| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use QDateTime and QTimeZone to simplify code (when we can).
Note which defective methods are so because the ECMAScript spec
requires those defects, reference my bug report against those defects.
Fix currentTime to return a UTC time.
Fix getLocalTZA to actually deliver the standard offset, without
daylight-saving corrections.
Fix DaylightSavingTA(t) to return the difference between current
standard time offset and pertinent total offset at time t (explaining
why that's the least broken answer), rather than assuming DST is one
hour when active. (In some places it's half an hour, in some places
two hours; and the bugs in the spec break UTC() and LocalTime() if we
only return actual DST offset, without adjusting for historical
changes to standard offset.)
Fix tests to use actual IANA IDs for zones.
Change QTime-to-Time conversion to use a modernish date, for which
time-zone data is likely to at least be consistently handled, instead
of MakeDay(0, 0, 0); that's (nominal proleptic Gregorian) 2 BC,
December 31st (represented denormally) for which any time-zone data we
have is artificial and contrived. I chose Cassini's third centennary,
as it's not likely to be near any zone transitions and is within the
era of sane time-zone data.
Task-number: QTBUG-72109
Task-number: QTBUG-56787
Change-Id: I5f21ee2010070a5c1798134fdd2915a723208fd9
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
(cherry picked from commit 2b8b7a162be52f8cd6c2bc39f498a1ddfb59dd68)
Reviewed-by: Liang Qi <liang.qi@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
qtdeclarative/src/qml/qml/ftw/qpodvector_p.h:119:22: error: ‘void* memmove(void*, const void*, size_t)’ writing to an object of non-trivially copyable type ‘class QQuickBasePositioner::PositionedItem’; use copy-assignment or copy-initialization instead [-Werror=class-memaccess]
::memmove(m_data + idx, m_data + idx + count,
Change-Id: I049703a0a6bb4432dfd3d3ce3c8cef13e9c2e31a
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
(cherry picked from commit 55f71cdfc5746a71bcb89f0fa4ff3447cb8b5514)
Reviewed-by: Ville Voutilainen <ville.voutilainen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
qpodvector_p.h:90:34: error: ‘void* realloc(void*, size_t)’ moving an object of non-trivially copyable type ‘class QQuickBasePositioner::PositionedItem’; use ‘new’ and ‘delete’ instead [-Werror=class-memaccess]
m_data = (T *)realloc(m_data, m_capacity * sizeof(T));
qpodvector_p.h:94:22: error: ‘void* memmove(void*, const void*, size_t)’ writing to an object of non-trivially copyable type ‘class QQuickBasePositioner::PositionedItem’; use copy-assignment or copy-initialization instead [-Werror=class-memaccess]
::memmove(m_data + idx + 1, m_data + idx, moveCount * sizeof(T));
Change-Id: I37088986a0f8613152a355ed6f3f9572316fa607
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
(cherry picked from commit 622decbe3b2478496295e57d59f9cf16a9f70a13)
Reviewed-by: Ville Voutilainen <ville.voutilainen@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
qtdeclarative/src/quick/util/qquickanimation.cpp:1669:109: error: cast between incompatible function types from ‘QVariant (*)(qreal&, qreal&, qreal)’ {aka ‘QVariant (*)(double&, double&, double)’} to ‘QVariantAnimation::Interpolator’ {aka ‘QVariant (*)(const void*, const void*, double)’} [-Werror=cast-function-type]
d->interpolator = reinterpret_cast<QVariantAnimation::Interpolator>(&_q_interpolateClockwiseRotation);
Change-Id: I8da70ef666deb3cbdbf05c5bac89f705a2ec5ea8
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
(cherry picked from commit 12afec6c2f89264b7344f9221763898c77a396fc)
Reviewed-by: Ville Voutilainen <ville.voutilainen@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
