AutoTest: Fix heap-use-after-free

The snapshot was given as a temporary expression to
findMatchingDefinition(). Upon destruction it deleted documents/controls
to which the returned symbols still had pointers to. The prime candidate
for the document to free is the one coming from the editor - the user
typed new content and thus created a new document. The last reference to
the old document was held in the temporary argument expression.

Fix by pinning the snapshot.

Task-number: QTCREATORBUG-16062
Change-Id: I4fb3915bef8471cefef4ca27450901824416e397
Reviewed-by: Orgad Shaneh <orgads@gmail.com>

src/plugins/autotest/testvisitor.cpp

@@ -63,6 +63,7 @@ bool TestVisitor::visit(CPlusPlus::Class *symbol)
 {
     const CPlusPlus::Overview o;
     CPlusPlus::LookupContext lc;
+    const CPlusPlus::Snapshot snapshot = CppTools::CppModelManager::instance()->snapshot();
 
     unsigned count = symbol->memberCount();
     for (unsigned i = 0; i < count; ++i) {
@@ -81,7 +82,7 @@ bool TestVisitor::visit(CPlusPlus::Class *symbol)
                 TestCodeLocationAndType locationAndType;
 
                 CPlusPlus::Function *functionDefinition = m_symbolFinder.findMatchingDefinition(
-                            func, CppTools::CppModelManager::instance()->snapshot(), true);
+                            func, snapshot, true);
                 if (functionDefinition && functionDefinition->fileId()) {
                     locationAndType.m_name = QString::fromUtf8(functionDefinition->fileName());
                     locationAndType.m_line = functionDefinition->line();