Report abuse 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53

This:

QPaintDevice *QPainter::device() const
{
    Q_D(const QPainter);
    if (isActive() && d->engine->d_func()->currentClipWidget)
        return d->engine->d_func()->currentClipWidget;
    return d->original_device;
}


is compiled into this

(gdb) disas
Dump of assembler code for function _ZNK8QPainter6deviceEv:
   0x3b51c0d4 <+0>:	push	{r3, r4, r11, lr}
   0x3b51c0d8 <+4>:	add	r11, sp, #12
   0x3b51c0dc <+8>:	ldr	r4, [r0]
   0x3b51c0e0 <+12>:	bl	0x3b51c0b0 <_ZNK8QPainter8isActiveEv>
   0x3b51c0e4 <+16>:	cmp	r0, #0
   0x3b51c0e8 <+20>:	beq	0x3b51c108 <_ZNK8QPainter6deviceEv+52>
   0x3b51c0ec <+24>:	ldr	r0, [r4, #88]	; 0x58
   0x3b51c0f0 <+28>:	ldr	r3, [r0, #16]
=> 0x3b51c0f4 <+32>:	ldr	r0, [r3, #80]	; 0x50
   0x3b51c0f8 <+36>:	cmp	r0, #0
   0x3b51c0fc <+40>:	beq	0x3b51c108 <_ZNK8QPainter6deviceEv+52>
   0x3b51c100 <+44>:	add	r0, r0, #8
   0x3b51c104 <+48>:	pop	{r3, r4, r11, pc}
   0x3b51c108 <+52>:	ldr	r0, [r4, #80]	; 0x50
   0x3b51c10c <+56>:	pop	{r3, r4, r11, pc}
End of assembler dump.

and crashes at the => point.  What does that tell us about the data structures?

(gdb) info registers

r0             0x347578	3437944
r1             0x3e05f0	4064752
r2             0x11	17
r3             0x18	24
r4             0x24d908	2414856
r5             0x24ec10	2419728
r6             0x3b27d74c	992466764
r7             0x0	0
r8             0x11	17
r9             0x11	17
r10            0x0	0
r11            0xaee2c60c	-1360869876
r12            0x3b293220	992555552
sp             0xaee2c600	0xaee2c600
lr             0x3b51c0e4	995213540
pc             0x3b51c0f4	0x3b51c0f4 <QPainter::device() const+32>
cpsr           0x20000050	536870992