Commit 156ece7b authored by Nikolai Kosjar's avatar Nikolai Kosjar

AutoTest: Fix heap-use-after-free

The snapshot was given as a temporary expression to
findMatchingDefinition(). Upon destruction it deleted documents/controls
to which the returned symbols still had pointers to. The prime candidate
for the document to free is the one coming from the editor - the user
typed new content and thus created a new document. The last reference to
the old document was held in the temporary argument expression.

Fix by pinning the snapshot.

Task-number: QTCREATORBUG-16062
Change-Id: I4fb3915bef8471cefef4ca27450901824416e397
Reviewed-by: Orgad Shaneh's avatarOrgad Shaneh <orgads@gmail.com>
parent 983a5a17
......@@ -63,6 +63,7 @@ bool TestVisitor::visit(CPlusPlus::Class *symbol)
{
const CPlusPlus::Overview o;
CPlusPlus::LookupContext lc;
const CPlusPlus::Snapshot snapshot = CppTools::CppModelManager::instance()->snapshot();
unsigned count = symbol->memberCount();
for (unsigned i = 0; i < count; ++i) {
......@@ -81,7 +82,7 @@ bool TestVisitor::visit(CPlusPlus::Class *symbol)
TestCodeLocationAndType locationAndType;
CPlusPlus::Function *functionDefinition = m_symbolFinder.findMatchingDefinition(
func, CppTools::CppModelManager::instance()->snapshot(), true);
func, snapshot, true);
if (functionDefinition && functionDefinition->fileId()) {
locationAndType.m_name = QString::fromUtf8(functionDefinition->fileName());
locationAndType.m_line = functionDefinition->line();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment