From c1320e7a35f3393d973126cc8e2c850e9377f4ab Mon Sep 17 00:00:00 2001
From: Dmitrii Akshintsev <dmitrii.akshintsev@qt.io>
Date: Mon, 16 Oct 2023 17:43:06 +0200
Subject: Throw an exception in loadScopeObjectPropertyLookup when
 qmlScopeObject is null

When object is being destroyed, qmlScopeObject pointer is becoming null (I assume as part of the lookup invalidation?), causing nullptr dereferencing in the subsequent Init lookup stage.
This commit prevents it by introducing an "early exit" on the load stage.

Fixes: QTBUG-117866
Change-Id: Ifef1a0dd48a952f00f2c0d4d5015ec2f40b7f62a
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
---
 src/qml/qml/qqml.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'src/qml/qml/qqml.cpp')

diff --git a/src/qml/qml/qqml.cpp b/src/qml/qml/qqml.cpp
index 88e559f54f..50ba496912 100644
--- a/src/qml/qml/qqml.cpp
+++ b/src/qml/qml/qqml.cpp
@@ -1773,6 +1773,12 @@ bool AOTCompiledContext::loadScopeObjectPropertyLookup(uint index, void *target)
 {
     QV4::Lookup *l = compilationUnit->runtimeLookups + index;
 
+    if (!qmlScopeObject) {
+        engine->handle()->throwReferenceError(
+                compilationUnit->runtimeStrings[l->nameIndex]->toQString());
+        return false;
+    }
+
     ObjectPropertyResult result = ObjectPropertyResult::NeedsInit;
     if (l->qmlContextPropertyGetter == QV4::QQmlContextWrapper::lookupScopeObjectProperty)
         result = loadObjectProperty(l, qmlScopeObject, target, qmlContext);
-- 
cgit v1.2.3