This fixes a use-after-free in QPropertyDelayedNotifications::notify. Before this patch, evaluateBindings or a notify from a property index might have caused the originalBindingData to become reallocated. However, at that point, we've already restored the original bindingData in evaluateBindings, so we won't track updates, and thus won't adjust originalBindingStatus, which will then point to already freed data. To remedy this, we no longer do the notification with data fetched from originalBindingData, but instead use the information we have in the proxyData. We also need to enure that referenced bindings do not get deleted; for that we keep the PendingBindingObserverList alive for the whole duration of the endPropertyUpdateGroup. As we now have the PendingBindingObserverList, we use it for the notification logic, and only notify change handlers in QPropertyDelayedNotifications::notify. That will allow a follow-up cleanup of QPropertyObserverPointer::notify, and aligns the logic for grouped updates with the logic for "nornal", non-grouped updates. Amends f1b1773d0ae636fa9afa36224ba17566484af3cc. Task-number: QTBUG-110899 Pick-to: 6.5 6.4 6.2 Change-Id: Iae826e620d9614b7df39d86d8a28c48c8a5c4881 Reviewed-by: Ulf Hermann <ulf.hermann@qt.io> Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>