From 3e3b5709025d3564215cfca4f9aa5da95742a61f Mon Sep 17 00:00:00 2001 From: Mitch Curtis Date: Thu, 18 Apr 2013 11:20:57 +0200 Subject: [PATCH] Prevent segfault on trying to access null cacheItem object. In the situation mentioned in the bug report, a segfault occurs in QQmlDelegateModelPrivate::incubatorStatusChanged. This happens because cacheItem's object member is null but is still accessed several times. This patch adds a check for null before operating on the pointer. Task-number: QTBUG-29727 Change-Id: Ia4c0699442c6d0f50e090b401a58ed06c69b351a Reviewed-by: Andrew den Exter --- src/qml/types/qqmldelegatemodel.cpp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/qml/types/qqmldelegatemodel.cpp b/src/qml/types/qqmldelegatemodel.cpp index c7b6b46..ad2b6f9 100644 --- a/src/qml/types/qqmldelegatemodel.cpp +++ b/src/qml/types/qqmldelegatemodel.cpp @@ -817,10 +817,12 @@ void QQmlDelegateModelPrivate::incubatorStatusChanged(QQDMIncubationTask *incuba releaseIncubator(incubationTask); if (status == QQmlIncubator::Ready) { + cacheItem->referenceObject(); if (QQuickPackage *package = qmlobject_cast(cacheItem->object)) emitCreatedPackage(incubationTask, package); else emitCreatedItem(incubationTask, cacheItem->object); + cacheItem->releaseObject(); } else if (status == QQmlIncubator::Error) { qmlInfo(q, m_delegate->errors()) << "Error creating delegate"; } @@ -835,6 +837,7 @@ void QQmlDelegateModelPrivate::incubatorStatusChanged(QQDMIncubationTask *incuba cacheItem->scriptRef -= 1; cacheItem->contextData->destroy(); cacheItem->contextData = 0; + if (!cacheItem->isReferenced()) { removeCacheItem(cacheItem); delete cacheItem; -- 2.7.4