When a QTextCursor survives its QTextDocument, the internal
QTextDocumentPrivate pointer is set to null. There are checks for
this in all the QTextCursor functions to skip out early if such
a QTextCursor is used.
However, when executing the "if (d->priv)" condition in setters,
this will access the non-const operator->() of QSharedDataPointer
and detach the QTextCursorPrivate, and in the copy constructor of
this class, there was an unprotected call into priv->addCursor().
In theory, we could cast all the checks for d->priv to avoid
detaching, but in practice this doesn't matter, since the setters
will typically detach anyway later on.
[ChangeLog][QtGui][Text] Fixed a crash that can happen when calling
a setter on a QTextCursor after its QTextDocument has been deleted.
Task-number: QTBUG-70293
Change-Id: I8f6dc5bb344d1d824f673c0c220b68b7fee237a8
Reviewed-by: Konstantin Ritt <ritt.ks@gmail.com>
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
720e243d88