diff options
author | Vlad Zahorodnii <vlad.zahorodnii@kde.org> | 2020-10-30 16:55:30 +0200 |
---|---|---|
committer | Vlad Zahorodnii <vlad.zahorodnii@kde.org> | 2020-11-13 14:14:23 +0200 |
commit | 735164b5c2a2637a8d53a8803a2401e4ef477ff0 (patch) | |
tree | 9ab89ef41daed1833cb02ba83beaf728fb8ace6e | |
parent | a423790a1836cb4f7757fc99735df99b9f1617ba (diff) | |
download | qtwayland-735164b5c2a2637a8d53a8803a2401e4ef477ff0.tar.gz |
Scanner: Avoid accessing dangling pointers in destroy_func()
Usually, the object associated with the resource gets destroyed in the
destroy_resource() function.
Therefore, we need to double-check that the object is still alive before
trying to reset its m_resource.
Pick-to: 5.15
Change-Id: I26408228f58919db17eb29584a1cbd4a9427d25c
Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io>
-rw-r--r-- | src/qtwaylandscanner/qtwaylandscanner.cpp | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/qtwaylandscanner/qtwaylandscanner.cpp b/src/qtwaylandscanner/qtwaylandscanner.cpp index 1a1f8bf1..450ef519 100644 --- a/src/qtwaylandscanner/qtwaylandscanner.cpp +++ b/src/qtwaylandscanner/qtwaylandscanner.cpp @@ -814,7 +814,9 @@ bool Scanner::process() printf(" if (Q_LIKELY(that)) {\n"); printf(" that->m_resource_map.remove(resource->client(), resource);\n"); printf(" that->%s_destroy_resource(resource);\n", interfaceNameStripped); - printf(" if (that->m_resource == resource)\n"); + printf("\n"); + printf(" that = resource->%s_object;\n", interfaceNameStripped); + printf(" if (that && that->m_resource == resource)\n"); printf(" that->m_resource = nullptr;\n"); printf(" }\n"); printf(" delete resource;\n"); |