Fix use after free crash in QQmlDelegateModel

When iterating over the cache in QQmlDelegateModel::_q_itemsInserted(),
_q_itemsRemoved, _q_itemsMoved, _q_modelReset() and _q_itemsMoved,
updating some of the item's modelIndex can trigger layout change in
the view, which might in turn remove a QQmlDelegateModelItem from
the cache, causing us to dereference an already deleted pointer.

To prevent a crash, we always check whether the item is still valid in
the original cache and skip it if it has been removed in the meanwhile.

This fix is similar to 5df747fc but reduces runtime impact by performing
the lookup only when d->m_cache has detached from the loop's copy.

Fixes: QTBUG-76254
Change-Id: I9d7e0118e64e9ec7d8efae04e6ae319804f31981
Reviewed-by: Richard Moe Gustavsen <richard.gustavsen@qt.io>
 

0 files changed, 0 insertions, 0 deletions