[Qt-interest] Bug in QNetworkReply abort

Stanislav Kolar skolar at kerio.com
Wed Jul 21 16:46:41 CEST 2010 

Hi all,

there is probably a bug in QNetworkAccessManager.
If I call QNetworkReply::abort(), the application crashes. The reply object is result of QNetworkAccessManager::post method.

The call stack is
================================
QtCored4.dll!QScopedPointer<QObjectData,QScopedPointerDeleter<QObjectData> >::data()  Line 135 + 0x3 bytes	C++
QtCored4.dll!qGetPtrHelper<QScopedPointer<QObjectData,QScopedPointerDeleter<QObjectData> > >(const QScopedPointer<QObjectData,QScopedPointerDeleter<QObjectData> > & p={...})  Line 2314 + 0xb bytes	C++
QtCored4.dll!QObject::d_func()  Line 125 + 0x13 bytes	C++
QtCored4.dll!QMetaObject::activate(QObject * sender=0x00000000, const QMetaObject * m=0x6415efac, int local_signal_index=0x00000007, void * * argv=0x0012d530)  Line 3210 + 0xc bytes	C++
QtNetworkd4.dll!QHttpNetworkReply::dataSendProgress(__int64 _t1=0x0000000001014000, __int64 _t2=0x000000000134fac9)  Line 146 + 0x15 bytes	C++
QtNetworkd4.dll!QHttpNetworkConnectionChannel::sendRequest()  Line 268	C++
QtNetworkd4.dll!QHttpNetworkConnectionChannel::_q_bytesWritten(__int64 bytes=0x0000000000008000)  Line 877	C++
QtNetworkd4.dll!QHttpNetworkConnectionChannel::qt_metacall(QMetaObject::Call _c=InvokeMetaMethod, int _id=0x00000001, void * * _a=0x0012d7e4)  Line 91 + 0x15 bytes	C++
QtCored4.dll!QMetaObject::metacall(QObject * object=0x015554ac, QMetaObject::Call cl=InvokeMetaMethod, int idx=0x00000005, void * * argv=0x0012d7e4)  Line 238	C++
QtCored4.dll!QMetaObject::activate(QObject * sender=0x0151e310, const QMetaObject * m=0x67304f48, int local_signal_index=0x00000001, void * * argv=0x0012d7e4)  Line 3287 + 0x27 bytes	C++
QtCored4.dll!QIODevice::bytesWritten(__int64 _t1=0x0000000000008000)  Line 98 + 0x14 bytes	C++
QtNetworkd4.dll!QAbstractSocketPrivate::flush()  Line 771	C++
QtNetworkd4.dll!QAbstractSocketPrivate::canWriteNotification()  Line 685	C++
QtNetworkd4.dll!QAbstractSocketPrivate::writeNotification()  Line 78 + 0x15 bytes	C++
QtNetworkd4.dll!QAbstractSocketEngine::writeNotification()  Line 161	C++
QtNetworkd4.dll!QWriteNotifier::event(QEvent * e=0x0012dd78)  Line 1130	C++
QtGuid4.dll!QApplicationPrivate::notify_helper(QObject * receiver=0x015877c8, QEvent * e=0x0012dd78)  Line 4302 + 0x11 bytes	C++
QtGuid4.dll!QApplication::notify(QObject * receiver=0x015877c8, QEvent * e=0x0012dd78)  Line 3706 + 0x10 bytes	C++
QtCored4.dll!QCoreApplication::notifyInternal(QObject * receiver=0x015877c8, QEvent * event=0x0012dd78)  Line 726 + 0x15 bytes	C++
QtCored4.dll!QCoreApplication::sendEvent(QObject * receiver=0x015877c8, QEvent * event=0x0012dd78)  Line 215 + 0x39 bytes	C++
QtCored4.dll!qt_internal_proc(HWND__ * hwnd=0x004b028c, unsigned int message=0x00000400, unsigned int wp=0x0000015c, long lp=0x00000002)  Line 478 + 0xf bytes	C++
user32.dll!_InternalCallWinProc at 20()  + 0x28 bytes	
user32.dll!_UserCallWinProcCheckWow at 32()  + 0xb7 bytes	
user32.dll!_DispatchMessageWorker at 8()  + 0xdc bytes	
user32.dll!_DispatchMessageW at 4()  + 0xf bytes	
QtCored4.dll!QEventDispatcherWin32::processEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...})  Line 781	C++
QtGuid4.dll!QGuiEventDispatcherWin32::processEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...})  Line 1145 + 0x15 bytes	C++
QtCored4.dll!QEventLoop::processEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...})  Line 150	C++
QtCored4.dll!QEventLoop::exec(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...})  Line 201 + 0x2d bytes	C++
QtCored4.dll!QCoreApplication::exec()  Line 1003 + 0x15 bytes	C++
QtGuid4.dll!QApplication::exec()  Line 3582	C++

It seems that the loop in

bool QHttpNetworkConnectionChannel::sendRequest()

tries to 

emit reply->dataSendProgress(written, bytesTotal);

even though QHttpNetworkReply *reply is already destroyed - it is deleted by destructor of QNetworkAccessHttpBacked - the QHttpNetworkReply object is its children:

QtNetworkd4.dll!QHttpNetworkReply::~QHttpNetworkReply()  Line 64	C++
QtNetworkd4.dll!QHttpNetworkReply::`scalar deleting destructor'()  + 0xf bytes	C++
QtCored4.dll!QObjectPrivate::deleteChildren()  Line 1978 + 0x24 bytes	C++
QtCored4.dll!QObject::~QObject()  Line 977	C++
QtNetworkd4.dll!QNetworkAccessBackend::~QNetworkAccessBackend()  Line 157 + 0x9 bytes	C++
QtNetworkd4.dll!QNetworkAccessHttpBackend::~QNetworkAccessHttpBackend()  Line 309 + 0x3d bytes	C++
QtNetworkd4.dll!QNetworkAccessHttpBackend::`scalar deleting destructor'()  + 0xf bytes	C++
QtCored4.dll!qDeleteInEventHandler(QObject * o=0x01587a08)  Line 3993 + 0x21 bytes	C++
QtCored4.dll!QObject::event(QEvent * e=0x01ffa7b8)  Line 1223 + 0xc bytes	C++
QtGuid4.dll!QApplicationPrivate::notify_helper(QObject * receiver=0x01587a08, QEvent * e=0x01ffa7b8)  Line 4302 + 0x11 bytes	C++
QtGuid4.dll!QApplication::notify(QObject * receiver=0x01587a08, QEvent * e=0x01ffa7b8)  Line 3706 + 0x10 bytes	C++
QtCored4.dll!QCoreApplication::notifyInternal(QObject * receiver=0x01587a08, QEvent * event=0x01ffa7b8)  Line 726 + 0x15 bytes	C++
..


Did I something wrong ? Is it a known bug ? Or have somebody some advise/question ?

Stanislav Kolar
Research & Development
.................................................................
Kerio Technologies
Anglicke nabrezi 1, 301 49 Plzen
Czech Republic
tel. 377 338 901, fax 377 338 921
www.kerio.com
.................................................................
Connect. Communicate. Collaborate. Securely.

More information about the Qt-interest-old mailing list