Fix access to invalid memory in ~QQmlEnginePrivate

~QQmlEnginePrivate tries to set incubationController->d to 0. However,
we're already setting the backpointer (q) of incubationController to 0
in ~QQmlEngine, so that the IncubationController destructor might run
in between without being able to reset incubationController.

To fix this, just handle the unsetting of incubationController once, in
~QQmlEnginePrivate.

Task-number: QTBUG-32161
Change-Id: I43a72dcfc0f95938ebfa67d3998adff1fb2d05a1
Reviewed-by: Alan Alpert <aalpert@blackberry.com>

diff --git a/src/qml/qml/qqmlengine.cpp b/src/qml/qml/qqmlengine.cpp
index 18dbedb..5a7a9f1 100644 (file)
--- a/src/qml/qml/qqmlengine.cpp
+++ b/src/qml/qml/qqmlengine.cpp
@@ -855,9 +855,6 @@ QQmlEngine::~QQmlEngine()
     QList<QQmlType*> singletonTypes = QQmlMetaType::qmlSingletonTypes();
     foreach (QQmlType *currType, singletonTypes)
         currType->singletonInstanceInfo()->destroy(this);
-
-    if (d->incubationController)
-        d->incubationController->d = 0;
 }
 
 /*! \fn void QQmlEngine::quit()