Ticket #4500 - segfault on focus change

[mlampert]

I have a task panel where I can deterministically generate a segfault by changing the focus from one a QLineEdit widget to a GUI::QuantitySpinBox. The only "non-standard" thing is that the quantity spin boxes are created programmatically with FreeCADGui.UiLoader.createWidget('Gui::QuantitySpinBox') - no idea if this is the root cause though.

When editing a ToolBit ("Endmill" in attached file) - and one first clicks into the "Shape File" entry field, and then into the "Cutting Edge Height" field, FC segfaults. The code that generates the dialog is here: https://github.com/FreeCAD/FreeCAD/blob ... dit.py#L62

If anybody has an idea what would be causing such a behaviour, and what to do about it - much appreciated!

[chrisb]

I cannot help, but I can confirm.

OS: macOS 10.15
Word size of OS: 64-bit
Word size of FreeCAD: 64-bit
Version: 0.19.22960 (Git)
Build type: Release
Branch: master
Hash: c5a4b01d2e4218bcc0eb6650337650a6c65ef0e4
Python version: 3.8.6
Qt version: 5.12.5
Coin version: 4.0.0
OCC version: 7.4.0
Locale: C/Default (C)

[sliptonic]

100% reproducible for me too.

OS: Linux Mint 19.3 (i3/i3)
Word size of OS: 64-bit
Word size of FreeCAD: 64-bit
Version: 0.19.23029 +16 (Git)
Build type: Unknown
Branch: feature/toolbitdock
Hash: 26eac120b80e3570413fbe2050835128085b332a
Python version: 3.6.9
Qt version: 5.9.5
Coin version: 4.0.0a
OCC version: 7.3.0
Locale: English/UnitedStates (en_US)

[mlampert]

filed an issue for it for tracking: issue #4500

[Kunda1]

issue #4500 marked as 'Confirmed' and target set to v0.19

[wmayer]

The crash is caused by this line in PathToolBitEdit.py

Code: Select all

self.form.shapePath.editingFinished.connect(self.updateShape)

When you click inside the line edit and afterwards into the quantity spin box the line edit emits the signal editingFinished. This invokes the connected slot updateShape() that calls setupTool(). setupTool() cleans up the layout and thus destroys the widgets and afterwards it re-creates them. However, Qt internally has stored a pointer to the focus widget that becomes dangling due to the destruction.

This dangling pointer then leads to the crash.

[mlampert]

There's some serious kung-fu happening here - first off, thanks! I'll look into it tonight and try to fix it.
Second - how did you figure this out?

[wmayer]

Second - how did you figure this out?

I needed the Qt source code and a debug build. Now when looking at the address of the pointer of the focus widget I could see that it was a dangling pointer.

But from the dangling pointer it wasn't possible to see what the actual class name is. Thus, in a second step I set a break point at the constructor and destructor of QLineEdit. So, I could confirm that the focus widget was a QLineEdit by comparing the pointer addresses.

Now when looking at the call stack I saw the emitted signal editingFinished() and a couple of Python function calls. This looked suspicious to me so I went straight to the file PathToolBitEdit.py and checked what's connected to the signal.

[mlampert]

I bow low before the master and am deeply humbled!
Thank You! For your skills, the explanation and the dedication to track this down.