From f2102e1f829d216591a5f49819847c05383305ae Mon Sep 17 00:00:00 2001
From: Timothy Pearson <kb9vqf@pearsoncomputing.net>
Date: Mon, 10 Jun 2013 13:20:17 -0500
Subject: [PATCH] Fix incorrect thread termination handling when thread count
 is greater than two This resolves Bug 1521 Make double free or delete of
 QString objects more obvious

---
 src/kernel/qapplication.cpp |  2 +-
 src/tools/qstring.cpp       | 21 ++++++++++++++++++---
 src/widgets/qlistview.cpp   |  6 ++++--
 3 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/src/kernel/qapplication.cpp b/src/kernel/qapplication.cpp
index e556e37..959f850 100644
--- a/src/kernel/qapplication.cpp
+++ b/src/kernel/qapplication.cpp
@@ -3732,7 +3732,7 @@ void QApplication::removePostedEvent( QEvent *  event )
 void qThreadTerminationHandlerRecursive( QObject* object, QThread* originThread, QThread* destinationThread ) {
 #ifdef QT_THREAD_SUPPORT
 	QThread* objectThread = object->contextThreadObject();
-	if (objectThread && (objectThread != destinationThread)) {
+	if (objectThread && (objectThread == originThread)) {
 		QThread::CleanupType cleanupType = objectThread->cleanupType();
 		if (cleanupType == QThread::CleanupMergeObjects) {
 			object->moveToThread(destinationThread);
diff --git a/src/tools/qstring.cpp b/src/tools/qstring.cpp
index 0630cd3..251637d 100644
--- a/src/tools/qstring.cpp
+++ b/src/tools/qstring.cpp
@@ -1071,13 +1071,20 @@ QStringData::QStringData(QChar *u, uint l, uint m) : QShared(),
 }
 
 QStringData::~QStringData() {
-	if ( unicode ) delete[] ((char*)unicode);
+	if ( unicode ) {
+		delete[] ((char*)unicode);
+	}
 	if ( ascii && security_unpaged ) {
 		munlock(ascii, LINUX_MEMLOCK_LIMIT_BYTES);
 	}
-	if ( ascii ) delete[] ascii;
+	if ( ascii ) {
+		delete[] ascii;
+	}
 #ifdef QT_THREAD_SUPPORT
-	if ( mutex ) delete mutex;
+	if ( mutex ) {
+		delete mutex;
+		mutex = NULL;
+	}
 #endif // QT_THREAD_SUPPORT
 }
 
@@ -1675,6 +1682,13 @@ QString::QString( QStringData* dd, bool /* dummy */ ) {
 
 QString::~QString()
 {
+#if defined(QT_CHECK_RANGE)
+	if (!d) {
+		qWarning( "QString::~QString: Double free or delete detected!" );
+		return;
+	}
+#endif
+
 #ifdef QT_THREAD_SUPPORT
 	d->mutex->lock();
 #endif // QT_THREAD_SUPPORT
@@ -1684,6 +1698,7 @@ QString::~QString()
 			d->mutex->unlock();
 #endif // QT_THREAD_SUPPORT
 			d->deleteSelf();
+			d = NULL;
 		}
 		else {
 #ifdef QT_THREAD_SUPPORT
diff --git a/src/widgets/qlistview.cpp b/src/widgets/qlistview.cpp
index 6f8ec29..6e2564c 100644
--- a/src/widgets/qlistview.cpp
+++ b/src/widgets/qlistview.cpp
@@ -5181,11 +5181,13 @@ void QListView::keyPressEvent( QKeyEvent * e )
 
 QListViewItem * QListView::itemAt( const QPoint & viewPos ) const
 {
-    if ( viewPos.x() > contentsWidth() - contentsX() )
+    if ( viewPos.x() > contentsWidth() - contentsX() ) {
 	return 0;
+    }
 
-    if ( !d->drawables || d->drawables->isEmpty() )
+    if ( !d->drawables || d->drawables->isEmpty() ) {
 	buildDrawableList();
+    }
 
     QListViewPrivate::DrawableItem * c = d->drawables->first();
     int g = viewPos.y() + contentsY();