From 320504179eb5b7b8c52e54ea97c930ee7d8c1ae6 Mon Sep 17 00:00:00 2001
From: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>
Date: Fri, 15 Jan 2016 12:36:32 +0100
Subject: Fix access after free
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

If deleteLater is called from the destructor of LocationProviderQt,
QtPositioningHelper shouldn't be accessing LocationProviderQt from its
destructor.

Change-Id: I1f2344edc1918fcfa566c3cd6045694cabf89768
Reviewed-by: Michael Brüning <michael.bruning@theqtcompany.com>
---
 src/core/location_provider_qt.cpp | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/core/location_provider_qt.cpp b/src/core/location_provider_qt.cpp
index 222d15354..485ea8d94 100644
--- a/src/core/location_provider_qt.cpp
+++ b/src/core/location_provider_qt.cpp
@@ -74,6 +74,7 @@ private:
     QGeoPositionInfoSource *m_positionInfoSource;
 
     void postToLocationProvider(const base::Closure &task);
+    friend class LocationProviderQt;
 };
 
 QtPositioningHelper::QtPositioningHelper(LocationProviderQt *provider)
@@ -85,7 +86,8 @@ QtPositioningHelper::QtPositioningHelper(LocationProviderQt *provider)
 
 QtPositioningHelper::~QtPositioningHelper()
 {
-    m_locationProvider->m_positioningHelper = 0;
+    if (m_locationProvider)
+        m_locationProvider->m_positioningHelper = 0;
 }
 
 static bool isHighAccuracySource(const QGeoPositionInfoSource *source)
@@ -223,7 +225,10 @@ LocationProviderQt::LocationProviderQt()
 
 LocationProviderQt::~LocationProviderQt()
 {
-    m_positioningHelper->deleteLater();
+    if (m_positioningHelper) {
+        m_positioningHelper->m_locationProvider = 0;
+        m_positioningHelper->deleteLater();
+    }
 }
 
 bool LocationProviderQt::StartProvider(bool highAccuracy)
-- 
cgit v1.2.3