From 8ef1e1e7a4107f96a526c19bbe25ed6f1654e7ea Mon Sep 17 00:00:00 2001
From: Lars Knoll <lars.knoll@digia.com>
Date: Mon, 18 Aug 2014 12:38:24 +0200
Subject: [PATCH] Protect some members in QQmlObjectCreator

Avoid dangling pointers when nested incubators are being used.

Task-number: QTBUG-40437
Change-Id: I73922d2f373b2efbc00983305cdea9e8d60f0c41
Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>
---
 src/qml/qml/qqmlobjectcreator_p.h | 10 ++++++----
 src/qml/qml/qqmlvme.cpp           |  2 +-
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/qml/qml/qqmlobjectcreator_p.h b/src/qml/qml/qqmlobjectcreator_p.h
index fb4d71d054..73800ca9df 100644
--- a/src/qml/qml/qqmlobjectcreator_p.h
+++ b/src/qml/qml/qqmlobjectcreator_p.h
@@ -50,6 +50,8 @@
 #include <private/qrecursionwatcher_p.h>
 #include <private/qqmlprofiler_p.h>
 
+#include <qpointer.h>
+
 QT_BEGIN_NAMESPACE
 
 class QQmlAbstractBinding;
@@ -63,7 +65,7 @@ struct QQmlObjectCreatorSharedState : public QSharedData
     QQmlContextData *creationContext;
     QFiniteStack<QQmlAbstractBinding*> allCreatedBindings;
     QFiniteStack<QQmlParserStatus*> allParserStatusCallbacks;
-    QFiniteStack<QObject*> allCreatedObjects;
+    QFiniteStack<QPointer<QObject> > allCreatedObjects;
     QV4::Value *allJavaScriptObjects; // pointer to vector on JS stack to reference JS wrappers during creation phase.
     QQmlComponentAttached *componentAttached;
     QList<QQmlEnginePrivate::FinalizeCallback> finalizeCallbacks;
@@ -89,8 +91,8 @@ public:
 
     QList<QQmlError> errors;
 
-    QQmlContextData *parentContextData() const { return parentContext; }
-    QFiniteStack<QObject*> &allCreatedObjects() const { return sharedState->allCreatedObjects; }
+    QQmlContextData *parentContextData() { return parentContext.contextData(); }
+    QFiniteStack<QPointer<QObject> > &allCreatedObjects() const { return sharedState->allCreatedObjects; }
 
 private:
     QQmlObjectCreator(QQmlContextData *contextData, QQmlCompiledData *compiledData, QQmlObjectCreatorSharedState *inheritedSharedState);
@@ -123,7 +125,7 @@ private:
     QQmlEngine *engine;
     QQmlCompiledData *compiledData;
     const QV4::CompiledData::QmlUnit *qmlUnit;
-    QQmlContextData *parentContext;
+    QQmlGuardedContextData parentContext;
     QQmlContextData *context;
     const QHash<int, QQmlCompiledData::TypeReference*> &resolvedTypes;
     const QVector<QQmlPropertyCache *> &propertyCaches;
diff --git a/src/qml/qml/qqmlvme.cpp b/src/qml/qml/qqmlvme.cpp
index 56befa4a3e..8958d5cec6 100644
--- a/src/qml/qml/qqmlvme.cpp
+++ b/src/qml/qml/qqmlvme.cpp
@@ -113,7 +113,7 @@ void QQmlVMEGuard::guard(QQmlObjectCreator *creator)
 {
     clear();
 
-    QFiniteStack<QObject*> &objects = creator->allCreatedObjects();
+    QFiniteStack<QPointer<QObject> > &objects = creator->allCreatedObjects();
     m_objectCount = objects.count();
     m_objects = new QPointer<QObject>[m_objectCount];
     for (int ii = 0; ii < m_objectCount; ++ii)