diff options
author | Mitch Curtis <mitch.curtis@digia.com> | 2013-04-18 11:20:57 +0200 |
---|---|---|
committer | The Qt Project <gerrit-noreply@qt-project.org> | 2013-04-22 11:49:53 +0200 |
commit | 3e3b5709025d3564215cfca4f9aa5da95742a61f (patch) | |
tree | cac43a61a47259491f311e1522f246c2979d1454 /src/qml/types/qqmldelegatemodel.cpp | |
parent | 27da851843b12a2379f084d5e3e53a471bd188dd (diff) |
Prevent segfault on trying to access null cacheItem object.
In the situation mentioned in the bug report, a segfault occurs in
QQmlDelegateModelPrivate::incubatorStatusChanged. This
happens because cacheItem's object member is null but is still accessed
several times. This patch adds a check for null before operating on the
pointer.
Task-number: QTBUG-29727
Change-Id: Ia4c0699442c6d0f50e090b401a58ed06c69b351a
Reviewed-by: Andrew den Exter <andrew.den.exter@qinetic.com.au>
Diffstat (limited to 'src/qml/types/qqmldelegatemodel.cpp')
-rw-r--r-- | src/qml/types/qqmldelegatemodel.cpp | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/qml/types/qqmldelegatemodel.cpp b/src/qml/types/qqmldelegatemodel.cpp index c7b6b469a3..ad2b6f91e4 100644 --- a/src/qml/types/qqmldelegatemodel.cpp +++ b/src/qml/types/qqmldelegatemodel.cpp @@ -817,10 +817,12 @@ void QQmlDelegateModelPrivate::incubatorStatusChanged(QQDMIncubationTask *incuba releaseIncubator(incubationTask); if (status == QQmlIncubator::Ready) { + cacheItem->referenceObject(); if (QQuickPackage *package = qmlobject_cast<QQuickPackage *>(cacheItem->object)) emitCreatedPackage(incubationTask, package); else emitCreatedItem(incubationTask, cacheItem->object); + cacheItem->releaseObject(); } else if (status == QQmlIncubator::Error) { qmlInfo(q, m_delegate->errors()) << "Error creating delegate"; } @@ -835,6 +837,7 @@ void QQmlDelegateModelPrivate::incubatorStatusChanged(QQDMIncubationTask *incuba cacheItem->scriptRef -= 1; cacheItem->contextData->destroy(); cacheItem->contextData = 0; + if (!cacheItem->isReferenced()) { removeCacheItem(cacheItem); delete cacheItem; |