|
 |
2702c2 |
From e5c272423d1bba2825086b82fd97499237a6fa4b Mon Sep 17 00:00:00 2001
|
|
|
2702c2 |
From: Vlad Zahorodnii <vlad.zahorodnii@kde.org>
|
|
|
2702c2 |
Date: Fri, 30 Oct 2020 16:55:30 +0200
|
|
|
2702c2 |
Subject: [PATCH] Scanner: Avoid accessing dangling pointers in destroy_func()
|
|
|
2702c2 |
|
|
|
2702c2 |
Usually, the object associated with the resource gets destroyed in the
|
|
|
2702c2 |
destroy_resource() function.
|
|
|
2702c2 |
|
|
|
2702c2 |
Therefore, we need to double-check that the object is still alive before
|
|
|
2702c2 |
trying to reset its m_resource.
|
|
|
2702c2 |
|
|
|
2702c2 |
Change-Id: I26408228f58919db17eb29584a1cbd4a9427d25c
|
|
|
2702c2 |
Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io>
|
|
|
2702c2 |
(cherry picked from commit 735164b5c2a2637a8d53a8803a2401e4ef477ff0)
|
|
|
2702c2 |
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
2702c2 |
---
|
|
|
2702c2 |
|
|
|
2702c2 |
diff --git a/src/qtwaylandscanner/qtwaylandscanner.cpp b/src/qtwaylandscanner/qtwaylandscanner.cpp
|
|
|
2702c2 |
index 1d635f0..e2f87bb 100644
|
|
|
2702c2 |
--- a/src/qtwaylandscanner/qtwaylandscanner.cpp
|
|
|
2702c2 |
+++ b/src/qtwaylandscanner/qtwaylandscanner.cpp
|
|
|
2702c2 |
@@ -814,7 +814,9 @@
|
|
|
2702c2 |
printf(" if (Q_LIKELY(that)) {\n");
|
|
|
2702c2 |
printf(" that->m_resource_map.remove(resource->client(), resource);\n");
|
|
|
2702c2 |
printf(" that->%s_destroy_resource(resource);\n", interfaceNameStripped);
|
|
|
2702c2 |
- printf(" if (that->m_resource == resource)\n");
|
|
|
2702c2 |
+ printf("\n");
|
|
|
2702c2 |
+ printf(" that = resource->%s_object;\n", interfaceNameStripped);
|
|
|
2702c2 |
+ printf(" if (that && that->m_resource == resource)\n");
|
|
|
2702c2 |
printf(" that->m_resource = nullptr;\n");
|
|
|
2702c2 |
printf(" }\n");
|
|
|
2702c2 |
printf(" delete resource;\n");
|