From 080a5c705aa9c04a332c2f95a216853b098d9d6b Mon Sep 17 00:00:00 2001
From: Ulf Hermann <ulf.hermann@qt.io>
Date: Wed, 4 Oct 2017 17:21:44 +0200
Subject: QV4Engine: Don't cache compilation units to be unlinked

A compilation unit that is unlinked may recursively unlink and delete
further compilation units belonging to the same engine via its
resolvedTypes property. Those units won't be able to remove themselves
from the cached set, and will therefore get their unlink() method
called again, this time on a dangling pointer, when the engine gets
around to them.

Change-Id: Icaa941ca2117c8303c49623b2be0f9014502d849
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
---
 src/qml/jsruntime/qv4engine.cpp | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

(limited to 'src/qml')

diff --git a/src/qml/jsruntime/qv4engine.cpp b/src/qml/jsruntime/qv4engine.cpp
index 54011e6bd2..34336e3c87 100644
--- a/src/qml/jsruntime/qv4engine.cpp
+++ b/src/qml/jsruntime/qv4engine.cpp
@@ -478,10 +478,8 @@ ExecutionEngine::~ExecutionEngine()
     delete identifierTable;
     delete memoryManager;
 
-    QSet<QV4::CompiledData::CompilationUnit*> remainingUnits;
-    qSwap(compilationUnits, remainingUnits);
-    for (QV4::CompiledData::CompilationUnit *unit : qAsConst(remainingUnits))
-        unit->unlink();
+    while (!compilationUnits.isEmpty())
+        (*compilationUnits.begin())->unlink();
 
     internalClasses[Class_Empty]->destroy();
     delete classPool;
-- 
cgit v1.2.3