From 722caf22ad321166a6a212c74e96b5e7730c2553 Mon Sep 17 00:00:00 2001
From: Fabian Kosmale <fabian.kosmale@qt.io>
Date: Mon, 8 Jun 2020 11:52:21 +0200
Subject: Avoid duplicate call to destroy

Fixing the lifetime issue in emitDestruction led to a new issue: Setting
linkedContext to nullptr before refCount has been incremented and
invalidate has run can lead to calling destroy twice on the same
pointer, and as a result to a use-after-free crash.

Amends 0c8e51705ac0bb86c4b123ecd30a11b41fd50b24

Task-number: QTBUG-84095
Change-Id: Ib2ce76a45977217d0fb0f0e3ce06b24858b90468
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
(cherry picked from commit a84537a159e9d3b9b66a9a0d4fdf3b1b9d3168d6)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
---
 src/qml/qml/qqmlcontext.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/qml/qml/qqmlcontext.cpp b/src/qml/qml/qqmlcontext.cpp
index d308e85673..66ba6fdaf3 100644
--- a/src/qml/qml/qqmlcontext.cpp
+++ b/src/qml/qml/qqmlcontext.cpp
@@ -626,12 +626,12 @@ void QQmlContextData::clearContext()
 void QQmlContextData::destroy()
 {
     Q_ASSERT(refCount == 0);
-    linkedContext = nullptr;
 
     // avoid recursion
     ++refCount;
     if (engine)
         invalidate();
+    linkedContext = nullptr;
 
     Q_ASSERT(refCount == 1);
     clearContext();
-- 
cgit v1.2.3