qtdeclarative/src/qml/jsruntime/qv4engine.cpp:913:78: error: ‘void* memcpy(void*, const void*, size_t)’ writing to an object of type ‘struct QV4::Property’ with no trivial copy-assignment [-Werror=class-memaccess]
memcpy(argumentsAccessors, oldAccessors, oldSize*sizeof(Property));
Change-Id: I6e3d6a1a26fda33aa47c315a183edba9dcd0c0b9
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
(cherry picked from commit d0c1b1e8f9dcbde14154029f7df0acc3888f675a)
Reviewed-by: Ville Voutilainen <ville.voutilainen@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
qtdeclarative/src/qml/parser/qqmljsparser.cpp:82:129: error: ‘void* realloc(void*, size_t)’ moving an object of non-trivially copyable type ‘class QStringRef’; use ‘new’ and ‘delete’ instead [-Werror=class-memaccess]
string_stack = reinterpret_cast<QStringRef*> (realloc(string_stack, stack_size * sizeof(QStringRef)));
Change-Id: I670b8a860bf3dc9c20126306f7848f38acd75ca9
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
(cherry picked from commit 2474eb092aace8f58bd49a61ec712b5ae4dd1245)
Reviewed-by: Ville Voutilainen <ville.voutilainen@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
qtdeclarative/src/qml/jsruntime/qv4string.cpp:224:76: error: ‘void* memcpy(void*, const void*, size_t)’ copying an object of non-trivial type ‘class QChar’ from an array of ‘short unsigned int’ [-Werror=class-memaccess]
memcpy(ch, item->text->data(), item->text->size * sizeof(QChar));
Change-Id: Ibbb91fb017fe3cc382e4a4641f899c8ea4ef989a
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
(cherry picked from commit 27ef77279f0cc563eac58f6ef5ea0f6ac6b570a4)
Reviewed-by: Ville Voutilainen <ville.voutilainen@qt.io>
|
|
|
|
|
|
|
|
|
| |
Check for null pointer to controller.
Fixes: QTBUG-64402
Change-Id: Ic84bdc9c5cde0e65da436e1c85b40eaf6e3ed77a
Reviewed-by: Shawn Rutledge <shawn.rutledge@qt.io>
(cherry picked from commit 10095542d16fc9f5b2c585abf72fe00be9debff3)
|
|
|
|
|
|
|
|
|
|
|
| |
The code snippet showing how to use QJSValue::call was wrong. This patch
corrects that.
Change-Id: Ib4c6479f3ef63f4f95af845d0af228d3c71f0731
Reviewed-by: Sze Howe Koh <szehowe.koh@gmail.com>
(cherry picked from commit ec2388860141dcde6387f4cba482955de648e5aa)
Reviewed-by: Samuel Gaist <samuel.gaist@idiap.ch>
Reviewed-by: Mitch Curtis <mitch.curtis@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
This change removes warning about using new Array() as constructor
with the snippet in Qt Creator.
Task-number: QTBUG-65891
Change-Id: I858601c21d703e4226db4f4c4d9ef52ec6418ed8
Reviewed-by: Nico Vertriest <nico.vertriest@qt.io>
Reviewed-by: Mitch Curtis <mitch.curtis@qt.io>
(cherry picked from commit a30138cae86268d71415bc88cfba157977f4a442)
|
|
|
|
|
|
|
|
|
|
| |
This change provides a bare minimum documentation for the
ItemSelectionModel QML type.
Task-number: QTBUG-58090
Change-Id: I0e232f8e05e7629d6f573f8dce21154d0ec307e5
Reviewed-by: Topi Reiniö <topi.reinio@qt.io>
(cherry picked from commit 9ee7b52f3234d12c7617ddf716f54e1923d3cded)
|
|
|
|
|
|
|
|
| |
Task-number: QTBUG-60913
Change-Id: I3a9d8925337a12a849e39a70f168dbfc7f007e5f
Reviewed-by: Mitch Curtis <mitch.curtis@qt.io>
(cherry picked from commit 785451a30921f11a88d45c1f9e1a00f6c7e571d8)
Reviewed-by: Topi Reiniö <topi.reinio@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
A property never has const pointer as its type. Getting this wrong also
causes problems with the QML type registration not matching the actual type.
Task-number: QTBUG-61749
Change-Id: Ic3c47499cc4dff6df0beecf5b1413c76509ca6f5
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
(cherry picked from commit 1d815780e020a7315dfc4762b6b0280834203e7e)
|
|
|
|
|
|
|
|
|
|
| |
* Rename two section titles that caused confusion for the autolinker.
* Add see also link to correct location from SpriteSequence QML type.
