From ad821a63bf4075f2b18ec9eaa6d58f8fd721269a Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <albert.astals@canonical.com>
Date: Wed, 19 Dec 2012 11:25:16 +0100
Subject: Do not crash on some animation changes

stop() might end up deleting the animationjob object so wrap
the call with a RETURN_IF_DELETED

Fixes valgrind complaining
==18380== Invalid read of size 1
==18380==    at 0x5530B24: QAbstractAnimationJob::setCurrentTime(int) (in /home/tsdgeos/qt5/qtdeclarative/lib/libQt5Qml.so.5.0.0)
==18380==    by 0x5530BDE: QQmlAnimationTimer::updateAnimationsTime(long long) (in /home/tsdgeos/qt5/qtdeclarative/lib/libQt5Qml.so.5.0.0)
==18380==    by 0x65C05DC: QUnifiedTimer::updateAnimationTimers(long long) (in /home/tsdgeos/qt5/qtbase/lib/libQt5Core.so.5.0.0)
==18380==    by 0x65C10E3: QAnimationDriver::advanceAnimation(long long) (in /home/tsdgeos/qt5/qtbase/lib/libQt5Core.so.5.0.0)
==18380==    by 0x5047DB9: QQuickRenderThreadSingleContextWindowManager::event(QEvent*) (qquickthreadedwindowmanager.cpp:588)
==18380==    by 0x58D7F9B: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /home/tsdgeos/qt5/qtbase/lib/libQt5Widgets.so.5.0.0)
==18380==    by 0x58DB364: QApplication::notify(QObject*, QEvent*) (in /home/tsdgeos/qt5/qtbase/lib/libQt5Widgets.so.5.0.0)
==18380==    by 0x6756B9D: QCoreApplication::notifyInternal(QObject*, QEvent*) (in /home/tsdgeos/qt5/qtbase/lib/libQt5Core.so.5.0.0)
==18380==    by 0x6758855: QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (in /home/tsdgeos/qt5/qtbase/lib/libQt5Core.so.5.0.0)
==18380==    by 0x679E7C2: postEventSourceDispatch(_GSource*, int (*)(void*), void*) (in /home/tsdgeos/qt5/qtbase/lib/libQt5Core.so.5.0.0)
==18380==    by 0x85B7AB4: g_main_context_dispatch (gmain.c:2715)
==18380==    by 0x85B7DE7: g_main_context_iterate.isra.24 (gmain.c:3290)
==18380==  Address 0x1642bd48 is 88 bytes inside a block of size 128 free'd
==18380==    at 0x4C2A44B: operator delete(void*) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==18380==    by 0x4F0728B: QQuickBehavior::write(QVariant const&) (qquickbehavior.cpp:210)
==18380==    by 0x53EB0FE: QQmlVMEMetaObject::metaCall(QMetaObject::Call, int, void**) (in /home/tsdgeos/qt5/qtdeclarative/lib/libQt5Qml.so.5.0.0)
==18380==    by 0x54FEA08: StoreProperty(QV8Engine*, QObject*, QQmlPropertyData*, v8::Handle<v8::Value>) (in /home/tsdgeos/qt5/qtdeclarative/lib/libQt5Qml.so.5.0.0)
==18380==    by 0x79ED2CE: v8::internal::JSObject::SetPropertyWithCallback(v8::internal::Object*, v8::internal::String*, v8::internal::Object*, v8::internal::JSObject*, v8::internal::StrictModeFlag) (in /home/tsdgeos/qt5/qtjsbackend/lib/libQt5V8.so.5.0.0)
==18380==    by 0x7A0AE71: v8::internal::JSObject::SetPropertyForResult(v8::internal::LookupResult*, v8::internal::String*, v8::internal::Object*, PropertyAttributes, v8::internal::StrictModeFlag) (in /home/tsdgeos/qt5/qtjsbackend/lib/libQt5V8.so.5.0.0)
==18380==    by 0x7A0B2D8: v8::internal::JSReceiver::SetProperty(v8::internal::String*, v8::internal::Object*, PropertyAttributes, v8::internal::StrictModeFlag, bool) (in /home/tsdgeos/qt5/qtjsbackend/lib/libQt5V8.so.5.0.0)
==18380==    by 0x79A8861: v8::internal::StoreIC::Store(v8::internal::InlineCacheState, v8::internal::StrictModeFlag, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::String>, v8::internal::Handle<v8::internal::Object>) (in /home/tsdgeos/qt5/qtjsbackend/lib/libQt5V8.so.5.0.0)
==18380==    by 0x79A8DF0: v8::internal::StoreIC_Miss(v8::internal::Arguments, v8::internal::Isolate*) (in /home/tsdgeos/qt5/qtjsbackend/lib/libQt5V8.so.5.0.0)
==18380==    by 0x24E8BD20618D: ???
==18380==    by 0x24E8BD237AC9: ???
==18380==    by 0x24E8BD2249E6: ???

