Details
-
Bug
-
Resolution: Unresolved
-
Not Evaluated
-
None
-
No Version
-
None
-
Operating System: Gentoo Liux
Portage 2.1.8.3 (default/linux/x86/10.0/developer, gcc-4.3.4, glibc-2.10.1-r1, 2.6.33-gentoo i686)
=================================================================
System uname: Linux-2.6.33-gentoo-i686-Genuine_Intel-R-_CPU_T2400_@_1.83GHz-with-gentoo-2.0.1
Timestamp of tree: Fri, 07 May 2010 13:30:01 +0000
ccache version 2.4 [enabled]
app-shells/bash: 4.0_p37
dev-java/java-config: 2.1.10
dev-lang/python: 2.6.4-r1
dev-util/ccache: 2.4-r7
dev-util/cmake: 2.6.4-r3
sys-apps/baselayout: 2.0.1
sys-apps/openrc: 0.6.1-r1
sys-apps/sandbox: 1.6-r2
sys-devel/autoconf: 2.13, 2.65
sys-devel/automake: 1.6.3-r1, 1.8.5-r4, 1.9.6-r3, 1.10.3, 1.11.1
sys-devel/binutils: 2.18-r3
sys-devel/gcc: 4.3.4
sys-devel/gcc-config: 1.4.1
sys-devel/libtool: 2.2.6b
virtual/os-headers: 2.6.30-r1
ACCEPT_KEYWORDS="x86"
ACCEPT_LICENSE="* -@EULA"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=native -O2 -pipe -fomit-frame-pointer -mmmx -msse -msse2"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/X11/xkb /usr/share/config /var/lib/hsqldb"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/splash /etc/terminfo"
CXXFLAGS="-march=native -O2 -pipe -fomit-frame-pointer -mmmx -msse -msse2"
DISTDIR="/usr/portage/distfiles"
FEATURES="assume-digests candy ccache cvs distlocks fixpackages multilib-strict news parallel-fetch protect-owned sandbox sfperms sign splitdebug strict unmerge-logs unmerge-orphans userfetch userpriv usersandbox"
GENTOO_MIRRORS="http://distfiles.gentoo.org"
LANG="de_DE@euro"
LC_ALL="de_DE@euro"
LDFLAGS="-Wl,-O1"
LINGUAS="de fa fr"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_COMPRESS="bzip2"
PORTAGE_COMPRESS_FLAGS="-9"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage/standard"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X a52 aac aalib acl acpi aim alsa apache2 apm audiofile berkdb bidi bluetooth bzip2 cairo cdparanoia cdr cli consolekit cracklib crypt cups cxx dbus dga dio directfb dri dts dv dvb dvd dvdr dvdread emboss encode exif fam fbcon fbcondecor ffmpeg firefox flac fortran ftp gdbm gif gpm gtk gtk2 hal iconv icq ieee1394 imagemagick ipv6 jabber java javascript jpeg jpeg2k kdexdeltas lcms ldap libnotify lm_sensors mad mikmod mmx mng modules mozilla mp3 mp4 mpeg msn mudflap mysql ncurses nls nptl nptlonly nsplugin ogg oggvorbis openal opengl openmp pam pango pcre pdf perl php png ppds pppd python qt3support qt4 readline reflection scanner sdl semantic-desktop session snmp speex spell spl sse sse2 ssl startup-notification svg svga sysfs tcpd theora threads tidy tiff truetype unicode usb v4l v4l2 vcd vhosts vorbis wifi x264 x86 xcb xcomposite xine xinerama xml xorg xpm xsl xulrunner xv xvid yahoo zlib" ALSA_CARDS="hda-intel intel8x0m" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="evdev keyboard mouse synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="de fa fr" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="fbdev vesa vga i810 intel" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, PORTAGE_RSYNC_EXTRA_OPTS
Operating System: Gentoo Liux Portage 2.1.8.3 (default/linux/x86/10.0/developer, gcc-4.3.4, glibc-2.10.1-r1, 2.6.33-gentoo i686) ================================================================= System uname: Linux-2.6.33-gentoo-i686-Genuine_Intel-R-_CPU_T2400_@_1.83GHz-with-gentoo-2.0.1 Timestamp of tree: Fri, 07 May 2010 13:30:01 +0000 ccache version 2.4 [enabled] app-shells/bash: 4.0_p37 dev-java/java-config: 2.1.10 dev-lang/python: 2.6.4-r1 dev-util/ccache: 2.4-r7 dev-util/cmake: 2.6.4-r3 sys-apps/baselayout: 2.0.1 sys-apps/openrc: 0.6.1-r1 sys-apps/sandbox: 1.6-r2 sys-devel/autoconf: 2.13, 2.65 sys-devel/automake: 1.6.3-r1, 1.8.5-r4, 1.9.6-r3, 1.10.3, 1.11.1 sys-devel/binutils: 2.18-r3 sys-devel/gcc: 4.3.4 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6b virtual/os-headers: 2.6.30-r1 ACCEPT_KEYWORDS="x86" ACCEPT_LICENSE="* -@EULA " CBUILD="i686-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe -fomit-frame-pointer -mmmx -msse -msse2" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/X11/xkb /usr/share/config /var/lib/hsqldb" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/splash /etc/terminfo" CXXFLAGS="-march=native -O2 -pipe -fomit-frame-pointer -mmmx -msse -msse2" DISTDIR="/usr/portage/distfiles" FEATURES="assume-digests candy ccache cvs distlocks fixpackages multilib-strict news parallel-fetch protect-owned sandbox sfperms sign splitdebug strict unmerge-logs unmerge-orphans userfetch userpriv usersandbox" GENTOO_MIRRORS=" http://distfiles.gentoo.org " LANG=" de_DE@euro " LC_ALL=" de_DE@euro " LDFLAGS="-Wl,-O1" LINGUAS="de fa fr" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_COMPRESS="bzip2" PORTAGE_COMPRESS_FLAGS="-9" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage/standard" SYNC=" rsync://rsync.gentoo.org/gentoo-portage " USE="X a52 aac aalib acl acpi aim alsa apache2 apm audiofile berkdb bidi bluetooth bzip2 cairo cdparanoia cdr cli consolekit cracklib crypt cups cxx dbus dga dio directfb dri dts dv dvb dvd dvdr dvdread emboss encode exif fam fbcon fbcondecor ffmpeg firefox flac fortran ftp gdbm gif gpm gtk gtk2 hal iconv icq ieee1394 imagemagick ipv6 jabber java javascript jpeg jpeg2k kdexdeltas lcms ldap libnotify lm_sensors mad mikmod mmx mng modules mozilla mp3 mp4 mpeg msn mudflap mysql ncurses nls nptl nptlonly nsplugin ogg oggvorbis openal opengl openmp pam pango pcre pdf perl php png ppds pppd python qt3support qt4 readline reflection scanner sdl semantic-desktop session snmp speex spell spl sse sse2 ssl startup-notification svg svga sysfs tcpd theora threads tidy tiff truetype unicode usb v4l v4l2 vcd vhosts vorbis wifi x264 x86 xcb xcomposite xine xinerama xml xorg xpm xsl xulrunner xv xvid yahoo zlib" ALSA_CARDS="hda-intel intel8x0m" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="evdev keyboard mouse synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="de fa fr" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="fbdev vesa vga i810 intel" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, PORTAGE_RSYNC_EXTRA_OPTS
Description
I am using a model view to display colors as one of the properties of certain items in a tree-/tableview. I wanted to make it possible for the user to modify this property using a QtColorComboBox as an editor. This works, however if I enable custom color with setColorDialogEnabled() the application crashes instantly after I press Ok, or Cancel, (or press Esc) from within the color dialog (which is displayed when I click on the "more ..." entry in the combo box).
Versions where I could confirm this issue:
- Qt-4.5.3
- Qt-4.6.1
- Qt-4.6.2
- Qt-4.7
Steps to reproduce:
- compile and execute the attached test application which highlights the issue
- select a cell from the view and click on the "more ..." button to get a color selection dialog
- select a color if you like and click on either the "Ok" or "Cancel" Button.
The program should have crashed by now.
the debugger backtrace tells me the crash takes place in QComboBox::count():
0 QComboBox::count qcombobox.cpp 1299 0xb79240c7
1 QtColorComboBox::colorCount qtcolorcombobox.cpp 174 0x0804dc6f
2 QtColorComboBox::addColor qtcolorcombobox.h 75 0x0804f2c3
3 QtColorComboBox::emitActivatedColor qtcolorcombobox.cpp 235 0x0804ec00
4 QtColorComboBox::qt_metacall moc_qtcolorcombobox.cpp 82 0x0804f447
5 QMetaObject::metacall qmetaobject.cpp 237 0xb723e158
6 QMetaObject::activate qobject.cpp 3285 0xb724e5da
7 QComboBox::activated moc_qcombobox.cpp 274 0xb7923b45
8 QComboBoxPrivate::emitActivated qcombobox.cpp 1218 0xb7925e42
9 QComboBoxPrivate::_q_itemSelected qcombobox.cpp 1209 0xb7928e3f
10 QComboBox::qt_metacall moc_qcombobox.cpp 191 0xb792edd7
11 QtColorComboBox::qt_metacall moc_qtcolorcombobox.cpp 75 0x0804f3b6
12 QMetaObject::metacall qmetaobject.cpp 237 0xb723e158
13 QMetaObject::activate qobject.cpp 3285 0xb724e5da
14 QComboBoxPrivateContainer::itemSelected moc_qcombobox_p.cpp 213 0xb7c88345
15 QComboBoxPrivateContainer::eventFilter qcombobox.cpp 663 0xb792593c
16 QCoreApplicationPrivate::sendThroughObjectEventFilters qcoreapplication.cpp 819 0xb723670e
17 QApplicationPrivate::notify_helper qapplication.cpp 4296 0xb749663f
18 QApplication::notify qapplication.cpp 3865 0xb749e44e
19 QCoreApplication::notifyInternal qcoreapplication.cpp 704 0xb7236f1e
20 QCoreApplication::sendEvent qcoreapplication.h 215 0xb749d1cc
...