Task-number: QTBUG-58640
Change-Id: I62b941d00198ac56d998ca14b926c7bb37f6c91e
Reviewed-by: Mitch Curtis <mitch.curtis@qt.io>
(cherry picked from commit afccf3b4654c04c57d4f7e6da09f88e27ffb5a54)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The TabBar auto tests in Qt Quick Controls 2 repeats the following
process very quickly for several data rows:
1. Creates a TabBar (PathView, when using the Universal style)
2. Moves items in its QQmlObjectModel
3. Deletes the TabBar
When run with ASAN, this test would fail, because the TabButtons
(which are child items of the PathView) would try to access a deleted
QQuickItemChangeListener upon their destruction.
The underlying issue is that QQuickPathView::modelUpdated() is called,
and before a refill() can happen, the view is deleted.
QQuickPathView::refill() was the only execution path that was releasing
the cached items (QQuickPathViewPrivate::itemCache), and since part of
releasing an item involves removing the QQuickPathView as a change
listener from the item, the item would access the deleted view
(listener) when the item was being destroyed.
This patch fixes the issue by also releasing cached items in
QQuickPathViewPrivate::clear(), which is always called by the
destructor.
Task-number: QTBUG-68964
Change-Id: Ic5bf0943be79948c86bf7c07ef13ecd1a7b971ba
Reviewed-by: Richard Moe Gustavsen <richard.gustavsen@qt.io>
Reviewed-by: Robin Burchell <robin.burchell@crimson.no>
(cherry picked from commit 49c244e3c5a9138e6785515ebb64334705236ed4)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When analyzing the data flow and determining that a double is or'ed with
0, we correctly assume a cast to an integer and insert a convert
instruction in the IR instead of the actual bitwise or.. The JIT
implements that, but the interpreter doesn't, resulting in incorrect
values.
This problem is specific to the SSA optimizer and the underlying isel
requirements in 5.9 and does not apply to the design of the code
generator in 5.11 and onwards.
Task-number: QTBUG-68640
Change-Id: I954086b118b022bc6a8e00f17517c2d378825613
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Reviewed-by: Erik Verbruggen <erik.verbruggen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When generating the byte code, we use code like this to initialize
the specialized instructions:
Instruction::Binop op; op.foo = 1; ...
to conveniently initialize the fields and then use the addInstruction
template specialization to copy the non-generic bits (for example binop
specific parameters) across into the Instr union. We copy
InstrMeta<InstrType>::Size bits, which includes the alignment padding
applied via MOTH_INSTR_ALIGN_MASK. However the source data type
(Instruction::Binop in the above example) does not include fields and
therefore the memcpy will read more bytes off the stack than were
allocated.
Discovered via ASAN during the investigation of QTBUG-68640. The issue
is specific to Qt 5.9, it does not apply to the code base of 5.11 or
later, where the byte code is strictly integer organized.
Change-Id: Ia12b75f6c1ec6c9d77ee6e7c4253c1e18c46291c
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We want all further imports to be relative to the redirected URL, not
the base one.
Note that this will incorporate any prior URL interceptions into the
final URL if a redirect happens. We don't really want this to happen
because the result of interception is not meant to be the base for
further URL lookup. However, as interception occurs before redirection,
this is unavoidable. Don't use URL interceptors on remote URLs.
Task-number: QTBUG-67882
Change-Id: I6693d14c8af8212dda9954d0bd0293c3c85441ef
(cherry picked from commit cda2680d801acce4e221b23e88d9b3c5504f86e8)
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
Add missing QPainter::end(), fixing:
QBackingStore::endPaint() called with active painter on backingstore paint device
Task-number: QTBUG-66452
Change-Id: Ia00e61953528b15015b3e41ba1868e670818cf14
Reviewed-by: Laszlo Agocs <laszlo.agocs@qt.io>
(cherry picked from commit 047f161b1a706e81034ccd8d4700a3126c16dfe4)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using the VDM or QML list properties as models, the delegate model
injects an intermediate QQmlContext that provides access to the
properties of the exposed QObject as context properties. Before commit
e22b624d9ab1f36021adb9cdbfa9b37054282bb8, that context was marked to be
owned by the parent QQmlContext.
When the reference counting was introduced, that parent became
referenced from the cacheItem (DelegateModelItem), but that intermediate
QQmlContext became floating and was leaked.
This can be observed by running the objectListModel test of
tst_qquickvisualdatamodel with detect_leaks=1 in ASAN_OPTIONS.
The leak is fixed by re-introducing the exceptional case of a parent
holding a strong reference to the child, in just this one case.
