From 31462b9797ad1c7a2b9772dff817fc918b3d9c7e Mon Sep 17 00:00:00 2001
From: outfoxxed <outfoxxed@outfoxxed.me>
Date: Sat, 20 Apr 2024 00:36:25 -0700
Subject: [PATCH] core/reloader: fix UAF of old generation during scene destroy

---
 src/core/generation.cpp | 19 +++++++++++++------
 src/core/generation.hpp |  2 ++
 2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/src/core/generation.cpp b/src/core/generation.cpp
index 62dd42f0..8f7744be 100644
--- a/src/core/generation.cpp
+++ b/src/core/generation.cpp
@@ -43,6 +43,17 @@ EngineGeneration::~EngineGeneration() {
 	if (this->root != nullptr) this->root->deleteLater();
 }
 
+void EngineGeneration::destroy() {
+	if (this->root != nullptr) {
+		QObject::connect(this->root, &QObject::destroyed, this, [this]() {
+			delete this;
+		});
+
+		this->root->deleteLater();
+		this->root = nullptr;
+	}
+}
+
 void EngineGeneration::onReload(EngineGeneration* old) {
 	if (old != nullptr) {
 		// if the old generation holds the window incubation controller as the
@@ -61,12 +72,8 @@ void EngineGeneration::onReload(EngineGeneration* old) {
 	emit this->reloadFinished();
 
 	if (old != nullptr) {
-		QTimer::singleShot(0, [this, old]() {
-			// The delete must happen in the next tick or you get segfaults,
-			// seems to be deleteLater related.
-			delete old;
-			this->postReload();
-		});
+		old->destroy();
+		QObject::connect(old, &QObject::destroyed, this, [this]() { this->postReload(); });
 	} else {
 		this->postReload();
 	}
diff --git a/src/core/generation.hpp b/src/core/generation.hpp
index 8db48137..f4703565 100644
--- a/src/core/generation.hpp
+++ b/src/core/generation.hpp
@@ -43,6 +43,8 @@ public:
 	DelayedQmlIncubationController delayedIncubationController;
 	bool reloadComplete = false;
 
+	void destroy();
+
 signals:
 	void filesChanged();
 	void reloadFinished();