diff options
author | Marc Mutz <marc.mutz@kdab.com> | 2016-07-31 07:40:41 +0300 |
---|---|---|
committer | Marc Mutz <marc.mutz@kdab.com> | 2016-07-31 14:21:43 +0000 |
commit | 4ac28eda8edaff06ee7cb310108bfb9d9f1984ff (patch) | |
tree | 9163fbd001020d7ee4a87b6a8cdd33af93ecceb9 /src/widgets/itemviews/qtreewidget.cpp | |
parent | b37539442f58fc7c0ba54380f07b132a15a037e8 (diff) | |
download | qtbase-4ac28eda8edaff06ee7cb310108bfb9d9f1984ff.tar.gz |
QTreeWidget: Fix UB (member call)
Before actually deleting QTreeWidgetItems from QTree{Model,Widget{,Item}} dtors,
their 'view' members need to be set to nullptr, lest they attempt to delist
themselves from the list of top-level items.
For the QTreeModel::headerItem, this was forgottten.
Found by UBSan:
qtreewidget.cpp:1488:70: runtime error: member call on address 0x7ffd843dd470 which does not point to an object of type 'QAbstractItemView'
0x7ffd843dd470: note: object is of type 'QWidget'
#0 0x2b83d5b48323 in QTreeWidgetItem::~QTreeWidgetItem() src/widgets/itemviews/qtreewidget.cpp:1488
#1 0x2b83d5b48860 in QTreeWidgetItem::~QTreeWidgetItem() src/widgets/itemviews/qtreewidget.cpp:1535
#2 0x2b83d5b41659 in QTreeModel::~QTreeModel() src/widgets/itemviews/qtreewidget.cpp:143
#3 0x2b83d5b41bc0 in QTreeModel::~QTreeModel() src/widgets/itemviews/qtreewidget.cpp:146
#4 0x2b83df220747 in QObjectPrivate::deleteChildren() src/corelib/kernel/qobject.cpp:2010
#5 0x2b83d4603dd0 in QWidget::~QWidget() src/widgets/kernel/qwidget.cpp:1675
#6 0x2b83d4d76066 in QFrame::~QFrame() src/widgets/widgets/qframe.cpp:256
#7 0x2b83d5270442 in QAbstractScrollArea::~QAbstractScrollArea() src/widgets/widgets/qabstractscrollarea.cpp:575
#8 0x2b83d5733eb9 in QAbstractItemView::~QAbstractItemView() src/widgets/itemviews/qabstractitemview.cpp:617
#9 0x2b83d598b216 in QTreeView::~QTreeView() src/widgets/itemviews/qtreeview.cpp:206
#10 0x2b83d5b218b6 in QTreeWidget::~QTreeWidget() src/widgets/itemviews/qtreewidget.cpp:2549
#11 0x4eef42 in tst_QTreeWidgetItemIterator::updateIfModifiedFromWidget() tests/auto/widgets/itemviews/qtreewidgetitemiterator/tst_qtreewidgetitemiterator.cpp:1089
Change-Id: I57c277adee8c99eb07b274d6d8ea1f6fbf3575be
Reviewed-by: Olivier Goffart (Woboq GmbH) <ogoffart@woboq.com>
Diffstat (limited to 'src/widgets/itemviews/qtreewidget.cpp')
-rw-r--r-- | src/widgets/itemviews/qtreewidget.cpp | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/widgets/itemviews/qtreewidget.cpp b/src/widgets/itemviews/qtreewidget.cpp index f33dd6af17..e0f6a3d5d1 100644 --- a/src/widgets/itemviews/qtreewidget.cpp +++ b/src/widgets/itemviews/qtreewidget.cpp @@ -140,6 +140,7 @@ QTreeModel::QTreeModel(QTreeModelPrivate &dd, QTreeWidget *parent) QTreeModel::~QTreeModel() { clear(); + headerItem->view = Q_NULLPTR; delete headerItem; rootItem->view = 0; delete rootItem; |