Handle notifier list modification during iteration

As propertyobservers can execute arbitrarily complex code, they can also
modify the obsever list in multiple ways. To protect against list
corruption resulting from this, we introduce a protection scheme which
makes the list resilient against modification.
A detailed description of the scheme can be found as a comment in
QPropertyObserverPointer::notify.

Task-number: QTBUG-87153
Change-Id: I9bb49e457165ddc1e4c8bbdf3d3c9fbf5ff27e94
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Lars Knoll <lars.knoll@qt.io>

1 files changed, 7 insertions, 0 deletions

diff --git a/src/corelib/kernel/qproperty_p.h b/src/corelib/kernel/qproperty_p.h
index aa81aa9203..9185c939c6 100644
--- a/src/corelib/kernel/qproperty_p.h
+++ b/src/corelib/kernel/qproperty_p.h
@@ -241,6 +241,13 @@ public:
     void clearDependencyObservers() {
         for (size_t i = 0; i < qMin(dependencyObserverCount, inlineDependencyObservers.size()); ++i) {
             QPropertyObserverPointer p{&inlineDependencyObservers[i]};
+            if (p.ptr->next.tag() == QPropertyObserver::ActivelyExecuting) {
+                *(p.ptr->nodeState) = nullptr;
+                p.ptr->nodeState = nullptr;
+
+                // set tag to "safer" value, as we return the same observer pointer from allocateDependencyObserver
+                p.ptr->next.setTag(QPropertyObserver::ObserverNotifiesChangeHandler);
+            }
             p.unlink();
         }
         if (heapObservers)