Change-Id: Iabc26990d39757b0abe0cddf69e76e88e40fba40
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Reviewed-by: Michael Brasser <michael.brasser@live.com>
(cherry picked from commit 01df9e5f46fd05a80f8f6fcaa91204e6184ded6f)
|
|
|
|
|
|
|
|
| |
Change-Id: Ieb14322c104d816842e04e521b556bfc11855f1c
Task-number: QTBUG-67024
Reviewed-by: Robin Burchell <robin.burchell@crimson.no>
Reviewed-by: Michael Brasser <michael.brasser@live.com>
(cherry picked from commit f9686bc68696ad1e99a0587f15d05300d003d990)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
texture
When creating a Canvas item with renderStrategy set to Canvas.FramebufferObject
we might end up creating an FBO with a POT texture (e.g on iOS) that doesn't match
the size of the canvas. The result will be that the image turn out scaled.
QSGTexture::normalizedTextureSubRect() is a function that needs to be
overridden to be used. So this patch will create a subclass of QSGPlainTexture
that overrides it, and returns the normalized subrect inside the
FBO that that matches the size of the canvas.
Task-number: QTBUG-59192
Change-Id: I0f0e57e117656df21a94b7015bd160c44485046d
Reviewed-by: Morten Johan Sørvig <morten.sorvig@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We must protect various resources in the type loader with our existing
lock. The QQmlTypeLoaderQmldirContent is now value based, so that we can
release the lock on the shared cache early. Copying it involves
adjusting the refcount of the QHash and QString instances in the
QQmlDirParser.
The safety of this was verified with a TSAN build and the example
supplied in the task. It crashed reliably with TASN errors first and
with this patch it runs without errors.
Task-number: QTBUG-41465
Change-Id: I616843c4b8bdfd65d1277d4faa8cb884d8e77df8
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
(cherry picked from commit a3ad52526f79c1528f170c8affe5af00b68ca61d)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The order matters. There won't be a mouseGrabberItem() after
the cancelExclusiveGrabImpl() call. So ungrab the mouse before
calling it, not after.
This cherry-pick includes some other changes to
tst_qquickwindow.cpp (parts of
9d8fe2ac121162c15be6728495be2235b728325a) that enable the
cherry-picked test function touchEvent_cancelClearsMouseGrab()
to be the same as it is in 5.10 branch.
Task-number: QTBUG-63680
Task-number: QTBUG-67445
Change-Id: I1ba6401c5d8eb3417907eb1e6ca20816b501f3ac
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Shawn Rutledge <shawn.rutledge@qt.io>
(cherry-picked from 0821180dc833376a738742e33f728983b9ca6f84)
Reviewed-by: Tasuku Suzuki <tasuku.suzuki@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
In some cases, when our simple array data had an offset and
data would wrap around, ArrayData::append would write out
of bounds data into the new array, leading to crashes.
Task-number: QTBUG-51581
Change-Id: I55172542ef0b94d263cfc9a17d7ca49ec6c3a565
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
(cherry picked from commit f495d4b660107536d0a67ba48e88550278f13893)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are two ways to use function expressions on the right-hand side
of bindings:
property var somethingPressed
somethingPressed: function() { /* ..press something else.. */ }
signal buttonPressed
onButtonPressed: function() { /* ..handle buttonPress.. */ }
In the former case, it declares a property that holds a function. So on
initialization, the right-hand side of the binding returns a closure
that gets assigned to the property 'somethingPressed'.
In the latter case, the signal handler is explicitly marked as a
function for clarity. So, the handler should not be returning the
closure, but the handler should *be* the closure.
In general, it is not possible to detect if the left-hand side is a
property or a signal handler when generating QML cache files ahead of
time. So for this case, we mark the function as only returning a
closure. Then when instantiating the object, we check if it is a signal
handler, and if the handler is marked as only returning a closure. If
so, we set that closure to be the signal handler.
This patch also handles function expressions in SignalTransition and
function expressions as signal handlers.
Task-number: QTBUG-57043
Task-number: QTBUG-50328
Task-number: QTBUG-50328
(cherry picked from commit 22b13921f8067f8a93164875a4ad59bed85b0400)
(cherry picked from commit dc4d6293f9473c0f03c570430d08867d2d01c6e2)
(cherry picked from commit 21301c1dbb00f4a2cd991e520423ed039b297ffb)
Change-Id: I3008ddd847e30b7d0adef07344a326f84d85f1ba
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
You can create further objects while the QML engine is being destroyed.
