diff options
| author | Volker Hilsheimer <volker.hilsheimer@qt.io> | 2022-08-16 15:32:58 +0200 |
|---|---|---|
| committer | Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> | 2022-08-21 02:36:51 +0000 |
| commit | 77a892affca570a06e6daa218d2ae94774ae6cd5 (patch) | |
| tree | 5484d1ce216d652eacac6126b80b404c889a4366 /src | |
| parent | 196c38a84653763db4647b2dcc835587303c2093 (diff) | |
Don't access QObjectPrivate::declarativeData unguarded
The QObjectPrivate::declarativeData member is stored in a union with
currentChildBeingDeleted. The QObject destructor always sets the
currentChildBeingDeleted member of the union. It also sets the
isDeletingChildren bool, which is the only way to find out which union
member we can safely access.
While the QObject destructor is deleting children and isDeletingChildren
is set, we must not access the declarativeData member of the union.
Add a test case that initializes the function pointers for the
declarative handlers and constructs a situation where an object
emits a signal while it is destroying children.
Fixes: QTBUG-105286
Change-Id: Iea5ba2f7843b6926a8d157be166e6044d98d6c02
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit 3be99799a675a631c67e05897383af9abbc377b3)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
Diffstat (limited to 'src')
| -rw-r--r-- | src/corelib/kernel/qobject.cpp | 4 | ||||
| -rw-r--r-- | src/corelib/kernel/qobject_p.h | 2 |
2 files changed, 3 insertions, 3 deletions
diff --git a/src/corelib/kernel/qobject.cpp b/src/corelib/kernel/qobject.cpp index a7f48b5c59..ac5e839eb2 100644 --- a/src/corelib/kernel/qobject.cpp +++ b/src/corelib/kernel/qobject.cpp @@ -1001,7 +1001,7 @@ QObject::~QObject() emit destroyed(this); } - if (d->declarativeData && QAbstractDeclarativeData::destroyed) + if (!d->isDeletingChildren && d->declarativeData && QAbstractDeclarativeData::destroyed) QAbstractDeclarativeData::destroyed(d->declarativeData, this); QObjectPrivate::ConnectionData *cd = d->connections.loadRelaxed(); @@ -2625,7 +2625,7 @@ int QObject::receivers(const char *signal) const if (!d->isSignalConnected(signal_index)) return receivers; - if (d->declarativeData && QAbstractDeclarativeData::receivers) { + if (!d->isDeletingChildren && d->declarativeData && QAbstractDeclarativeData::receivers) { receivers += QAbstractDeclarativeData::receivers(d->declarativeData, this, signal_index); } diff --git a/src/corelib/kernel/qobject_p.h b/src/corelib/kernel/qobject_p.h index 3f55fba6b0..f82dce51f3 100644 --- a/src/corelib/kernel/qobject_p.h +++ b/src/corelib/kernel/qobject_p.h @@ -225,7 +225,7 @@ inline void QObjectPrivate::checkForIncompatibleLibraryVersion(int version) cons inline bool QObjectPrivate::isDeclarativeSignalConnected(uint signal_index) const { - return declarativeData && QAbstractDeclarativeData::isSignalConnected + return !isDeletingChildren && declarativeData && QAbstractDeclarativeData::isSignalConnected && QAbstractDeclarativeData::isSignalConnected(declarativeData, q_func(), signal_index); } |