Details
Description
Looks like there is a problem with the QRenderCaptureReply deallocation in certain cases. When passing QRenderCaptureReply from Qml to cpp side, there is no more reference to the object from qml side, and gc thinks it can free the object. The reply parent should be set when creating it to prevent this.
Another problem is that there is no deallocation guard for the returned replies in the QRenderCapture, which means that if the client deallocates the reply before it is processed, QRenderCapure will try to use it when it gets processed and cause a crash.