summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFabian Kosmale <fabian.kosmale@qt.io>2020-06-08 11:52:21 +0200
committerQt Cherry-pick Bot <cherrypick_bot@qt-project.org>2020-06-09 04:25:28 +0000
commit722caf22ad321166a6a212c74e96b5e7730c2553 (patch)
tree63a7322a3779ab35ce1a0d4844b8d3454b5126b0
parentf23314a639dc628661c21115b74f5be07a890845 (diff)
Avoid duplicate call to destroyv5.12.95.12.9
Fixing the lifetime issue in emitDestruction led to a new issue: Setting linkedContext to nullptr before refCount has been incremented and invalidate has run can lead to calling destroy twice on the same pointer, and as a result to a use-after-free crash. Amends 0c8e51705ac0bb86c4b123ecd30a11b41fd50b24 Task-number: QTBUG-84095 Change-Id: Ib2ce76a45977217d0fb0f0e3ce06b24858b90468 Reviewed-by: Ulf Hermann <ulf.hermann@qt.io> (cherry picked from commit a84537a159e9d3b9b66a9a0d4fdf3b1b9d3168d6) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
-rw-r--r--src/qml/qml/qqmlcontext.cpp2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/qml/qml/qqmlcontext.cpp b/src/qml/qml/qqmlcontext.cpp
index d308e85673..66ba6fdaf3 100644
--- a/src/qml/qml/qqmlcontext.cpp
+++ b/src/qml/qml/qqmlcontext.cpp
@@ -626,12 +626,12 @@ void QQmlContextData::clearContext()
void QQmlContextData::destroy()
{
Q_ASSERT(refCount == 0);
- linkedContext = nullptr;
// avoid recursion
++refCount;
if (engine)
invalidate();
+ linkedContext = nullptr;
Q_ASSERT(refCount == 1);
clearContext();