dev-qt/qtcore: Don't access QObjectPrivate::declarativeData unguarded

QTBUG: https://bugreports.qt.io/browse/QTBUG-105286

Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

2 files changed, 270 insertions, 0 deletions

diff --git a/dev-qt/qtcore/files/qtcore-5.15.5-QTBUG-105286.patch b/dev-qt/qtcore/files/qtcore-5.15.5-QTBUG-105286.patch
new file mode 100644
index 000000000000..985dd283dbd4
--- /dev/null
+++ b/dev-qt/qtcore/files/qtcore-5.15.5-QTBUG-105286.patch
@@ -0,0 +1,165 @@
+From 7f9253defd2e90f900d963c6d248a2a0bdaca1a8 Mon Sep 17 00:00:00 2001
+From: Volker Hilsheimer <volker.hilsheimer@qt.io>
+Date: Tue, 16 Aug 2022 15:32:58 +0200
+Subject: [PATCH] Don't access QObjectPrivate::declarativeData unguarded
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The QObjectPrivate::declarativeData member is stored in a union with
+currentChildBeingDeleted. The QObject destructor always sets the
+currentChildBeingDeleted member of the union. It also sets the
+isDeletingChildren bool, which is the only way to find out which union
+member we can safely access.
+
+While the QObject destructor is deleting children and isDeletingChildren
+is set, we must not access the declarativeData member of the union.
+
+Add a test case that initializes the function pointers for the
+declarative handlers and constructs a situation where an object
+emits a signal while it is destroying children.
+
+Fixes: QTBUG-105286
+Pick-to: 6.4 6.3 6.3.2 6.2 5.15
+Change-Id: Iea5ba2f7843b6926a8d157be166e6044d98d6c02
+Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
+Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
+(cherry picked from commit 3be99799a675a631c67e05897383af9abbc377b3)
+---
+ src/corelib/kernel/qobject.cpp                |  4 +-
+ src/corelib/kernel/qobject_p.h                |  2 +-
+ .../corelib/kernel/qobject/tst_qobject.cpp    | 77 +++++++++++++++++++
+ 3 files changed, 80 insertions(+), 3 deletions(-)
+
+diff --git a/src/corelib/kernel/qobject.cpp b/src/corelib/kernel/qobject.cpp
+index 0124f88abd..1f3843669b 100644
+--- a/src/corelib/kernel/qobject.cpp
++++ b/src/corelib/kernel/qobject.cpp
+@@ -992,7 +992,7 @@ QObject::~QObject()
+         emit destroyed(this);
+     }
+ 
+-    if (d->declarativeData) {
++    if (!d->isDeletingChildren && d->declarativeData) {
+         if (static_cast<QAbstractDeclarativeDataImpl*>(d->declarativeData)->ownedByQml1) {
+             if (QAbstractDeclarativeData::destroyed_qml1)
+                 QAbstractDeclarativeData::destroyed_qml1(d->declarativeData, this);
+@@ -2583,7 +2583,7 @@ int QObject::receivers(const char *signal) const
+         if (!d->isSignalConnected(signal_index))
+             return receivers;
+ 
+-        if (d->declarativeData && QAbstractDeclarativeData::receivers) {
++        if (!d->isDeletingChildren && d->declarativeData && QAbstractDeclarativeData::receivers) {
+             receivers += QAbstractDeclarativeData::receivers(d->declarativeData, this,
+                                                              signal_index);
+         }
+diff --git a/src/corelib/kernel/qobject_p.h b/src/corelib/kernel/qobject_p.h
+index 66c19d174e..46dcb93521 100644
