Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[qtdeclarative] Fix crash due to an interaction between an item layer…
… and anchors. Fixes JB#44681

Evaluating anchors in QQuickItem::componentComplete() will change size
and position bindings and the right code reacting to those changes could
create a layer after QQuickItemPrivate::completeCreate is set to true
which means QQuickItemLayer::classBegin() would not be called, but
QQuickItemLayer::componentComplete() would be meaning
QQuickItemLayer::activate() would be called twice and it would be added
as an item change listener twice. If the layer was then ever deactivated
it would only be removed as a listener once and changes to the parent
size would update the layers size when it wasn't expecting it.
  • Loading branch information
denexter committed Nov 11, 2019
1 parent 549ae5a commit dcf3fbd
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion src/quick/items/qquickitem.cpp
Expand Up @@ -7676,7 +7676,13 @@ void QQuickItemLayer::classBegin()

void QQuickItemLayer::componentComplete()
{
Q_ASSERT(!m_componentComplete);
// There is a window in QQuickItem::completeCreate() between where componentComplete in the
// item is set to true and componentComplete() is called on a layer in which arbitrary code
// may execute due to anchor evaluations and create a layer on which classBegin() was not called.
// If that happens componentComplete() should be ignored or activate() will be called twice.
if (m_componentComplete)
return;

m_componentComplete = true;
if (m_enabled)
activate();
Expand Down

0 comments on commit dcf3fbd

Please sign in to comment.