diff options
author | Fabian Kosmale <fabian.kosmale@qt.io> | 2020-06-03 16:32:35 +0200 |
---|---|---|
committer | Fabian Kosmale <fabian.kosmale@qt.io> | 2020-06-05 13:08:03 +0200 |
commit | 73a1b230642dd3577563cf8a5ff95223e6b9bd4e (patch) | |
tree | 148c9d16a9db75b542233ca291b7f5e3b58c5720 /src/qml | |
parent | 0a9fb6ce3a0c04a01081f576776290cfa0cb8e29 (diff) |
Prevent premature child destruction
QQmlContextData::emitDestruction suffers from the fact that code can
delete objects while emitDestruction is ongoing. Notably, the sequence
child->emitDestruction can trigger a call to a->destruction (of one of
child's attached components), which then can indirectly delete both
child and child->nextChild (for instance, when a StackView gets
cleared).
We prevent this by using QQmlContextDataRef when iterating over the
children, which keeps the child alive for the duration of the loop.
Fixes: QTBUG-84095
Change-Id: I03a4e817904ba2735e1ffc15d509db95a1a4729e
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
(cherry picked from commit 0c8e51705ac0bb86c4b123ecd30a11b41fd50b24)
Diffstat (limited to 'src/qml')
-rw-r--r-- | src/qml/qml/qqmlcontext.cpp | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/qml/qml/qqmlcontext.cpp b/src/qml/qml/qqmlcontext.cpp index 3710cee162..d308e85673 100644 --- a/src/qml/qml/qqmlcontext.cpp +++ b/src/qml/qml/qqmlcontext.cpp @@ -51,6 +51,7 @@ #include <qjsengine.h> #include <QtCore/qvarlengtharray.h> #include <private/qmetaobject_p.h> +#include <QtQml/private/qqmlcontext_p.h> #include <QtCore/qdebug.h> QT_BEGIN_NAMESPACE @@ -562,8 +563,8 @@ void QQmlContextData::emitDestruction() emit a->destruction(); } - QQmlContextData * child = childContexts; - while (child) { + QQmlContextDataRef child = childContexts; + while (!child.isNull()) { child->emitDestruction(); child = child->nextChild; } |