Details
-
Bug
-
Resolution: Done
-
P1: Critical
-
5.4.0
-
None
-
bbf3c4715a1569b26a3aa029046e26989efd6edc
Description
When we have a property alias pointing to a deleted qobject, we expect the property to be automatically set to null (like the alias is) But instead it is in an invalid state and can lead to crash.
See this test case:
const char qmldata[]= R"-( import QtQuick 2.4 import QtQuick.Window 2.2 Window { id:win; visible: true; property var modelData2; property alias modelData: win.modelData2; Text { anchors.fill: parent; text:"Click here"; } MouseArea { anchors.fill: parent; onClicked: { modelData = _myObj.create(); console.log(modelData2); modelData.del(); console.log(modelData); // null, that's good console.log(modelData2); // TypeError? if (modelData2) { echo ("index" in modelData2) // CRASH! } } } } )-"; #include <QApplication> #include <QQmlApplicationEngine> #include <QQmlContext> class MyObj : public QObject { Q_OBJECT public slots: QObject* create() { return (new MyObj); } void del() { delete this; } }; int main(int argc, char *argv[]) { QApplication app(argc, argv); QQmlApplicationEngine engine; engine.rootContext()->setContextProperty("_myObj", new MyObj); engine.loadData(qmldata); return app.exec(); } #include "main.moc"
And here is the backtrace:
==13626== Invalid read of size 8 ==13626== at 0x5FFF578: QV4::QObjectWrapper::findProperty(QV4::ExecutionEngine*, QQmlContextData*, QV4::String*, QV4::QObjectWrapper::RevisionMode, QQmlPropertyData*) const ==13626== by 0x5FFF8C1: QV4::QObjectWrapper::query(QV4::Managed const*, QV4::String*) ==13626== by 0x5FD012D: QV4::Object::hasOwnProperty(QV4::String*) const ==13626== by 0x5FD016A: QV4::Object::hasProperty(QV4::String*) const ==13626== by 0x600E04F: QV4::Runtime::in(QV4::ExecutionContext*, QV4::ValueRef, QV4::ValueRef)