0x0000000101018f78 QtTest`QTest::messageHandler(type=QtWarningMsg, context=0x000000016fdfb848, message=0x000000016fdfb790) at qtestlog.cpp:308:30
frame #10: 0x000000010a131018 QtCore`qt_message_print(msgType=QtWarningMsg, context=0x000000016fdfb848, message=0x000000016fdfb790) at qlogging.cpp:2133:9
frame #11: 0x000000010a12bc50 QtCore`qt_message(msgType=QtWarningMsg, context=0x000000016fdfb848, msg="QThreadStorage: entry %d destroyed before end of thread %p", ap="\U00000001") at qlogging.cpp:411:5
frame #12: 0x000000010a8d9904 QtCore`QMessageLogger::warning(this=0x000000016fdfba30, msg="QThreadStorage: entry %d destroyed before end of thread %p") const at qlogging.cpp:651:5
frame #13: 0x000000010a62b8b8 QtCore`QThreadStoragePrivate::finish(tls=0x00000008c6c102e8) at qthreadstorage.cpp:169:17
frame #14: 0x000000010a617aec QtCore`QThreadPrivate::finish()::$_0::operator()(this=0x000000016fdfbb20) const at qthread_unix.cpp:468:9
frame #15: 0x000000010a6159a4 QtCore`void (anonymous namespace)::terminate_on_exception<QThreadPrivate::finish()::$_0>(t=0x000000016fdfbb20) at qthread_unix.cpp:380:5
frame #16: 0x000000010a615960 QtCore`QThreadPrivate::finish(this=0x00000008c707c000) at qthread_unix.cpp:450:5
frame #17: 0x000000010a617190 QtCore`destroy_current_thread_data(data=0x00000008c6c10280) at qthread_unix.cpp:172:19
frame #18: 0x000000010a617330 QtCore`(anonymous namespace)::QThreadDataDestroyer::EarlyMainThread::~EarlyMainThread(this=0x000000010aa9e640) at qthread_unix.cpp:232:17
frame #19: 0x000000010a6172b4 QtCore`(anonymous namespace)::QThreadDataDestroyer::EarlyMainThread::~EarlyMainThread(this=0x000000010aa9e640) at qthread_unix.cpp:229:9
frame #20: 0x0000000181ac542c libsystem_c.dylib`__cxa_finalize_ranges + 480
frame #21: 0x0000000181ac51ec libsystem_c.dylib`exit + 44
Pick-to: 6.8
Change-Id: Ie85788e49a34aa75fe44b52fb488bd0e763b78f9
Reviewed-by: Tim Blechmann <tim.blechmann@qt.io>
(cherry picked from commit 5c8cd2a)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit b33274a)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR fixes a typo in the documentation.
QVariant::QStringdoes not exist, it should beQVariant:String.