From 2ce8a33347e827fa4a1579b937ff5bbbadc16451 Mon Sep 17 00:00:00 2001 From: Fabian Kosmale Date: Mon, 31 Jan 2022 14:14:26 +0100 Subject: QQmlAdaptorModel: Do not use reparenting for lifetime managemment In QQmlAdaptorModel, we were using QQmlStrongJSQObjectReference to ensure that a passed in model lives long enough. However, QQmlAdaptorModel uses reparenting to keep objects alive. This is not safe, as we can use QML singletons as models. Reparenting singletons messes with the engine's lifetime handling once their new parent gets deleted: The object will be marked as queuedForDeletion by QQmlData::markAsDeleted; consequently wasDeleted returns true for the object, and any ScopedObject or ObjectWrapper will return nullptr when we try to retrieve their underlying QObject. The actual object probaly does not get deleted, as it is not placed in the QML heap. Consequently the gc will ignore it. This leads to a crash when the singleton is accessed in a different place: We see that the object is non-null, create a ScopedObject for it, and then try to later access the ScopedObject's underlying object (assuming that it must be non-null, because we already checked for the actual object being non-null). However, due to the reasons outlined above, we actually receive a null pointer, and thus encounter a crash. To avoid he issue, we change the lifetime management strategy: Instead of using the parent to keep the object alive, we now use a QV4::PersistentValue. Fixes: QTBUG-100260 Change-Id: I266e6ef94c4f079de3da2742d6fb8d61df5a64ce Reviewed-by: Andrei Golubev Reviewed-by: Ulf Hermann (cherry picked from commit 6901eacff40a7d8781e20fb5bcfd28d7526b589b) (cherry picked from commit ce8db0672557cef7942df061f52ccdf65fa250f6) Reviewed-by: Qt CI Bot --- .../qquicklistview/data/singletonModelLifetime.qml | 32 ++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 tests/auto/quick/qquicklistview/data/singletonModelLifetime.qml (limited to 'tests/auto/quick/qquicklistview/data/singletonModelLifetime.qml') diff --git a/tests/auto/quick/qquicklistview/data/singletonModelLifetime.qml b/tests/auto/quick/qquicklistview/data/singletonModelLifetime.qml new file mode 100644 index 0000000000..f230786723 --- /dev/null +++ b/tests/auto/quick/qquicklistview/data/singletonModelLifetime.qml @@ -0,0 +1,32 @@ +import QtQuick 2.15 +import QtQuick.Window 2.15 +import test 1.0 + +Window { + id: root + visible: true + width: 800 + height: 680 + property bool alive: false + + Component { + id: view + ListView { + model: SingletonModel + } + } + function compare(a,b) { + root.alive = (a === b) + } + + function test_singletonModelCrash() { + SingletonModel.objectName = "model" + var o = view.createObject(root) + o.destroy() + Qt.callLater(function() { + compare(SingletonModel.objectName, "model") + }) + } + + Component.onCompleted: root.test_singletonModelCrash() +} -- cgit v1.2.3