The debug service is not interested in those because they will be rather
short lived anyway.
Task-number: QTBUG-62458
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
Change-Id: I255e18590d434e0487efac7c82c223752c645f25
(cherry-picked from commit 958e412a25523cc031564faae81c569aa6c3b01f)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The generated code for jump-on-strict-not-equal-undefined used the
same logic (but with inverted conditions) as the equal case. For
equality, one can jump to else if the value parts are not the same.
So, for not-equal, if the value parts are the same, it would jump
to the else block if they are the same. Meaning, an encoded int
value of 0 (which is strict-not-equal to undefined) would end up
being evaluated as equal.
Task-number: QTBUG-66832
Change-Id: I5c6b8e9b11be53ae21a7164e0a1e0cbfd204f401
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When an alias points to a child object which has not yet been
initialized, it's id won't have been registered yet, so setting up a
binding to it will result in a crash.
The fix is: when setting a binding target fails, and its target property
is an alias, queue them until all bindings have been set up, and try
again.
Task-number: QTBUG-57041
Change-Id: I4dc5a6d25c0a32fed9fd952c955e2006c76be45a
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
(cherry picked from commit aa94c6c0469b0595f483f13ac88459f0035deef9)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We shouldn't allocate objects that are larger than the size of
a standard memory segment through the chunk allocator, as this
can lead to problems when freeing the segment and then re-using
it again.
Instead allocate a private MemorySegment for these objects, and
free it when the object gets garbage collected.
Task-number: QTBUG-66732
Change-Id: Ic24ff65d204977f313ab0adaf7a8132883e525f0
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
(cherry picked from commit c99abf1851bbbfcec11eb77173df620746940ab0)
Reviewed-by: Erik Verbruggen <erik.verbruggen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Assigning to a group property inside a property value source or
interceptor as part of an "on assignment" is perfectly valid. That is
because while "color" is a value type property, the on assignment means
we're actually setting easing.type (in the example and test) on the
property value source, not the color, and that one is a QObject. The
same goes for interceptors.
Change-Id: I505a658977a578894d6dfb00bf5c65b41e42b12f
Task-number: QTBUG-56600
Reviewed-by: Michael Brasser <michael.brasser@live.com>
(cherry picked from commit 2659c308792967322564b5088e0e21bb371e0283)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a regression introduced with commit
4876ea6a18ccdfd72014582aa5d50ab9f6b6ec9e. Where we previously always
returned the same JS object, we would afterwards return a new JS object
for every invocation, which breaks reference comparison. As we store the
JS wrapper for the list element in the QQmlData->jsWrapper we can avoid
repeated allocations. In order for that wrapper to keep working after
modifications (insertion, etc.) to the list model, we have to replace
the static element index with a reference to the node model meta-object,
which also has an element index that however is kept up-to-date by the
list model itself.
Change-Id: I4368de6b6d86687fe96fbf73bd60b80b69d7b058
Task-number: QTBUG-52017
Reviewed-by: Michael Brasser <michael.brasser@live.com>
(cherry picked from commit 44a89492b49f23a975377795dbb7a48916cb5081)
Reviewed-by: Mitch Curtis <mitch.curtis@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
| |
When accessing/calling a property on an object, it is possible (and
perfectly fine) for that object to be a constant value. I.e. Undefined.
All code handling such a call do handle constants correctly.
Note: this is a 5.9 specific change, because 5.11 got rid of this code.
Task-number: QTBUG-66027
Change-Id: Ied9d0c9c8f8bf958f8634f7be196900b3ea64861
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After that change, if we ran out of slots in the freeList,
the last entry would point to the first Value in the value
array, not indicating that we ran out of free slots.
Conflicts:
src/qml/jsruntime/qv4sparsearray_p.h
Task-number: QTBUG-65828
Change-Id: I3e57bb7a0c2dc29172a485a6ea957b6ab5ac962e
(cherry picked from commit 16ca5eab9bdd31774dc8e657f217e044640eecff)
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a QQuickWindow is a child of another QObject (such as a Loader) and
is scheduled for deletion using a deferred delete event, then a deletion
via the parent ends up calling the window's destructor, which will
finally end up in ~QObject(), which takes care of removing the posted
deferred deletion event from the event queue.