Change-Id: Idcb195206d344bb526ee37f9172a6b3c029540db
Reviewed-by: Michael Brasser <michael.brasser@live.com>
---
 src/qml/animations/qabstractanimationjob.cpp       |  2 +-
 .../animations/tst_abstractanimationjobcrash.qml   | 73 ++++++++++++++++++++++
 2 files changed, 74 insertions(+), 1 deletion(-)
 create mode 100644 tests/auto/qmltest/animations/tst_abstractanimationjobcrash.qml

diff --git a/src/qml/animations/qabstractanimationjob.cpp b/src/qml/animations/qabstractanimationjob.cpp
index df8431e746..67b3391c0c 100644
--- a/src/qml/animations/qabstractanimationjob.cpp
+++ b/src/qml/animations/qabstractanimationjob.cpp
@@ -463,7 +463,7 @@ void QAbstractAnimationJob::setCurrentTime(int msecs)
     // and has reached the end.
     if ((m_direction == Forward && m_totalCurrentTime == totalDura)
         || (m_direction == Backward && m_totalCurrentTime == 0)) {
-        stop();
+        RETURN_IF_DELETED(stop());
     }
 
     if (m_hasCurrentTimeChangeListeners)
diff --git a/tests/auto/qmltest/animations/tst_abstractanimationjobcrash.qml b/tests/auto/qmltest/animations/tst_abstractanimationjobcrash.qml
new file mode 100644
index 0000000000..466bb160aa
--- /dev/null
+++ b/tests/auto/qmltest/animations/tst_abstractanimationjobcrash.qml
@@ -0,0 +1,73 @@
+/****************************************************************************
+**
+** Copyright (C) 2012 Digia Plc and/or its subsidiary(-ies).
+** Contact: http://www.qt-project.org/legal
+**
+** This file is part of the test suite of the Qt Toolkit.
+**
+** $QT_BEGIN_LICENSE:BSD$
+** You may use this file under the terms of the BSD license as follows:
+**
+** "Redistribution and use in source and binary forms, with or without
+** modification, are permitted provided that the following conditions are
+** met:
+**   * Redistributions of source code must retain the above copyright
+**     notice, this list of conditions and the following disclaimer.
+**   * Redistributions in binary form must reproduce the above copyright
+**     notice, this list of conditions and the following disclaimer in
+**     the documentation and/or other materials provided with the
+**     distribution.
+**   * Neither the name of Digia Plc and its Subsidiary(-ies) nor the names
+**     of its contributors may be used to endorse or promote products derived
+**     from this software without specific prior written permission.
+**
+**
+** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+** LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+** A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+** OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+** SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+** LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+** DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+** THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+** (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+** OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE."
+**
+** $QT_END_LICENSE$
+**
+****************************************************************************/
+
+import QtQuick 2.0
+import QtTest 1.0
+
+Item {
+    Rectangle {
+        id: rect
+
+        property bool finished: false
+
+        Behavior on opacity {
+            NumberAnimation {
+                onRunningChanged: {
+                    if (!running) {
+                        if (rect.opacity <= 0.1)
+                            rect.opacity = 1
+                        else
+                            rect.finished = true
+                    }
+                }
+            }
+        }
+    }
+
+    TestCase {
+        name: "AbstractAnitaionJobCrash"
+
+        function test_noCrash() {
+            rect.opacity = 0
+            while (!rect.finished)
+                wait(100)
+        }
+    }
+}
-- 
cgit v1.2.3