diff options
| author | Bernhard Übelacker <bernhardu@mailbox.org> | 2017-02-12 14:10:43 +0100 |
|---|---|---|
| committer | Edward Welbourne <edward.welbourne@qt.io> | 2017-04-10 17:05:50 +0000 |
| commit | d438be92dd7068fef94ce98e1ec039fe0ef4f3b3 (patch) | |
| tree | bc78d2190469c83f656cf789ea647e5ed81bbeba /src/qml/jsruntime/qv4qobjectwrapper_p.h | |
| parent | 617d6dc2017f49a84e4aeb15a40d78462be62326 (diff) | |
Avoid access to declarativeData when isDeletingChildren is set
QObject's members declarativeData and currentChildBeingDeleted share
the same memory because they are inside a union.
This leads to a problem when destructing mixed Widgets and QML objects.
Then in QObjectPrivate::deleteChildren the member currentChildBeingDeleted
is set. But unfortunatley QObjectWrapper::destroyObject retrieves
the same pointer via declarativeData.
This patch should avoid this by disallowing retrieval of declarativeData
when isDeletingChildren is set (or at least adds a Q_ASSERT).
Task-number: QTBUG-57714
Change-Id: I9ee02f79be3e8226c30076c24859b49b8dcfaecf
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
Diffstat (limited to 'src/qml/jsruntime/qv4qobjectwrapper_p.h')
| -rw-r--r-- | src/qml/jsruntime/qv4qobjectwrapper_p.h | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/src/qml/jsruntime/qv4qobjectwrapper_p.h b/src/qml/jsruntime/qv4qobjectwrapper_p.h index c7c4f4dd77..3764943499 100644 --- a/src/qml/jsruntime/qv4qobjectwrapper_p.h +++ b/src/qml/jsruntime/qv4qobjectwrapper_p.h @@ -209,13 +209,10 @@ inline ReturnedValue QObjectWrapper::wrap(ExecutionEngine *engine, QObject *obje if (Q_UNLIKELY(QQmlData::wasDeleted(object))) return QV4::Encode::null(); - QObjectPrivate *priv = QObjectPrivate::get(const_cast<QObject *>(object)); - if (Q_LIKELY(priv->declarativeData)) { - auto ddata = static_cast<QQmlData *>(priv->declarativeData); - if (Q_LIKELY(ddata->jsEngineId == engine->m_engineId && !ddata->jsWrapper.isUndefined())) { - // We own the JS object - return ddata->jsWrapper.value(); - } + auto ddata = QQmlData::get(object); + if (Q_LIKELY(ddata && ddata->jsEngineId == engine->m_engineId && !ddata->jsWrapper.isUndefined())) { + // We own the JS object + return ddata->jsWrapper.value(); } return wrap_slowPath(engine, object); |