QMainWindowPrivate::layout - use QPointer instead of bare pointer

qt_mainwindow_layout(mainWindow) returns the pointer to a stale object,
if the layout has already been deleted.

Most users of qt_mainwindow_layout() assert the returned pointer, or
handle nullptr explicitly. If the mainwindow layout has already been
deleted, they will still access it. While this has not lead to (known)
issues yet, a UAF exception is thrown in an ASAN build.

=> Use a QPointer instead of a bare pointer.
=> Add missing nullptr check in QDockWidgetPrivate::endDrag()

Pick-to: 6.6 6.5
Change-Id: I3484b53e0e2213b82085ceed3ffa66913947189f
Reviewed-by: David Faure <david.faure@kdab.com>

1 files changed, 2 insertions, 2 deletions

diff --git a/src/widgets/widgets/qmainwindow.cpp b/src/widgets/widgets/qmainwindow.cpp
index 662c9db892..304682731a 100644
--- a/src/widgets/widgets/qmainwindow.cpp
+++ b/src/widgets/widgets/qmainwindow.cpp
@@ -49,7 +49,7 @@ public:
             , useUnifiedToolBar(false)
 #endif
     { }
-    QMainWindowLayout *layout;
+    QPointer<QMainWindowLayout> layout;
     QSize iconSize;
     bool explicitIconSize;
     Qt::ToolButtonStyle toolButtonStyle;
@@ -60,7 +60,7 @@ public:
 
     static inline QMainWindowLayout *mainWindowLayout(const QMainWindow *mainWindow)
     {
-        return mainWindow ? mainWindow->d_func()->layout : static_cast<QMainWindowLayout *>(nullptr);
+        return mainWindow ? mainWindow->d_func()->layout.data() : static_cast<QMainWindowLayout *>(nullptr);
     }
 };