In the case of QQuickWindow, the destructor - called before ~QObject -
calls windowDestroyed(this) on the SG render loop. The implementation in
the software renderer calls QCoreApplication::sendPostedEvents() with
QEvent::DeferedDelete, which ends up deleting the same window a second
time and resulting in a crash.
I can't see a good reason for the existence of the sendPostedEvents()
call there. It is not present in the other render loops and according to
git blame it stems from the very early first implementation of the
software renderer where surely copy & paste from other render loop code
was involved back then.
The same fix is applied to the single-threaded VG and D3D12 render
loops, as they are most likely copy & paste from the software render
loop implementation.
ASAN trace for tst_qquickwindow::unloadSubWindow() on 5.11 branch that shows
invalid access to the QObjectPrivate/QQuickWindowPrivate, which follows the
QObject in terms of life-cycle:
==4736==ERROR: AddressSanitizer: heap-use-after-free on address 0x617000011778 at pc 0x7fdd211cfbb3 bp 0x7fffecb47ea0 sp 0x7fffecb47e90
READ of size 8 at 0x617000011778 thread T0
#0 0x7fdd211cfbb2 in QQuickWindow::~QQuickWindow() items/qquickwindow.cpp:1308
#1 0x7fdd21470974 in QQuickWindowQmlImpl::~QQuickWindowQmlImpl() items/qquickwindowmodule_p.h:63
#2 0x7fdd21470974 in QQmlPrivate::QQmlElement<QQuickWindowQmlImpl>::~QQmlElement() .../qqmlprivate.h:103
#3 0x7fdd21470974 in QQmlPrivate::QQmlElement<QQuickWindowQmlImpl>::~QQmlElement() .../qqmlprivate.h:103
#4 0x7fdd1e24da24 in qDeleteInEventHandler(QObject*) kernel/qobject.cpp:4601
#5 0x7fdd1e253d2f in QObject::event(QEvent*) kernel/qobject.cpp:1240
#6 0x7fdd1fbd1d41 in QWindow::event(QEvent*) kernel/qwindow.cpp:2356
#7 0x7fdd211f778e in QQuickWindow::event(QEvent*) items/qquickwindow.cpp:1628
#8 0x7fdd1e1a4e3c in QCoreApplicationPrivate::notify_helper(QObject*, QEvent*) kernel/qcoreapplication.cpp:1216
#9 0x7fdd1e1a508b in doNotify kernel/qcoreapplication.cpp:1157
#10 0x7fdd1e1a555a in QCoreApplication::notify(QObject*, QEvent*) kernel/qcoreapplication.cpp:1143
#11 0x7fdd1fb87665 in QGuiApplication::notify(QObject*, QEvent*) kernel/qguiapplication.cpp:1723
#12 0x7fdd1e1a52fa in QCoreApplication::notifyInternal2(QObject*, QEvent*) kernel/qcoreapplication.cpp:1067
#13 0x7fdd1e1b6ed2 in QCoreApplication::sendEvent(QObject*, QEvent*) ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:234
#14 0x7fdd1e1b6ed2 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) kernel/qcoreapplication.cpp:1764
#15 0x7fdd1e1b8cda in QCoreApplication::sendPostedEvents(QObject*, int) kernel/qcoreapplication.cpp:1618
#16 0x7fdd210cb034 in QSGSoftwareRenderLoop::windowDestroyed(QQuickWindow*) scenegraph/adaptations/software/qsgsoftwarerenderloop.cpp:100
#17 0x7fdd211cfb8c in QQuickWindow::~QQuickWindow() items/qquickwindow.cpp:1305
[...]
0x617000011778 is located 632 bytes inside of 704-byte region [0x617000011500,0x6170000117c0)
freed by thread T0 here:
#0 0x7fdd21a8a9d8 in operator delete(void*, unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe19d8)
#1 0x7fdd2146fa3c in QQuickWindowQmlImplPrivate::~QQuickWindowQmlImplPrivate() items/qquickwindowmodule.cpp:57
#2 0x7fdd1e26b252 in QScopedPointerDeleter<QObjectData>::cleanup(QObjectData*) [...]
#3 0x7fdd1e26b252 in QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> >::~QScopedPointer() [...]
