fix crash on WebEngineNewViewRequest.openIn

When calling WebEngineNewViewRequest.openIn with the WebEngineView
that initiated the request, QQuickWebEngineViewPrivate::adoptWebContents
would destroy the current WebContentsAdapter object.
But this WebContentsAdapter implicitly holds the RenderHostViewImpl of
the current call stack. Accesses to it after adoptWebContents is finished
will crash.
Fix the crash by deferred deletion of the current WebContentsAdapter.

Task-number: QTBUG-47601
Change-Id: I3c229172511b4aed77632a0abefbe0265ebf1557
Reviewed-by: Michael Brüning <[email protected]>

Author: jobor

src/webengine/api/qquickwebengineview.cpp

@@ -543,6 +543,18 @@ QAccessible::State QQuickWebEngineViewAccessible::state() const
 }
 #endif // QT_NO_ACCESSIBILITY
 
+class WebContentsAdapterOwner : public QObject
+{
+public:
+    typedef QExplicitlySharedDataPointer<QtWebEngineCore::WebContentsAdapter> AdapterPtr;
+    WebContentsAdapterOwner(const AdapterPtr &ptr)
+        : adapter(ptr)
+    {}
+
+private:
+    AdapterPtr adapter;
+};
+
 void QQuickWebEngineViewPrivate::adoptWebContents(WebContentsAdapter *webContents)
 {
     if (!webContents) {
@@ -566,6 +578,8 @@ void QQuickWebEngineViewPrivate::adoptWebContents(WebContentsAdapter *webContent
 
     // This throws away the WebContentsAdapter that has been used until now.
     // All its states, particularly the loading URL, are replaced by the adopted WebContentsAdapter.
+    WebContentsAdapterOwner *adapterOwner = new WebContentsAdapterOwner(adapter);
+    adapterOwner->deleteLater();
     adapter = webContents;
     adapter->initialize(this);