If a QFont is moved to a different thread (B) than where it belongs (A), and the font cache is then purged on thread A, the last remaining reference to the engine will be on thread B. When this QFontEngine is later replaced with one created on B, we end up deleting A's QFontEngine on thread B. This caused QFreetypeFace::release() to be called on the wrong thread and the face would never be removed from the thread-local Freetype cache in A. Hence that cache would contain a dangling pointer to the freetype face which we would later end up fetching. To avoid this, we make sure the thread-local cache itself increases the ref count of the face. That way, the only time it will be deleted on a different thread is when the cache has been destroyed because the thread has shut down. If the last reference (except the cache reference) to a face is cleared on a different thread, we keep it in the cache until later. It will then be in a "deferred delete" mode and will be deleted as soon as possible. This is done either when the thread shuts down, when a lookup causes the "deferred delete" face to be returned, or when release() is called on any font on the thread (at which point we will purge all faces that only have the single cache reference.) Pick-to: 6.7 Fixes: QTBUG-118867 Change-Id: Ifa07a9cb6f4cd3e783e12a73d8b283e70d6fb474 Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>