Mixxx

  1. Bug #1653368
  2. Comment #3

Comment 3 for bug 1653368

Revision history for this message
RJ Skerry-Ryan (rryan) wrote :

Crash #3 seems to be caused when deleting the "extension" widget in QMenuBar. This is a Qt-created widget that is used for showing an overflow menu. The widget has a QKeySequence "shortcut" member in its QAbstractButtonPrivate structure.

Stepping through the code one assembly instruction at a time, I can see that QKeySequence is a shared_empty instance and its reference count is reduced to 0, which causes ~QAbstractButtonPrivate to call delete on it. QKeySequencePrivate shared_empty is a static variable, so this results triggers the crash.

Here's the stack frame that produces the crash. I commented all of WMenuBar::initialize except for creating the File menu and adding it. This is enough to trigger the crash (without creating a menu, the problem does not occur).

Attached screenshot shows the shared_empty's reference count dropped to zero right before QAbstractButtonPrivate calls delete. (this is right after the lock xadd instruction that decremented).

 mixxx.exe!QAbstractButtonPrivate::~QAbstractButtonPrivate() C++
  mixxx.exe!QToolButtonPrivate::~QToolButtonPrivate() C++
  mixxx.exe!QToolButtonPrivate::`scalar deleting destructor'(unsigned int) C++
  mixxx.exe!QObject::~QObject() Line 967 C++
  mixxx.exe!QWidget::~QWidget() Line 1703 C++
  mixxx.exe!QAbstractButton::~QAbstractButton() Line 606 C++
  mixxx.exe!QToolButton::`scalar deleting destructor'(unsigned int) C++
  mixxx.exe!QObjectPrivate::deleteChildren() Line 1932 C++
  mixxx.exe!QWidget::~QWidget() Line 1682 C++
  mixxx.exe!QMenuBar::~QMenuBar() Line 857 C++
  mixxx.exe!WMainMenuBar::`scalar deleting destructor'(unsigned int) C++
  mixxx.exe!QObject::event(QEvent * e=0x11061d68) Line 1258 C++
  mixxx.exe!QWidget::event(QEvent * event=0x11061d68) Line 8862 C++
  mixxx.exe!QMenuBar::event(QEvent * e=0x11061d68) Line 1608 C++
  mixxx.exe!QApplicationPrivate::notify_helper(QObject * receiver=0x004a7718, QEvent * e=0x11061d68) Line 4568 C++
  mixxx.exe!QApplication::notify(QObject * receiver=0x004a7718, QEvent * e=0x11061d68) Line 4535 C++
  mixxx.exe!MixxxApplication::notify(QObject * target=0x004a7718, QEvent * event=0x11061d68) Line 139 C++
  mixxx.exe!QCoreApplication::notifyInternal(QObject * receiver=0x004a7718, QEvent * event=0x11061d68) Line 968 C++
  mixxx.exe!QCoreApplicationPrivate::sendPostedEvents(QObject * receiver=0x004a7718, int event_type, QThreadData * data=0x004025f0) Line 1579 C++
  mixxx.exe!MixxxMainWindow::finalize() Line 496 C++
  mixxx.exe!MixxxMainWindow::closeEvent(QCloseEvent * event=0x0025d470) Line 1204 C++
  mixxx.exe!QWidget::event(QEvent * event=0x0025d470) Line 8861 C++
  mixxx.exe!QApplicationPrivate::notify_helper(QObject * receiver=0x00480ca0, QEvent * e=0x0025d470) Line 4568 C++
  mixxx.exe!QApplication::notify(QObject * receiver=0x00480ca0, QEvent * e=0x0025d470) Line 4535 C++
  mixxx.exe!MixxxApplication::notify(QObject * target=0x00480ca0, QEvent * event=0x0025d470) Line 139 C++
  mixxx.exe!QCoreApplication::notifyInternal(QObject * receiver=0x00480ca0, QEvent * event=0x0025d470) Line 968 C++
  mixxx.exe!QWidgetPrivate::close_helper(QWidgetPrivate::CloseMode mode=CloseWithSpontaneousEvent) Line 7956 C++
  mixxx.exe!QtWndProc(HWND__ * hwnd=0x0025076e, unsigned int message=16, unsigned int wParam=0, long lParam=0) Line 2208 C++
  user32.dll!_InternalCallWinProc@20
() Unknown
  user32.dll!_UserCallWinProcCheckWow@32
() Unknown
  user32.dll!_DispatchClientMessage@24
() Unknown
  user32.dll!___fnDWORD@4
() Unknown
  ntdll.dll!_KiUserCallbackDispatcher@12
() Unknown
  user32.dll!_RealDefWindowProcW@16
() Unknown
  uxtheme.dll!DoMsgDefault(struct _THEME_MSG const *) Unknown
  uxtheme.dll!OnDwpSysCommand(class CThemeWnd *,struct _THEME_MSG *) Unknown
  uxtheme.dll!_ThemeDefWindowProc(struct HWND__ *,unsigned int,unsigned int,long,int) Unknown
  uxtheme.dll!_ThemeDefWindowProcW@16
() Unknown
  user32.dll!_DefWindowProcW@16
() Unknown
  mixxx.exe!QWinInputContext::DefWindowProcW(HWND__ * hwnd=0x0025076e, unsigned int msg=0, unsigned int wParam=61536, long lParam=1901649) Line 366 C++
  mixxx.exe!QtWndProc(HWND__ * hwnd=0x0025076e, unsigned int message=274, unsigned int wParam=61536, long lParam=1901649) Line 2698 C++
  user32.dll!_InternalCallWinProc@20
() Unknown
  user32.dll!_UserCallWinProcCheckWow@32
() Unknown
  user32.dll!_SendMessageWorker@24
() Unknown
  user32.dll!_SendMessageW@16
() Unknown
  uxtheme.dll!OnDwpNcLButtonDown(class CThemeWnd *,struct _THEME_MSG *) Unknown
  uxtheme.dll!_ThemeDefWindowProc(struct HWND__ *,unsigned int,unsigned int,long,int) Unknown
  uxtheme.dll!_ThemeDefWindowProcW@16
() Unknown
  user32.dll!_DefWindowProcW@16
() Unknown
  mixxx.exe!QWinInputContext::DefWindowProcW(HWND__ * hwnd=0x0025076e, unsigned int msg=1, unsigned int wParam=20, long lParam=1901649) Line 366 C++
  mixxx.exe!QtWndProc(HWND__ * hwnd=0x0025076e, unsigned int message=161, unsigned int wParam=20, long lParam=1901649) Line 2698 C++
  user32.dll!_InternalCallWinProc@20
() Unknown
  user32.dll!_UserCallWinProcCheckWow@32
() Unknown
  user32.dll!_DispatchMessageWorker@8
() Unknown
  user32.dll!_DispatchMessageW@4
() Unknown
  mixxx.exe!QEventDispatcherWin32::processEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...}) Line 830 C++
  mixxx.exe!QGuiEventDispatcherWin32::processEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...}) Line 1216 C++
  mixxx.exe!QEventLoop::exec(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...}) Line 204 C++
  mixxx.exe!QCoreApplication::exec() Line 1229 C++
  mixxx.exe!main(int argc=1, char * * argv=0x003f30c8) Line 116 C++
  mixxx.exe!__scrt_common_main_seh() Line 253 C++
  kernel32.dll!@BaseThreadInitThunk@12
() Unknown
  ntdll.dll!___RtlUserThreadStart@8
() Unknown
  ntdll.dll!__RtlUserThreadStart@8
() Unknown