#4 0x7fdd1e26b252 in QObject::~QObject() kernel/qobject.cpp:882
#5 0x7fdd1fbcf51c in QWindow::~QWindow() kernel/qwindow.cpp:211
#6 0x7fdd211d0466 in QQuickWindow::~QQuickWindow() items/qquickwindow.cpp:1297
#7 0x7fdd211d0644 in QQuickWindow::~QQuickWindow() items/qquickwindow.cpp:1335
#8 0x7fdd1e2666b4 in QObjectPrivate::deleteChildren() kernel/qobject.cpp:1995
#9 0x7fdd1e26b329 in QObject::~QObject() kernel/qobject.cpp:1023
[...]
Change-Id: Iffa90d365d02b074e2a78c5be2895c9f86a4b80e
Task-number: QTBUG-66381
Reviewed-by: Shawn Rutledge <shawn.rutledge@qt.io>
Reviewed-by: Andy Nichols <andy.nichols@qt.io>
(cherry picked from commit 238cc098d785b4fe76fbc8422b340d98ff8c1a1b)
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a function is called that is in a QML scope or a QML context, set
the 'this' object to the QML scope.
Note: this patch is 5.9 specific. 5.11 has a similair issue, but the
implementation is quite different, so that needs a separate fix.
Task-number: QTBUG-59357
Change-Id: Ia78e012d413c40a094e957f4020502cd055ac286
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When we remove a property from an object, we shrink the used entries
by one (or 2 when an accessor is defined) by moving subsequent entries
"down" over the removed entry. We also have to set the last entry (or 2)
to Undefined, otherwise any heap objects referenced there would be
retained.
This cherry-pick into 5.9 also fixes an issue where the MemberData was
accessed out-of-bound: some entries stored in memory after the array
were copied in, resulting in invalid pointers, leading to a crash
whenever the garbage collector would run.
Task-number: QTBUG-66090
Change-Id: I75905fafd0d88891820d894a869b9714bc9807e0
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
(cherry picked from commit 9e32901835de1c6729ac8bf228148c1e03c4c5a5)
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
|
|
|
|
|
|
|
|
| |
It wasn't clear which values would be used when only a horizontal or
vertical flag was set.
Change-Id: I99b4a13a87b35a74f1ab80c5fafa9df621bf7b10
Reviewed-by: J-P Nurmi <jpnurmi@qt.io>
Reviewed-by: Venugopal Shivashankar <Venugopal.Shivashankar@qt.io>
|
|
|
|
|
|
|
| |
Task-number: QTBUG-58223
Change-Id: Ibc599ac2e62aa60405af0022c7f5bab6eac3e3c4
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
(cherry picked from commit ff08272245c099cadd433c8b5d4f98301f5e585b)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a regression introduced with commit
3cc589c98390992e3ee8a7970dc2913ea857d623, which in turn fixed a leak
with QV4::QObjectWrapper objects. Unfortunately the allocate() call into
the persistent (weak) value storage in the list model introduced a leak
of the weak value itself. This is fixed by replacing the free standing
weak value allocation with the use of the existing jsWrapper weak value
in the declarative data (QQmlData). That weak value is freed property in
the destroy() method of the QV4::QObjectWRapper. The extra QQmlData
allocation is hidden behind a unified allocation, similar to what we do
in void QQmlType::create(QObject **, void **, size_t) const.
Task-number: QTBUG-66189
Change-Id: I5351e3e484542709a6b210e84aa19b14d28e11ad
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
(cherry picked from commit 22d43f74e264626d0c28654c42c91839f9de45b5)
Reviewed-by: Erik Verbruggen <erik.verbruggen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The JS stack is used as a worklist while marking in order to prevent
recursion overflowing the C stack. Now if all contents of an array are
pushed onto the stack, it can easily cause an overflow. To prevent this,
drain the stack periodically.
This is fix that should not go into 5.11, as it's already fixed there by
using a ValueArray that will have this exact behavior.
Change-Id: Id5bd28879f6ef0265344d9a70c25f6c66b067309
Task-number: QTBUG-62087
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
|
|
|
|
|
|
|
|
| |
There were some cases where the signal wasn't emitted and we ended up
with events being delivered to objects that didn't exist anymore.
