Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-47737

Crash in QWindowsWindow::setDropSiteEnabled

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P2: Important
    • 5.5.1
    • 5.4.1, 5.5.0
    • QPA: Windows
    • None
    • Windows 7 64-bit
    • 4c3fa449acfc7ec43f3b2c53318c2838ceba5a86 (qtbase/5.5, 26.8.2015, 5.5.1)

    Description

      A crash occurs in QWindowsWindow::setDropSiteEnabled when the window is destroyed. CoLockObjectExternal is referencing m_dropTarget after its refcount has already been dropped to zero and the object has been released. The crash message is an unhandled exception in ole32.dll, access violation reading location 0xFFFFFFFFFFFFFFFF.

      I have confirmed that the crash is resolved by first unlocking the object and then releasing it, and I have attached the appropriate patch.

      I have not attempted to find the minimal application code required to reproduce the issue, but in our application it occurs when clicking the close button on the window. I discovered the issue using Qt 5.4.1, however from inspecting the code in 5.5.0, I see the same problem is present.

      Interestingly, the very same problem of calling CoLockObjectExternal in the wrong order was discovered and fixed several years ago in a similar bit of code, see QTBUG-13237.

      Attachments

        Issue Links

          Activity

            People

              kleint Friedemann Kleint
              mmclin Matt McLin
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: