From aeb169a48869f4f50237e384e57ccb406228f620 Mon Sep 17 00:00:00 2001
From: Timur Pocheptsov <timur.pocheptsov@theqtcompany.com>
Date: Wed, 24 Feb 2016 13:45:30 +0100
Subject: Cocoa integration - avoid using dangling pointers
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

While re-parenting a widget on a mouse down, it's possible that NSWindow
lives longer than QCocoaWindow (because self.grabbingMouse == YES),
on mouse release event self.platformWindow is not nil yet, but is not a valid
pointer already. Bail out early before touching it.

Change-Id: Iea1025a82386d4b9dc21b3cbd3a5b248b2dd3620
Task-number: QTBUG-42059
Reviewed-by: Morten Johan Sørvig <morten.sorvig@theqtcompany.com>
---
 src/plugins/platforms/cocoa/qcocoawindow.h  | 6 ++++++
 src/plugins/platforms/cocoa/qcocoawindow.mm | 6 ++++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/plugins/platforms/cocoa/qcocoawindow.h b/src/plugins/platforms/cocoa/qcocoawindow.h
index 4d2af84e8e..4d5f5d74f2 100644
--- a/src/plugins/platforms/cocoa/qcocoawindow.h
+++ b/src/plugins/platforms/cocoa/qcocoawindow.h
@@ -72,6 +72,7 @@ typedef NSWindow<QNSWindowProtocol> QCocoaNSWindow;
     QCocoaWindow *_platformWindow;
     BOOL _grabbingMouse;
     BOOL _releaseOnMouseUp;
+    QPointer<QObject> _watcher;
 }
 
 @property (nonatomic, readonly) QCocoaNSWindow *window;
@@ -321,6 +322,11 @@ public: // for QNSView
     };
     QHash<quintptr, BorderRange> m_contentBorderAreas; // identifer -> uppper/lower
     QHash<quintptr, bool> m_enabledContentBorderAreas; // identifer -> enabled state (true/false)
+
+    // This object is tracked by a 'watcher'
+    // object in a window helper, preventing use of dangling
+    // pointers.
+    QObject sentinel;
 };
 
 QT_END_NAMESPACE
diff --git a/src/plugins/platforms/cocoa/qcocoawindow.mm b/src/plugins/platforms/cocoa/qcocoawindow.mm
index eb65f7e061..9572b5ac4c 100644
--- a/src/plugins/platforms/cocoa/qcocoawindow.mm
+++ b/src/plugins/platforms/cocoa/qcocoawindow.mm
@@ -99,6 +99,7 @@ static bool isMouseEvent(NSEvent *ev)
         // make sure that m_nsWindow stays valid until the
         // QCocoaWindow is deleted by Qt.
         [_window setReleasedWhenClosed:NO];
+        _watcher = &_platformWindow->sentinel;
     }
 
     return self;
@@ -107,7 +108,7 @@ static bool isMouseEvent(NSEvent *ev)
 - (void)handleWindowEvent:(NSEvent *)theEvent
 {
     QCocoaWindow *pw = self.platformWindow;
-    if (pw && pw->m_forwardWindow) {
+    if (_watcher && pw && pw->m_forwardWindow) {
         if (theEvent.type == NSLeftMouseUp || theEvent.type == NSLeftMouseDragged) {
             QNSView *forwardView = pw->m_qtView;
             if (theEvent.type == NSLeftMouseUp) {
@@ -146,7 +147,7 @@ static bool isMouseEvent(NSEvent *ev)
     if (!self.window.delegate)
         return; // Already detached, pending NSAppKitDefined event
 
-    if (pw && pw->frameStrutEventsEnabled() && isMouseEvent(theEvent)) {
+    if (_watcher && pw && pw->frameStrutEventsEnabled() && isMouseEvent(theEvent)) {
         NSPoint loc = [theEvent locationInWindow];
         NSRect windowFrame = [self.window convertRectFromScreen:[self.window frame]];
         NSRect contentFrame = [[self.window contentView] frame];
@@ -162,6 +163,7 @@ static bool isMouseEvent(NSEvent *ev)
 - (void)detachFromPlatformWindow
 {
     _platformWindow = 0;
+    _watcher.clear();
     [self.window.delegate release];
     self.window.delegate = nil;
 }
-- 
cgit v1.2.3