From 8ef1e1e7a4107f96a526c19bbe25ed6f1654e7ea Mon Sep 17 00:00:00 2001 From: Lars Knoll Date: Mon, 18 Aug 2014 12:38:24 +0200 Subject: Protect some members in QQmlObjectCreator Avoid dangling pointers when nested incubators are being used. Task-number: QTBUG-40437 Change-Id: I73922d2f373b2efbc00983305cdea9e8d60f0c41 Reviewed-by: Simon Hausmann --- src/qml/qml/qqmlobjectcreator_p.h | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'src/qml/qml/qqmlobjectcreator_p.h') diff --git a/src/qml/qml/qqmlobjectcreator_p.h b/src/qml/qml/qqmlobjectcreator_p.h index fb4d71d054..73800ca9df 100644 --- a/src/qml/qml/qqmlobjectcreator_p.h +++ b/src/qml/qml/qqmlobjectcreator_p.h @@ -50,6 +50,8 @@ #include #include +#include + QT_BEGIN_NAMESPACE class QQmlAbstractBinding; @@ -63,7 +65,7 @@ struct QQmlObjectCreatorSharedState : public QSharedData QQmlContextData *creationContext; QFiniteStack allCreatedBindings; QFiniteStack allParserStatusCallbacks; - QFiniteStack allCreatedObjects; + QFiniteStack > allCreatedObjects; QV4::Value *allJavaScriptObjects; // pointer to vector on JS stack to reference JS wrappers during creation phase. QQmlComponentAttached *componentAttached; QList finalizeCallbacks; @@ -89,8 +91,8 @@ public: QList errors; - QQmlContextData *parentContextData() const { return parentContext; } - QFiniteStack &allCreatedObjects() const { return sharedState->allCreatedObjects; } + QQmlContextData *parentContextData() { return parentContext.contextData(); } + QFiniteStack > &allCreatedObjects() const { return sharedState->allCreatedObjects; } private: QQmlObjectCreator(QQmlContextData *contextData, QQmlCompiledData *compiledData, QQmlObjectCreatorSharedState *inheritedSharedState); @@ -123,7 +125,7 @@ private: QQmlEngine *engine; QQmlCompiledData *compiledData; const QV4::CompiledData::QmlUnit *qmlUnit; - QQmlContextData *parentContext; + QQmlGuardedContextData parentContext; QQmlContextData *context; const QHash &resolvedTypes; const QVector &propertyCaches; -- cgit v1.2.3 From b0835b31fd456c30ea3fcaae6edc58212556477d Mon Sep 17 00:00:00 2001 From: Simon Hausmann Date: Thu, 21 Aug 2014 13:10:33 +0200 Subject: Fix crash with early QObject property access In the reported bug, it can happen that we try to access the compile-time resolved QObject property of an object that is referenced by id. The binding that uses this is triggered when the property changes but _also_ when the id referenced object gets either created or deleted. The first time the binding is evaluated is very early on, when the id referenced object is not created yet, so the binding evaluation fails. However the dependency is set up, and so later then the id referenced object is created and the id property is set on the context, the notification triggers and the binding is re-evaluated. During that binding evaluation a QObject property access happens by index on an object that doesn't have its VME meta-object set up yet. Therefore the property access fails and a crash occurs or the Q_ASSERT(property) assertion fails. The fix is to set register the id named object in the context _after_ the VME meta-object is setup. Task-number: QTBUG-40018 Change-Id: Ic2d7b4a0c49635efe68e93f2f6c316eb65f0c309 Reviewed-by: Lars Knoll --- src/qml/qml/qqmlobjectcreator_p.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/qml/qml/qqmlobjectcreator_p.h') diff --git a/src/qml/qml/qqmlobjectcreator_p.h b/src/qml/qml/qqmlobjectcreator_p.h index 73800ca9df..34a25982db 100644 --- a/src/qml/qml/qqmlobjectcreator_p.h +++ b/src/qml/qml/qqmlobjectcreator_p.h @@ -113,6 +113,8 @@ private: QString stringAt(int idx) const { return qmlUnit->header.stringAt(idx); } void recordError(const QV4::CompiledData::Location &location, const QString &description); + void registerObjectWithContextById(int objectIndex, QObject *instance) const; + enum Phase { Startup, CreatingObjects, -- cgit v1.2.3