Throw an exception in loadScopeObjectPropertyLookup when qmlScopeObject is null

When object is being destroyed, qmlScopeObject pointer is becoming null (I assume as part of the lookup invalidation?), causing nullptr dereferencing in the subsequent Init lookup stage.
This commit prevents it by introducing an "early exit" on the load stage.

Fixes: QTBUG-117866
Change-Id: Ifef1a0dd48a952f00f2c0d4d5015ec2f40b7f62a
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>

3 files changed, 49 insertions, 0 deletions

diff --git a/tests/auto/qml/qmlcppcodegen/data/CMakeLists.txt b/tests/auto/qml/qmlcppcodegen/data/CMakeLists.txt
index 129b1e894b..0a33eece52 100644
--- a/tests/auto/qml/qmlcppcodegen/data/CMakeLists.txt
+++ b/tests/auto/qml/qmlcppcodegen/data/CMakeLists.txt
@@ -183,6 +183,7 @@ set(qml_files
     notEqualsInt.qml
     notNotString.qml
     nullAccess.qml
+    nullAccessInsideSignalHandler.qml
     nullComparison.qml
     numbersInJsPrimitive.qml
     objectInVar.qml
diff --git a/tests/auto/qml/qmlcppcodegen/data/nullAccessInsideSignalHandler.qml b/tests/auto/qml/qmlcppcodegen/data/nullAccessInsideSignalHandler.qml
new file mode 100644
index 0000000000..8fe47b7296
--- /dev/null
+++ b/tests/auto/qml/qmlcppcodegen/data/nullAccessInsideSignalHandler.qml
@@ -0,0 +1,33 @@
+import QtQuick
+
+Item {
+    id: root
+    visible: true
+
+    property var speaker
+    signal say_hello()
+
+    Component{
+        id: speakerComp
+        Text {
+            text: "HELLO"
+            function say_hello() {
+                console.log(text)
+            }
+        }
+    }
+
+    Timer {
+        interval: 1; running: true; repeat: false
+        onTriggered: root.say_hello();
+    }
+
+    Component.onCompleted:
+    {
+        root.speaker = speakerComp.createObject(root);
+
+        root.say_hello.connect(root.speaker.say_hello);
+
+        root.speaker.destroy();
+    }
+}
diff --git a/tests/auto/qml/qmlcppcodegen/tst_qmlcppcodegen.cpp b/tests/auto/qml/qmlcppcodegen/tst_qmlcppcodegen.cpp
index 486a777fef..4854108b86 100644
--- a/tests/auto/qml/qmlcppcodegen/tst_qmlcppcodegen.cpp
+++ b/tests/auto/qml/qmlcppcodegen/tst_qmlcppcodegen.cpp
@@ -154,6 +154,7 @@ private slots:
     void notEqualsInt();
     void notNotString();
     void nullAccess();
+    void nullAccessInsideSignalHandler();
     void nullComparison();
     void numbersInJsPrimitive();
     void objectInVar();
@@ -3091,6 +3092,20 @@ void tst_QmlCppCodegen::nullAccess()
     QCOMPARE(object->property("height").toDouble(), 0.0);
 }
 
+void tst_QmlCppCodegen::nullAccessInsideSignalHandler()
+{
+    QQmlEngine engine;
+    QQmlComponent component(&engine, QUrl(u"qrc:/qt/qml/TestTypes/nullAccessInsideSignalHandler.qml"_s));
+    QVERIFY2(!component.isError(), component.errorString().toUtf8());
+    QTest::ignoreMessage(QtWarningMsg,
+                         "qrc:/qt/qml/TestTypes/nullAccessInsideSignalHandler.qml:15: ReferenceError: "
+                         "text is not defined");
+    QScopedPointer<QObject> object(component.create());
+    QSignalSpy spy(object.data(), SIGNAL(say_hello()));
+    QTRY_VERIFY(spy.size() > 0);
+}
+
+
 void tst_QmlCppCodegen::nullComparison()
 {
     QQmlEngine engine;