AuroraMiddleware/qt5base-lts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

QComboBox on macOS: guard against destruction while native popup is open

Browse Source 
Since showing the native popup on macOS is blocking and processes events
the QComboBox might get destroyed while the popup is open. Guard against
this by using QPointer and returning early (dismissing the scope guard
that would otherwise reset the menu's parent, writing to freed memory).

The problem is then that the native popup remains visible, as the
destructor of QComboBox calls cleanupNativeCombobox which destroys the
platform menu (i.e. the QCocoaMenu instance), but that doesn't dismiss()
the popup. Add a call to dismiss() to the QCocoaMenu destructor to make
sure that destroying the menu closes it first.

Fixes: QTBUG-116155
Pick-to: 6.6 6.5
Change-Id: If0ac19796603667f4c8e80c302710dc4c9aded50
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
This commit is contained in:
Volker Hilsheimer 2023-08-31 08:58:40 +02:00
parent 6cf4c5b98f
commit 03d62322b2
2 changed files with 22 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/plugins/platforms/cocoa/qcocoamenu.mm
View File

@ -42,6 +42,8 @@ QCocoaMenu::~QCocoaMenu()
item->setMenuParent(nullptr);
}
if (isOpen())
dismiss();
[m_nativeMenu release];
}
@ -320,6 +322,8 @@ void QCocoaMenu::showPopup(const QWindow *parentWindow, const QRect &targetRect,
{
QMacAutoReleasePool pool;
QPointer<QCocoaMenu> guard = this;
QPoint pos = QPoint(targetRect.left(), targetRect.top() + targetRect.height());
QCocoaWindow *cocoaWindow = parentWindow ? static_cast<QCocoaWindow *>(parentWindow->handle()) : nullptr;
NSView *view = cocoaWindow ? cocoaWindow->view() : nil;
@ -404,6 +408,11 @@ void QCocoaMenu::showPopup(const QWindow *parentWindow, const QRect &targetRect,
}
}
if (!guard) {
menuParentGuard.dismiss();
return;
}
// The calls above block, and also swallow any mouse release event,
// so we need to clear any mouse button that triggered the menu popup.
if (cocoaWindow && !cocoaWindow->isForeignWindow())

19
src/widgets/widgets/qcombobox.cpp
View File

@ -2469,12 +2469,13 @@ void QComboBoxPrivate::cleanupNativePopup()
if (!m_platformMenu)
return;
m_platformMenu->setVisible(false);
int count = int(m_platformMenu->tag());
for (int i = 0; i < count; ++i)
m_platformMenu->menuItemAt(i)->deleteLater();
delete m_platformMenu;
m_platformMenu = 0;
m_platformMenu = nullptr;
}
/*!
@ -2531,15 +2532,18 @@ bool QComboBoxPrivate::showNativePopup()
else if (q->testAttribute(Qt::WA_MacMiniSize))
offset = QPoint(-2, 6);
[[maybe_unused]] QPointer<QComboBox> guard(q);
const QRect targetRect = QRect(tlw->mapFromGlobal(q->mapToGlobal(offset)), QSize());
m_platformMenu->showPopup(tlw, QHighDpi::toNativePixels(targetRect, tlw), currentItem);
#ifdef Q_OS_MACOS
// The Cocoa popup will swallow any mouse release event.
// We need to fake one here to un-press the button.
QMouseEvent mouseReleased(QEvent::MouseButtonRelease, q->pos(), q->mapToGlobal(QPoint(0, 0)),
Qt::LeftButton, Qt::MouseButtons(Qt::LeftButton), {});
QCoreApplication::sendEvent(q, &mouseReleased);
if (guard) {
// The Cocoa popup will swallow any mouse release event.
// We need to fake one here to un-press the button.
QMouseEvent mouseReleased(QEvent::MouseButtonRelease, q->pos(), q->mapToGlobal(QPoint(0, 0)),
Qt::LeftButton, Qt::MouseButtons(Qt::LeftButton), {});
QCoreApplication::sendEvent(q, &mouseReleased);
}
#endif
return true;
@ -3116,7 +3120,10 @@ void QComboBoxPrivate::showPopupFromMouseEvent(QMouseEvent *e)
// viewContainer(), we avoid creating the QComboBoxPrivateContainer.
viewContainer()->initialClickPosition = q->mapToGlobal(e->position().toPoint());
}
QPointer<QComboBox> guard = q;
q->showPopup();
if (!guard)
return;
// The code below ensures that regular mousepress and pick item still works
// If it was not called the viewContainer would ignore event since it didn't have
// a mousePressEvent first.