diff options
author | Fabian Kosmale <fabian.kosmale@qt.io> | 2020-06-08 11:52:21 +0200 |
---|---|---|
committer | Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> | 2020-06-09 04:25:28 +0000 |
commit | 722caf22ad321166a6a212c74e96b5e7730c2553 (patch) | |
tree | 63a7322a3779ab35ce1a0d4844b8d3454b5126b0 | |
parent | f23314a639dc628661c21115b74f5be07a890845 (diff) |
Avoid duplicate call to destroyv5.12.9
Fixing the lifetime issue in emitDestruction led to a new issue: Setting
linkedContext to nullptr before refCount has been incremented and
invalidate has run can lead to calling destroy twice on the same
pointer, and as a result to a use-after-free crash.
Amends 0c8e51705ac0bb86c4b123ecd30a11b41fd50b24
Task-number: QTBUG-84095
Change-Id: Ib2ce76a45977217d0fb0f0e3ce06b24858b90468
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
(cherry picked from commit a84537a159e9d3b9b66a9a0d4fdf3b1b9d3168d6)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
-rw-r--r-- | src/qml/qml/qqmlcontext.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/qml/qml/qqmlcontext.cpp b/src/qml/qml/qqmlcontext.cpp index d308e85673..66ba6fdaf3 100644 --- a/src/qml/qml/qqmlcontext.cpp +++ b/src/qml/qml/qqmlcontext.cpp @@ -626,12 +626,12 @@ void QQmlContextData::clearContext() void QQmlContextData::destroy() { Q_ASSERT(refCount == 0); - linkedContext = nullptr; // avoid recursion ++refCount; if (engine) invalidate(); + linkedContext = nullptr; Q_ASSERT(refCount == 1); clearContext(); |