Task-number: QTBUG-65881
Change-Id: I847669a978e82a0332907b029a8295bb993d2850
Reviewed-by: Frederik Gladhorn <frederik.gladhorn@qt.io>
|
|
|
|
|
|
|
|
|
| |
This reverts commit 823428d994b0ec0f6b85288d74554660a51b2406. No more
needed after qt3d commit 78f77f80057b1e77c3f47d52de3e0b3f0c5d8d6e that
took the new API into use.
Change-Id: I4acb707cf363a625ae8e90c4560a0d5140cc4011
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Strictly speaking this is a regression introduced with commit
e22b624d9ab1f36021adb9cdbfa9b37054282bb8, making the QQmlContextData
objects reference counted, especially from the V4 QML context wrapper
objects.
That change (correct as it is) introduced an accidental circular
dependency in the simple scenario of importing a .js file in a .qml
file:
Each time the type in the .qml file is instantiated, we create a
dedicated QQmlContextData for the .js file. If the .js file has no
imports itself, that new context will get the same ctx->importedScripts
JS array as the QML context of the .qml file. That is a strong reference
via QV4::PersistentValue. That array in turn contains the
QV4::QmlContextWrapper that belongs to the imported script, which in
turn holds a strong reference (via refcount) to the script's context.
This patch breaks the circular reference when we perform context
invalidation, as the least intrusive measure.
For the auto-test to work, we must also clear the qmlContext persistent
of the QV4::Script that's used to evaluate the .js file. In subsequent
imports that persistent will be initialized to new values, so it will
only hold a strong reference to the last import, but strictly speaking
that is still a leak - hence also part of this fix.
Change-Id: I3e543c946e5e683425072dc3df7e49ca0e0c0215
Task-number: QTBUG-66189
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Mention (in the detailed description) that Array is indeed supported.
- Provide examples for getting and setting individual array elements,
and how to read the length of the array.
- Properly document the property() and setProperty() overloads that
take an index.
- Link to the overloads where it makes sense.
These changes make the intended workflow for using arrays much more
obvious.
Change-Id: I4657a7b1e2b4c2977120ee8e345ee9ae7d2bbc2d
Reviewed-by: Topi Reiniö <topi.reinio@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
Reverts 2c2e7f27426cb4381f2dcaa36affe55719619753. WebGL does not
support a shared index and vertex buffer. Due to a performance
regression, this patch is reverted.
Task-number: QTBUG-66191
Change-Id: I296d2a6c1c7b5fa66532bd7e106f5360d9d2403a
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
Reviewed-by: Laszlo Agocs <laszlo.agocs@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a regression introduced with commit
3b6eeee177b64eebe240d51be0c7bb5f031471d8 in the 5.9 branch. When
constructing an object with deferred properties and not running
qmlExecuteDeferred, then the deferred data would never get deleted
because the bindings list remains non-empty and we would leak the
deferred data as well as the entire compilation unit behind it.
This happens for example when declaring when instantiating a QML file
with states:
states: [ State { ... }, State { ... }, ... }
Unless every state is entered, its deferred changes property is never
applied (via qmlExecuteDeferred) and thus the defer data is leaked.
Task-number: QTBUG-66189
Change-Id: I1b2119c601d1e0ab4e37f53d4cf2f569586ee883
Reviewed-by: J-P Nurmi <jpnurmi@qt.io>
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace manual use in QQmlData and QQmlData::DeferredData with
QQmlRefPointer.
Due to forward declaration trouble this required declaring a non-inline
constructor/destructor for QQmlData and DeferedData and disabling
copying, so that not every C++ compilation unit including qqmldata_p.h
needs to instantiate the QQmlRefPointer destructor and thus know whether
QV4::CompiledData::CompilationUnit has release(), etc. The out-of-line
declarations however should not have any negative impact as the only
call sites are within qqmlengine.cpp, too.
Change-Id: I2e8295cb0d7f876a5d7d18765dbac285184e6c99
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
This approach tracks object allocations only,
when slots from already allocated memory segment are used.
Change-Id: I514b974d7580c1236264bec96dc1abe594585e86
Reviewed-by: Milian Wolff <milian.wolff@kdab.com>
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
|
|
|
|
|
|
|
|
| |
.. instead of calling QOpenGLContext::currentContext(), which in turn
accesses the thread-local storage.
Change-Id: I773686deb2a745e066b0878a6ccb087afb81774d
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
Reviewed-by: Tuukka Turunen <tuukka.turunen@qt.io>
|