+--- a/src/corelib/kernel/qobject_p.h
++++ b/src/corelib/kernel/qobject_p.h
+@@ -428,7 +428,7 @@ inline void QObjectPrivate::checkForIncompatibleLibraryVersion(int version) cons
+ 
+ inline bool QObjectPrivate::isDeclarativeSignalConnected(uint signal_index) const
+ {
+-    return declarativeData && QAbstractDeclarativeData::isSignalConnected
++    return !isDeletingChildren && declarativeData && QAbstractDeclarativeData::isSignalConnected
+             && QAbstractDeclarativeData::isSignalConnected(declarativeData, q_func(), signal_index);
+ }
+ 
+diff --git a/tests/auto/corelib/kernel/qobject/tst_qobject.cpp b/tests/auto/corelib/kernel/qobject/tst_qobject.cpp
+index 9bd66c0835..ed4a0bae5d 100644
+--- a/tests/auto/corelib/kernel/qobject/tst_qobject.cpp
++++ b/tests/auto/corelib/kernel/qobject/tst_qobject.cpp
+@@ -158,6 +158,7 @@ private slots:
+     void nullReceiver();
+     void functorReferencesConnection();
+     void disconnectDisconnects();
++    void declarativeData();
+ };
+ 
+ struct QObjectCreatedOnShutdown
+@@ -7679,5 +7680,81 @@ void tst_QObject::disconnectDisconnects()
+ Q_STATIC_ASSERT(QtPrivate::HasQ_OBJECT_Macro<tst_QObject>::Value);
+ Q_STATIC_ASSERT(!QtPrivate::HasQ_OBJECT_Macro<SiblingDeleter>::Value);
+ 
++#ifdef QT_BUILD_INTERNAL
++/*
++    Since QObjectPrivate stores the declarativeData pointer in a union with the pointer
++    to the currently destroyed child, calls to the QtDeclarative handlers need to be
++    correctly guarded. QTBUG-105286
++*/
++namespace QtDeclarative {
++static QAbstractDeclarativeData *theData;
++
++static void destroyed(QAbstractDeclarativeData *data, QObject *)
++{
++    QCOMPARE(data, theData);
++}
++static void signalEmitted(QAbstractDeclarativeData *data, QObject *, int, void **)
++{
++    QCOMPARE(data, theData);
++}
++// we can't use QCOMPARE in the next two functions, as they don't return void
++static int receivers(QAbstractDeclarativeData *data, const QObject *, int)
++{
++    QTest::qCompare(data, theData, "data", "theData", __FILE__, __LINE__);
++    return 0;
++}
++static bool isSignalConnected(QAbstractDeclarativeData *data, const QObject *, int)
++{
++    QTest::qCompare(data, theData, "data", "theData", __FILE__, __LINE__);
++    return true;
++}
++
++class Object : public QObject
++{
++    Q_OBJECT
++public:
++    using QObject::QObject;
++    ~Object()
++    {
++        if (Object *p = static_cast<Object *>(parent()))
++            p->emitSignal();
++    }
++
++    void emitSignal()
++    {
++        emit theSignal();
++    }
++
++signals:
++    void theSignal();
++};
++
++}
++#endif
++
++void tst_QObject::declarativeData()
++{
++#ifdef QT_BUILD_INTERNAL
++    QScopedValueRollback destroyed(QAbstractDeclarativeData::destroyed,
++                                   QtDeclarative::destroyed);
++    QScopedValueRollback signalEmitted(QAbstractDeclarativeData::signalEmitted,
++                                       QtDeclarative::signalEmitted);
++    QScopedValueRollback receivers(QAbstractDeclarativeData::receivers,
++                                   QtDeclarative::receivers);
