Avoid use after free in tst_qsequentialanimationgroup

The test connects finished to the groups clear method, which in turn
deletes the animation instance. Thus, no member must be accessed after
calling stop, unless we use a (costly) QPointer to guard against
deletion.
Notify earlier that totalCurrentTime changed to avoid the issue.
As a drive-by, modernize the connect in the test.

Fixes: QTBUG-94143
Change-Id: I923101107b7f79115be69a58c8e8d5177a98d48f
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@qt.io>
Reviewed-by: Sona Kurazyan <sona.kurazyan@qt.io>

1 files changed, 6 insertions, 2 deletions

diff --git a/src/corelib/animation/qabstractanimation.cpp b/src/corelib/animation/qabstractanimation.cpp
index 18dab48e5a..16621036e2 100644
--- a/src/corelib/animation/qabstractanimation.cpp
+++ b/src/corelib/animation/qabstractanimation.cpp
@@ -1346,6 +1346,12 @@ void QAbstractAnimation::setCurrentTime(int msecs)
     if (d->currentLoop != oldLoop)
         d->currentLoop.notify();
 
+    /* Notify before calling stop: As seen in tst_QSequentialAnimationGroup::clear
+     * we might delete the animation when stop is called. Thus after stop no member
+     * of the object must be used anymore.
+     */
+    if (oldCurrentTime != d->totalCurrentTime)
+        d->totalCurrentTime.notify();
     // All animations are responsible for stopping the animation when their
     // own end state is reached; in this case the animation is time driven,
     // and has reached the end.
@@ -1353,8 +1359,6 @@ void QAbstractAnimation::setCurrentTime(int msecs)
         || (d->direction == Backward && d->totalCurrentTime == 0)) {
         stop();
     }
-    if (oldCurrentTime != d->totalCurrentTime)
-        d->totalCurrentTime.notify();
 }
 
 /*!