From 195b998175b629e6e915588e66991f74cffa4e48 Mon Sep 17 00:00:00 2001
From: Simon Hausmann <simon.hausmann@digia.com>
Date: Fri, 20 Jun 2014 17:26:57 +0200
Subject: Fix crash when deleting component in Component.onComplete through
 loader

This is a regression introduced with Qt 5.3.0. The recursion watcher code that
is supposed to handle the test case of QTBUG-39775 can detect the recursion
into the object creator. However the boolean that indicates the recursion is a
member of a structure that's deleted afterwards. To avoid access to deleted
memory, this patch simply reference counts data structure shared between the
creators and also wraps the recursion watcher into a convenience class that
also increases/decreases the reference count accordingly.

Change-Id: I8d2e3e200ab1295e89d951e09f187d382a056d5a
Task-number: QTBUG-39775
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
---
 src/qml/qml/qqmlobjectcreator_p.h | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

(limited to 'src/qml/qml/qqmlobjectcreator_p.h')

diff --git a/src/qml/qml/qqmlobjectcreator_p.h b/src/qml/qml/qqmlobjectcreator_p.h
index 379a3b2970..ad2d67624f 100644
--- a/src/qml/qml/qqmlobjectcreator_p.h
+++ b/src/qml/qml/qqmlobjectcreator_p.h
@@ -57,7 +57,7 @@ struct QQmlTypeCompiler;
 class QQmlInstantiationInterrupt;
 struct QQmlVmeProfiler;
 
-struct QQmlObjectCreatorSharedState
+struct QQmlObjectCreatorSharedState : public QSharedData
 {
     QQmlContextData *rootContext;
     QQmlContextData *creationContext;
@@ -128,7 +128,8 @@ private:
     const QVector<QQmlPropertyCache *> &propertyCaches;
     const QVector<QByteArray> &vmeMetaObjectData;
     QHash<int, int> objectIndexToId;
-    QFlagPointer<QQmlObjectCreatorSharedState> sharedState;
+    QExplicitlySharedDataPointer<QQmlObjectCreatorSharedState> sharedState;
+    bool topLevelCreator;
     void *activeVMEDataForRootContext;
 
     QObject *_qobject;
@@ -142,6 +143,19 @@ private:
     QQmlVMEMetaObject *_vmeMetaObject;
     QQmlListProperty<void> _currentList;
     QV4::ExecutionContext *_qmlContext;
+
+    friend struct QQmlObjectCreatorRecursionWatcher;
+};
+
+struct QQmlObjectCreatorRecursionWatcher
+{
+    QQmlObjectCreatorRecursionWatcher(QQmlObjectCreator *creator);
+
+    bool hasRecursed() const { return watcher.hasRecursed(); }
+
+private:
+    QExplicitlySharedDataPointer<QQmlObjectCreatorSharedState> sharedState;
+    QRecursionWatcher<QQmlObjectCreatorSharedState, &QQmlObjectCreatorSharedState::recursionNode> watcher;
 };
 
 QT_END_NAMESPACE
-- 
cgit v1.2.3