diff options
author | Ivan Solovev <ivan.solovev@qt.io> | 2023-02-09 16:12:15 +0100 |
---|---|---|
committer | Ivan Solovev <ivan.solovev@qt.io> | 2023-02-15 15:12:12 +0100 |
commit | b34bea5e96370986ea5dfc499fc2ec6366fda627 (patch) | |
tree | e7be05a28c796a93708c7c4941452454ca100b0b /src/corelib/thread/qfutureinterface.cpp | |
parent | ec8e6ed20034a5ea7d32bdc62b3b9dc91ce68d36 (diff) |
QFuture: fix continuation cleanup
Not clearing the continuationData could lead to use-after-free when
there is an attempt to cancel an already finished future, which belongs
to an already-destroyed promise.
This patch fixes it be explicitly resetting continuationData to nullptr
in the clearContinuation() method, which is called from the QPromise
destructor.
Task-number: QTBUG-103514
Pick-to: 6.5 6.4 6.2
Change-Id: I6418b3f5ad04f2fdc13a196ae208009eaa5de367
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
Diffstat (limited to 'src/corelib/thread/qfutureinterface.cpp')
-rw-r--r-- | src/corelib/thread/qfutureinterface.cpp | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/corelib/thread/qfutureinterface.cpp b/src/corelib/thread/qfutureinterface.cpp index eedfd7ceeb..ed46052fa7 100644 --- a/src/corelib/thread/qfutureinterface.cpp +++ b/src/corelib/thread/qfutureinterface.cpp @@ -847,6 +847,7 @@ void QFutureInterfaceBase::cleanContinuation() QMutexLocker lock(&d->continuationMutex); d->continuation = nullptr; d->continuationState = QFutureInterfaceBasePrivate::Cleaned; + d->continuationData = nullptr; } void QFutureInterfaceBase::runContinuation() const |