Prevent segfault on trying to access null cacheItem object.

In the situation mentioned in the bug report, a segfault occurs in
QQmlDelegateModelPrivate::incubatorStatusChanged. This
happens because cacheItem's object member is null but is still accessed
several times. This patch adds a check for null before operating on the
pointer.

Task-number: QTBUG-29727

Change-Id: Ia4c0699442c6d0f50e090b401a58ed06c69b351a
Reviewed-by: Andrew den Exter <andrew.den.exter@qinetic.com.au>

diff --git a/src/qml/types/qqmldelegatemodel.cpp b/src/qml/types/qqmldelegatemodel.cpp
index c7b6b46..ad2b6f9 100644 (file)
--- a/src/qml/types/qqmldelegatemodel.cpp
+++ b/src/qml/types/qqmldelegatemodel.cpp
@@ -817,10 +817,12 @@ void QQmlDelegateModelPrivate::incubatorStatusChanged(QQDMIncubationTask *incuba
     releaseIncubator(incubationTask);
 
     if (status == QQmlIncubator::Ready) {
+        cacheItem->referenceObject();
         if (QQuickPackage *package = qmlobject_cast<QQuickPackage *>(cacheItem->object))
             emitCreatedPackage(incubationTask, package);
         else
             emitCreatedItem(incubationTask, cacheItem->object);
+        cacheItem->releaseObject();
     } else if (status == QQmlIncubator::Error) {
         qmlInfo(q, m_delegate->errors()) << "Error creating delegate";
     }
@@ -835,6 +837,7 @@ void QQmlDelegateModelPrivate::incubatorStatusChanged(QQDMIncubationTask *incuba
         cacheItem->scriptRef -= 1;
         cacheItem->contextData->destroy();
         cacheItem->contextData = 0;
+
         if (!cacheItem->isReferenced()) {
             removeCacheItem(cacheItem);
             delete cacheItem;