From d438be92dd7068fef94ce98e1ec039fe0ef4f3b3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bernhard=20=C3=9Cbelacker?= <bernhardu@mailbox.org>
Date: Sun, 12 Feb 2017 14:10:43 +0100
Subject: Avoid access to declarativeData when isDeletingChildren is set

QObject's members declarativeData and currentChildBeingDeleted share
the same memory because they are inside a union.
This leads to a problem when destructing mixed Widgets and QML objects.
Then in QObjectPrivate::deleteChildren the member currentChildBeingDeleted
is set. But unfortunatley QObjectWrapper::destroyObject retrieves
the same pointer via declarativeData.

This patch should avoid this by disallowing retrieval of declarativeData
when isDeletingChildren is set (or at least adds a Q_ASSERT).

Task-number: QTBUG-57714
Change-Id: I9ee02f79be3e8226c30076c24859b49b8dcfaecf
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
---
 src/qml/qml/qqmlobjectcreator.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/qml/qml/qqmlobjectcreator.cpp')

diff --git a/src/qml/qml/qqmlobjectcreator.cpp b/src/qml/qml/qqmlobjectcreator.cpp
index 09936f6e7a..3ed3ce5460 100644
--- a/src/qml/qml/qqmlobjectcreator.cpp
+++ b/src/qml/qml/qqmlobjectcreator.cpp
@@ -1075,7 +1075,9 @@ QObject *QQmlObjectCreator::createInstance(int index, QObject *parent, bool isCo
             {
                 QQmlData *ddata = new (ddataMemory) QQmlData;
                 ddata->ownMemory = false;
-                QObjectPrivate::get(instance)->declarativeData = ddata;
+                QObjectPrivate* p = QObjectPrivate::get(instance);
+                Q_ASSERT(!p->isDeletingChildren);
+                p->declarativeData = ddata;
             }
 
             const int parserStatusCast = type->parserStatusCast();
-- 
cgit v1.2.3