Valgrind tells me the crash is due to a memory bug (the valgrind log file in included in the zip file and is called valgrind.log):
Invalid read of size 4
at 0x8058F6E: QtColorComboBox::emitActivatedColor(int) (qtcolorcombobox.cpp:233)
by 0x8059E6E: QtColorComboBox::qt_metacall(QMetaObject::Call, int, void**) (moc_qtcolorcombobox.cpp:82)
by 0x4D1F157: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) (qmetaobject.cpp:237)
by 0xBEE20D63: ???
Address 0x562f9e4 is 36 bytes inside a block of size 48 free'd
at 0x402594C: realloc (vg_replace_malloc.c:476)
by 0x4BF4632: qRealloc(void*, unsigned int) (qmalloc.cpp:65)
Invalid write of size 4
at 0x8058F77: QtColorComboBox::emitActivatedColor(int) (qtcolorcombobox.cpp:233)
by 0x8059E6E: QtColorComboBox::qt_metacall(QMetaObject::Call, int, void**) (moc_qtcolorcombobox.cpp:82)
by 0x4D1F157: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) (qmetaobject.cpp:237)
by 0xBEE20D63: ???
Address 0x562f9e4 is 36 bytes inside a block of size 48 free'd
at 0x402594C: realloc (vg_replace_malloc.c:476)
by 0x4BF4632: qRealloc(void*, unsigned int) (qmalloc.cpp:65)
Invalid read of size 4
at 0x8058F7D: QtColorComboBox::emitActivatedColor(int) (qtcolorcombobox.cpp:233)
by 0x8059E6E: QtColorComboBox::qt_metacall(QMetaObject::Call, int, void**) (moc_qtcolorcombobox.cpp:82)
by 0x4D1F157: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) (qmetaobject.cpp:237)
by 0xBEE20D63: ???
Address 0x562f9e4 is 36 bytes inside a block of size 48 free'd
at 0x402594C: realloc (vg_replace_malloc.c:476)
by 0x4BF4632: qRealloc(void*, unsigned int) (qmalloc.cpp:65)
Invalid read of size 4
at 0x45F10B3: QComboBox::count() const (qcombobox.h:302)
by 0x8059636: QtColorComboBox::addColor(QColor const&, QString const&) (qtcolorcombobox.h:75)
by 0x8058FE6: QtColorComboBox::emitActivatedColor(int) (qtcolorcombobox.cpp:233)
by 0x8059E6E: QtColorComboBox::qt_metacall(QMetaObject::Call, int, void**) (moc_qtcolorcombobox.cpp:82)
by 0x4D1F157: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) (qmetaobject.cpp:237)
by 0xBEE20D63: ???
Address 0x562f9c4 is 4 bytes inside a block of size 48 free'd
at 0x402594C: realloc (vg_replace_malloc.c:476)
by 0x4BF4632: qRealloc(void*, unsigned int) (qmalloc.cpp:65)
Invalid read of size 4
at 0x45F10C1: QComboBox::count() const (qcombobox.cpp:1299)
by 0x8059636: QtColorComboBox::addColor(QColor const&, QString const&) (qtcolorcombobox.h:75)
by 0x8058FE6: QtColorComboBox::emitActivatedColor(int) (qtcolorcombobox.cpp:233)
by 0x8059E6E: QtColorComboBox::qt_metacall(QMetaObject::Call, int, void**) (moc_qtcolorcombobox.cpp:82)
by 0x4D1F157: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) (qmetaobject.cpp:237)
by 0xBEE20D63: ???
Address 0x12a is not stack'd, malloc'd or (recently) free'd
Process terminating with default action of signal 11 (SIGSEGV)
Access not within mapped region at address 0x12A
at 0x45F10C1: QComboBox::count() const (qcombobox.cpp:1299)
by 0x8059636: QtColorComboBox::addColor(QColor const&, QString const&) (qtcolorcombobox.h:75)
by 0x8058FE6: QtColorComboBox::emitActivatedColor(int) (qtcolorcombobox.cpp:233)
by 0x8059E6E: QtColorComboBox::qt_metacall(QMetaObject::Call, int, void**) (moc_qtcolorcombobox.cpp:82)
by 0x4D1F157: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) (qmetaobject.cpp:237)
by 0xBEE20D63: ???