QtPropertyBrowser / QTreeModel crash when cleared

Question

last few days I'm trying to solve this strange crash which occurs only on OS X 10.10. I have slightly modified QtTreePropertyBrowser with buttons inside the property rows:

_{(source: inventic.eu)}

These buttons emits signals when clicked and some actions caused clearing the tree and rebuilding it again. Unfortunately this causes the crash.

I thought it is because of clearing tree inside the signal processing but queuing it via QEvent doesn't help. The problem is that crash sometimes occurs also some time after the tree is cleared up.

All crashes end with one of these two callstacks:

QTreeModel::index(QTreeWidgetItem const*, int) const + 176
QTreeModel::parent(QModelIndex const&) const + 75
QTreeView::isIndexHidden(QModelIndex const&) const + 71
QTreeView::visualRect(QModelIndex const&) const + 93
QAccessibleTableCell::rect() const + 29
QAccessibleTableCell::state() const + 146
QCocoaAccessible::hasValueAttribute(QAccessibleInterface*) + 58
[QMacAccessibilityElement accessibilityAttributeNames] + 398
NSAccessibilityEntryPointAttributeNames + 115
[NSObject(NSAccessibilityInternal) _accessibilityAttributeNamesClientError:] + 56

or

QTreeModel::data(QModelIndex const&, int) const + 46
QAccessibleTableCell::state() const + 347
QCocoaAccessible::hasValueAttribute(QAccessibleInterface*) + 58
[QMacAccessibilityElement accessibilityAttributeNames] + 398
NSAccessibilityEntryPointAttributeNames + 115
[NSObject(NSAccessibilityInternal) _accessibilityAttributeNamesClientError:] + 

Crash code looks like following:

_{(source: inventic.eu)}

and

Based on the code it seems to me as bug in TreeModel where some indexes aren't cleared up after tree model is erased. Unfortunately I'm not native Mac developer (but Windows) and I'm not able to fully understand what is going wrong with indexes because of not fully working debugger in QtCreator. But based on the crash it seems that in both cases item isn't a valid pointer.

What sometimes helps is to set focus to different widget before clearing up the property tree (as I described here). But this fix doesn't work always and sometimes application still crashes.

I already extracted all code from the main application and created the minimal test case. I tried a lot of things but without success.

What is not working:

• to deactivate focus from window before clearing
• to execute clear outside the signal processing via creating QEvent with action
• to clear property tree one-by-one instead of clear() method
• to recompile test project with latest Qt 5.5 beta
• to compile the app on older OS X (10.9) and execute it on 10.10

What is working:

• to compile the same code on Windows / Linux
• to execute the same code on older OS X

Here is an example how application crashes: https://dl.dropboxusercontent.com/u/11355235/ShareX/2015-05/2015-05-21_15-28-56.mp4

The simplest way how to execute this bug is to clear the property tree and open any dialog (which executes the event loop which probably triggers the crash)

on_btnStandaloneDialog_clicked();
m_propertyBrowser->clear();
on_btnStandaloneDialog_clicked();

Minimal test case application is available here: https://www.dropbox.com/s/dbnd3inbwpfc6l9/property-tree-crash.zip?dl=0

I will be glad for any ideas or help with this problem (paid help too if it's allowed here). Please let me know if more information will be required.

Answer 1

The whole problem was in Qt Accessibility implementation on OS X.

When active element on project tree is changed, also QAccessibleTableCell is updated, unfortunately when active element is deselected (index is not valid), QAccessibleTableCell isn't updated.

Thanks to this clearing the property tree was causing the crash because QAccessibleTableCell was trying to access invalid data.

I wrote more detailed description on my blog.