From 97850b952ca754ce8822a6f9e84af39311c0ea53 Mon Sep 17 00:00:00 2001
From: Olivier Goffart <ogoffart@woboq.com>
Date: Tue, 18 Apr 2017 16:28:17 +0200
Subject: Fix UB in QWidgetEffectSourcePrivate::detach

Delete the QGraphicsEffect from the QWidget destructor instead of from
the QWidgetPrivate destructor. The destructor of QGraphicsEffect still
access methods of the QWidget, but the QObjectPrivate being destroyed
from ~QObject, the pointer is no longer a QWidget.

Fix warning with UB sanitizer in tst_QWidget::setGraphicsEffect

qwidget_p.h:900:23: runtime error: member call on address 0x000001d822c0 which does not point to an object of type 'QWidget'
0x000001d822c0: note: object is of type 'QObject'
 00 00 00 00  b0 46 5f 40 e5 7f 00 00  00 23 d8 01 00 00 00 00  f0 e6 00 44 e5 7f 00 00  00 00 74 47
              ^~~~~~~~~~~~~~~~~~~~~~~
              vptr for 'QObject'
    #0 0x7fe54767db76 in QWidgetEffectSourcePrivate::detach()
    #1 0x7fe548f29815 in QGraphicsEffect::~QGraphicsEffect()
    #2 0x7fe548f2a1b7 in QGraphicsBlurEffect::~QGraphicsBlurEffect()
    #3 0x7fe548f2a208 in QGraphicsBlurEffect::~QGraphicsBlurEffect()
    #4 0x7fe5475cd463 in QWidgetPrivate::~QWidgetPrivate()
    #5 0x7fe5475ce62c in QWidgetPrivate::~QWidgetPrivate()
    #6 0x7fe5400d0dda in QObject::~QObject()
    #7 0x7fe54763d411 in QWidget::~QWidget()
    #8 0x7fe54763d7f4 in QWidget::~QWidget()
    #9 0x4cc309 in QScopedPointerDeleter<QWidget>::cleanup(QWidget*)
    #10 0x4cc309 in QScopedPointer<QWidget, QScopedPointerDeleter<QWidget> >::reset(QWidget*)
    #11 0x4cc309 in tst_QWidget::setGraphicsEffect()

Change-Id: I19c049e979cfce2adda908af8336cb4adac8f6c4
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
---
 src/widgets/kernel/qwidget.cpp | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/widgets/kernel/qwidget.cpp b/src/widgets/kernel/qwidget.cpp
index bd67e0be32..7a83e0b517 100644
--- a/src/widgets/kernel/qwidget.cpp
+++ b/src/widgets/kernel/qwidget.cpp
@@ -341,10 +341,6 @@ QWidgetPrivate::~QWidgetPrivate()
 
     if (extra)
         deleteExtra();
-
-#ifndef QT_NO_GRAPHICSEFFECT
-    delete graphicsEffect;
-#endif //QT_NO_GRAPHICSEFFECT
 }
 
 /*!
@@ -1718,6 +1714,10 @@ QWidget::~QWidget()
     } QT_CATCH(const std::exception&) {
         // if this fails we can't do anything about it but at least we are not allowed to throw.
     }
+
+#if QT_CONFIG(graphicseffect)
+    delete d->graphicsEffect;
+#endif
 }
 
 int QWidgetPrivate::instanceCounter = 0;  // Current number of widget instances
-- 
cgit v1.2.3