From eba1d56fad03198098f3eea353c4b42fac3306a7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Morten=20Johan=20S=C3=B8rvig?= <morten.sorvig@qt.io>
Date: Tue, 20 Feb 2018 16:04:56 +0100
Subject: Cocoa: Fix crash in currentModalSession()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add null-pointer checks to QCocoaEventDispatcher::
currentModalSession():

- window->handle() may return nullptr if the window
has been destroyed.

- We call beginModalSessionForWindow, which processes
events. This can potentially destroy or delete the
current window; pointers to it must be checked again.

This also has the effect that currentModalSessionCached
is not set to a session that does not have a window,
also prevents clearing the cleanupModalSessionsNeeded
flag for such sessions.

Task-number: QTBUG-66536
Change-Id: Ie055933c872a8ede3c938882fb2d4f7cf8ff3c81
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io>
---
 src/plugins/platforms/cocoa/qcocoaeventdispatcher.mm | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'src/plugins/platforms/cocoa/qcocoaeventdispatcher.mm')

diff --git a/src/plugins/platforms/cocoa/qcocoaeventdispatcher.mm b/src/plugins/platforms/cocoa/qcocoaeventdispatcher.mm
index bf9ba4eccf..06978fb3fc 100644
--- a/src/plugins/platforms/cocoa/qcocoaeventdispatcher.mm
+++ b/src/plugins/platforms/cocoa/qcocoaeventdispatcher.mm
@@ -637,6 +637,8 @@ NSModalSession QCocoaEventDispatcherPrivate::currentModalSession()
         if (!info.session) {
             QMacAutoReleasePool pool;
             QCocoaWindow *cocoaWindow = static_cast<QCocoaWindow *>(info.window->handle());
+            if (!cocoaWindow)
+                continue;
             NSWindow *nswindow = cocoaWindow->nativeWindow();
             if (!nswindow)
                 continue;
@@ -647,6 +649,15 @@ NSModalSession QCocoaEventDispatcherPrivate::currentModalSession()
             [(NSWindow*) info.nswindow retain];
             QRect rect = cocoaWindow->geometry();
             info.session = [NSApp beginModalSessionForWindow:nswindow];
+
+            // The call to beginModalSessionForWindow above processes events and may
+            // have deleted or destroyed the window. Check if it's still valid.
+            if (!info.window)
+                continue;
+            cocoaWindow = static_cast<QCocoaWindow *>(info.window->handle());
+            if (!cocoaWindow)
+                continue;
+
             if (rect != cocoaWindow->geometry())
                 cocoaWindow->setGeometry(rect);
         }
-- 
cgit v1.2.3