++    QScopedValueRollback isSignalConnected(QAbstractDeclarativeData::isSignalConnected,
++                                           QtDeclarative::isSignalConnected);
++
++    QtDeclarative::Object p;
++    QObjectPrivate *priv = QObjectPrivate::get(&p);
++    priv->declarativeData = QtDeclarative::theData = new QAbstractDeclarativeData;
++
++    connect(&p, &QtDeclarative::Object::theSignal, &p, []{
++    });
++
++    QtDeclarative::Object *child = new QtDeclarative::Object;
++    child->setParent(&p);
++#endif
++}
++
+ QTEST_MAIN(tst_QObject)
+ #include "tst_qobject.moc"
+-- 
+GitLab
+
diff --git a/dev-qt/qtcore/qtcore-5.15.5-r3.ebuild b/dev-qt/qtcore/qtcore-5.15.5-r3.ebuild
new file mode 100644
index 000000000000..521f2c4e0632
--- /dev/null
+++ b/dev-qt/qtcore/qtcore-5.15.5-r3.ebuild
@@ -0,0 +1,105 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+QT5_KDEPATCHSET_REV=2
+QT5_MODULE="qtbase"
+inherit linux-info qt5-build
+
+DESCRIPTION="Cross-platform application development framework"
+SLOT=5/${QT5_PV}
+
+if [[ ${QT5_BUILD_TYPE} == release ]]; then
+	KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86"
+fi
+
+IUSE="icu old-kernel systemd"
+
+DEPEND="
+	dev-libs/double-conversion:=
+	dev-libs/glib:2
+	dev-libs/libpcre2[pcre16,unicode]
+	sys-libs/zlib:=
+	icu? ( dev-libs/icu:= )
+	!icu? ( virtual/libiconv )
+	systemd? ( sys-apps/systemd:= )
+"
+RDEPEND="${DEPEND}"
+
+PATCHES=(
+	"${FILESDIR}/${P}-hack_never_use_execinfo.patch"
+	"${FILESDIR}/${P}-QTBUG-105286.patch"
+)
+
+QT5_TARGET_SUBDIRS=(
+	src/tools/bootstrap
+	src/tools/moc
+	src/tools/rcc
+	src/corelib
+	src/tools/qlalr
+	doc
+)
+
+QT5_GENTOO_PRIVATE_CONFIG=(
+	!:network
+	!:sql
+	!:testlib
+	!:xml
+)
+
+pkg_pretend() {
+	use kernel_linux || return
+	get_running_version
+	if kernel_is -lt 4 11 && ! use old-kernel; then
+		ewarn "The running kernel is older than 4.11. USE=old-kernel is needed for"
+		ewarn "dev-qt/qtcore to function on this kernel properly. Bugs #669994, #672856"
+	fi
+}
+
+src_prepare() {
+	# don't add -O3 to CXXFLAGS, bug 549140
+	sed -i -e '/CONFIG\s*+=/s/optimize_full//' src/corelib/corelib.pro || die
+
+	# fix missing qt_version_tag symbol w/ LTO, bug 674382
+	sed -i -e 's/^gcc:ltcg/gcc/' src/corelib/global/global.pri || die
+
+	eapply "${FILESDIR}/${P}-slibtool.patch" # bug 792804, TODO: merge into _QT5_GENTOOPATCHSET_REV
+
+	qt5-build_src_prepare
+}
+
+src_configure() {
+	local myconf=(
+		$(qt_use icu)
+		$(qt_use !icu iconv)
+		$(qt_use systemd journald)
+	)
+	use old-kernel && myconf+=(
+		-no-feature-renameat2 # needs Linux 3.16, bug 669994
+		-no-feature-getentropy # needs Linux 3.17, bug 669994
+		-no-feature-statx # needs Linux 4.11, bug 672856
+	)
+	qt5-build_src_configure
+}
+
+src_install() {
+	qt5-build_src_install
+	qt5_symlink_binary_to_path qmake 5
+
+	local flags=(
+		DBUS FREETYPE IMAGEFORMAT_JPEG IMAGEFORMAT_PNG
+		OPENGL OPENSSL SSL WIDGETS
+	)
+
+	for flag in ${flags[@]}; do
+		cat >> "${D}"/${QT5_HEADERDIR}/QtCore/qconfig.h <<- _EOF_ || die
+
+			#if defined(QT_NO_${flag}) && defined(QT_${flag})
+			# undef QT_NO_${flag}
+			#elif !defined(QT_NO_${flag}) && !defined(QT_${flag})
+			# define QT_NO_${flag}
+			#endif
+		_EOF_
+	done
+}