From 92a65fdac69d7773b114584f1637946622cf4f72 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tor=20Arne=20Vestb=C3=B8?= <tor.arne.vestbo@qt.io>
Date: Thu, 27 Mar 2025 11:39:21 +0100
Subject: [PATCH] Delete QWindow children during QWindow destruction before
 ~QObject

Otherwise we run the risk of a child window referencing its parent
as a QWindow, for example via QWindow::screen(), which is UB, as the
QWindow no longer exists as such.

It's the right fix, but it may have fallout from code that (wrongly)
assumed children would live longer than what they will after this patch.
The reason for not picking to 6.9 or earlier is to mitigate this risk.
We can always pick later once it's cooked in dev.

Done-with: Marc Mutz <marc.mutz@qt.io>
Change-Id: Idca3fe09b83c7bcd9335a48877f2f14b304fb0ac
Reviewed-by: Marc Mutz <marc.mutz@qt.io>
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
---
 src/gui/kernel/qwindow.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/gui/kernel/qwindow.cpp b/src/gui/kernel/qwindow.cpp
index 99a21ebd01c..8b7cfd231bc 100644
--- a/src/gui/kernel/qwindow.cpp
+++ b/src/gui/kernel/qwindow.cpp
@@ -184,6 +184,12 @@ QWindow::QWindow(QWindowPrivate &dd, QWindow *parent)
 QWindow::~QWindow()
 {
     Q_D(QWindow);
+
+    // Delete child windows up front, instead of waiting for ~QObject,
+    // in case the destruction of the child references its parent as
+    // a (no longer valid) QWindow.
+    qDeleteAll(findChildren<QWindow *>(Qt::FindDirectChildrenOnly));
+
     d->destroy();
     // Decouple from parent before window goes under
     setParent(nullptr);