From b52c2f91f5ea4789110ced38a3ff7f696cea601f Mon Sep 17 00:00:00 2001
From: Ulf Hermann <ulf.hermann@theqtcompany.com>
Date: Fri, 11 Dec 2015 13:33:18 +0100
Subject: [PATCH] QmlDebug: Avoid dangerous interactions with QPacketProtocol

After deleteLater() a QObject does have another chance to send more
signals. So, if we do that with the underlying QIODevice, we should
disconnect it from the debug connection (which then doesn't have a
QPacketProtocol anymore). Also, setting dev to 0 in QPacketProtocol is
an incredibly bad idea, as we never check it for 0. The only reason
this piece of code is never triggered is that we never generate
invalid packets on purpose.

Change-Id: I80e7f494bf55fa1a510b6f0bdd50cf45cae23734
Task-number: QTCREATORBUG-15496
Reviewed-by: Joerg Bornemann <joerg.bornemann@theqtcompany.com>
---
 src/libs/qmldebug/qmldebugclient.cpp  | 3 +++
 src/libs/qmldebug/qpacketprotocol.cpp | 1 -
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/libs/qmldebug/qmldebugclient.cpp b/src/libs/qmldebug/qmldebugclient.cpp
index 126830ba13f..9aa4883843b 100644
--- a/src/libs/qmldebug/qmldebugclient.cpp
+++ b/src/libs/qmldebug/qmldebugclient.cpp
@@ -115,6 +115,9 @@ void QmlDebugConnectionPrivate::disconnected()
     delete protocol;
     protocol = 0;
     if (device) {
+        // Don't allow any "connected()" or "disconnected()" signals to be triggered anymore.
+        // As the protocol is gone this would lead to crashes.
+        device->disconnect();
         // Don't immediately delete it as it may do some cleanup on returning from a signal.
         device->deleteLater();
         device = 0;
diff --git a/src/libs/qmldebug/qpacketprotocol.cpp b/src/libs/qmldebug/qpacketprotocol.cpp
index 6ec50f7b02e..3b5a8d8422d 100644
--- a/src/libs/qmldebug/qpacketprotocol.cpp
+++ b/src/libs/qmldebug/qpacketprotocol.cpp
@@ -174,7 +174,6 @@ public Q_SLOTS:
                                         this, SLOT(aboutToClose()));
                     QObject::disconnect(dev, SIGNAL(bytesWritten(qint64)),
                                         this, SLOT(bytesWritten(qint64)));
-                    dev = 0;
                     emit invalidPacket();
                     return;
                 }
-- 
GitLab