From e5c272423d1bba2825086b82fd97499237a6fa4b Mon Sep 17 00:00:00 2001
From: Vlad Zahorodnii <vlad.zahorodnii@kde.org>
Date: Fri, 30 Oct 2020 16:55:30 +0200
Subject: Scanner: Avoid accessing dangling pointers in destroy_func()

Usually, the object associated with the resource gets destroyed in the
destroy_resource() function.

Therefore, we need to double-check that the object is still alive before
trying to reset its m_resource.

Change-Id: I26408228f58919db17eb29584a1cbd4a9427d25c
Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io>
(cherry picked from commit 735164b5c2a2637a8d53a8803a2401e4ef477ff0)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
---
 src/qtwaylandscanner/qtwaylandscanner.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/qtwaylandscanner/qtwaylandscanner.cpp b/src/qtwaylandscanner/qtwaylandscanner.cpp
index 1d635f069..e2f87bbd3 100644
--- a/src/qtwaylandscanner/qtwaylandscanner.cpp
+++ b/src/qtwaylandscanner/qtwaylandscanner.cpp
@@ -814,7 +814,9 @@ bool Scanner::process()
             printf("        if (Q_LIKELY(that)) {\n");
             printf("            that->m_resource_map.remove(resource->client(), resource);\n");
             printf("            that->%s_destroy_resource(resource);\n", interfaceNameStripped);
-            printf("            if (that->m_resource == resource)\n");
+            printf("\n");
+            printf("            that = resource->%s_object;\n", interfaceNameStripped);
+            printf("            if (that && that->m_resource == resource)\n");
             printf("                that->m_resource = nullptr;\n");
             printf("        }\n");
             printf("        delete resource;\n");
-- 
cgit v1.2.3