From d438be92dd7068fef94ce98e1ec039fe0ef4f3b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bernhard=20=C3=9Cbelacker?= Date: Sun, 12 Feb 2017 14:10:43 +0100 Subject: Avoid access to declarativeData when isDeletingChildren is set QObject's members declarativeData and currentChildBeingDeleted share the same memory because they are inside a union. This leads to a problem when destructing mixed Widgets and QML objects. Then in QObjectPrivate::deleteChildren the member currentChildBeingDeleted is set. But unfortunatley QObjectWrapper::destroyObject retrieves the same pointer via declarativeData. This patch should avoid this by disallowing retrieval of declarativeData when isDeletingChildren is set (or at least adds a Q_ASSERT). Task-number: QTBUG-57714 Change-Id: I9ee02f79be3e8226c30076c24859b49b8dcfaecf Reviewed-by: Simon Hausmann Reviewed-by: Eirik Aavitsland --- src/qml/qml/qqmldata_p.h | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'src/qml/qml/qqmldata_p.h') diff --git a/src/qml/qml/qqmldata_p.h b/src/qml/qml/qqmldata_p.h index e271598c2d..2083326cd5 100644 --- a/src/qml/qml/qqmldata_p.h +++ b/src/qml/qml/qqmldata_p.h @@ -201,7 +201,9 @@ public: static QQmlData *get(const QObject *object, bool create = false) { QObjectPrivate *priv = QObjectPrivate::get(const_cast(object)); - if (priv->wasDeleted) { + // If QObjectData::isDeletingChildren is set then access to QObjectPrivate::declarativeData has + // to be avoided because QObjectPrivate::currentChildBeingDeleted is in use. + if (priv->isDeletingChildren || priv->wasDeleted) { Q_ASSERT(!create); return 0; } else if (priv->declarativeData) { @@ -269,8 +271,8 @@ bool QQmlData::wasDeleted(QObject *object) if (!priv || priv->wasDeleted) return true; - return priv->declarativeData && - static_cast(priv->declarativeData)->isQueuedForDeletion; + QQmlData *ddata = QQmlData::get(object); + return ddata && ddata->isQueuedForDeletion; } QQmlNotifierEndpoint *QQmlData::notify(int index) -- cgit v1.2.3