Throw an exception in loadScopeObjectPropertyLookup when qmlScopeObject is null

When object is being destroyed, qmlScopeObject pointer is becoming null (I assume as part of the lookup invalidation?), causing nullptr dereferencing in the subsequent Init lookup stage. This commit prevents it by introducing an "early exit" on the load stage. Fixes: QTBUG-117866 Change-Id: Ifef1a0dd48a952f00f2c0d4d5015ec2f40b7f62a Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org> Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
author: Dmitrii Akshintsev <dmitrii.akshintsev@qt.io> 2023-10-16 17:43:06 +0200
committer: Dmitrii Akshintsev <dmitrii.akshintsev@qt.io> 2023-10-24 18:44:55 +0200
commit: c1320e7a35f3393d973126cc8e2c850e9377f4ab (patch)
tree: 8e74cbe32eb5bf960ce093eef77105f3a7c1c21b /src/qml/qml/qqml.cpp
parent: 69fce1185f2ba3b474871e38b3b5b3161a9f72ee (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/src/qml/qml/qqml.cpp b/src/qml/qml/qqml.cpp
index 88e559f54f..50ba496912 100644
--- a/src/qml/qml/qqml.cpp
+++ b/src/qml/qml/qqml.cpp
@@ -1773,6 +1773,12 @@ bool AOTCompiledContext::loadScopeObjectPropertyLookup(uint index, void *target)
 {
     QV4::Lookup *l = compilationUnit->runtimeLookups + index;
 
+    if (!qmlScopeObject) {
+        engine->handle()->throwReferenceError(
+                compilationUnit->runtimeStrings[l->nameIndex]->toQString());
+        return false;
+    }
+
     ObjectPropertyResult result = ObjectPropertyResult::NeedsInit;
     if (l->qmlContextPropertyGetter == QV4::QQmlContextWrapper::lookupScopeObjectProperty)
         result = loadObjectProperty(l, qmlScopeObject, target, qmlContext);
author	Dmitrii Akshintsev <dmitrii.akshintsev@qt.io>	2023-10-16 17:43:06 +0200
committer	Dmitrii Akshintsev <dmitrii.akshintsev@qt.io>	2023-10-24 18:44:55 +0200
commit	c1320e7a35f3393d973126cc8e2c850e9377f4ab (patch)
tree	8e74cbe32eb5bf960ce093eef77105f3a7c1c21b /src/qml/qml/qqml.cpp
parent	69fce1185f2ba3b474871e38b3b5b3161a9f72ee (diff)