QFuture: fix continuation cleanup

Not clearing the continuationData could lead to use-after-free when there is an attempt to cancel an already finished future, which belongs to an already-destroyed promise. This patch fixes it be explicitly resetting continuationData to nullptr in the clearContinuation() method, which is called from the QPromise destructor. Task-number: QTBUG-103514 Pick-to: 6.5 6.4 6.2 Change-Id: I6418b3f5ad04f2fdc13a196ae208009eaa5de367 Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org> Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
author: Ivan Solovev <ivan.solovev@qt.io> 2023-02-09 16:12:15 +0100
committer: Ivan Solovev <ivan.solovev@qt.io> 2023-02-15 15:12:12 +0100
commit: b34bea5e96370986ea5dfc499fc2ec6366fda627 (patch)
tree: e7be05a28c796a93708c7c4941452454ca100b0b /src/corelib/thread/qfutureinterface.cpp
parent: ec8e6ed20034a5ea7d32bdc62b3b9dc91ce68d36 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/src/corelib/thread/qfutureinterface.cpp b/src/corelib/thread/qfutureinterface.cpp
index eedfd7ceeb..ed46052fa7 100644
--- a/src/corelib/thread/qfutureinterface.cpp
+++ b/src/corelib/thread/qfutureinterface.cpp
@@ -847,6 +847,7 @@ void QFutureInterfaceBase::cleanContinuation()
     QMutexLocker lock(&d->continuationMutex);
     d->continuation = nullptr;
     d->continuationState = QFutureInterfaceBasePrivate::Cleaned;
+    d->continuationData = nullptr;
 }
 
 void QFutureInterfaceBase::runContinuation() const
author	Ivan Solovev <ivan.solovev@qt.io>	2023-02-09 16:12:15 +0100
committer	Ivan Solovev <ivan.solovev@qt.io>	2023-02-15 15:12:12 +0100
commit	b34bea5e96370986ea5dfc499fc2ec6366fda627 (patch)
tree	e7be05a28c796a93708c7c4941452454ca100b0b /src/corelib/thread/qfutureinterface.cpp
parent	ec8e6ed20034a5ea7d32bdc62b3b9dc91ce68d36 (diff)