QSemaphore::release: Revert "Optimize cond var notification"

This reverts commit 60113056bc4c328f62808d1c0fa2a1abec481f78. Calling d->cond.notify_all(); without the mutex means that another thread could acquire the semaphore (acquire the mutex, subtract from d->avail, return to caller) and destroy it. That would mean this thread is now effectively dereferencing a dangling d pointer. Fixes: QTBUG-120762 Pick-to: 6.5 6.6 6.7 Change-Id: I196523f9addf41c2bf1ffffd17a96317f88b43dd Reviewed-by: Marc Mutz <marc.mutz@qt.io> Reviewed-by: Artem Dyomin <artem.dyomin@qt.io>
author: Thiago Macieira <thiago.macieira@intel.com> 2024-01-11 11:51:40 -0800
committer: Marc Mutz <marc.mutz@qt.io> 2024-01-12 20:01:22 +0000
commit: 763ab0e6236de80a0b589fc574c75a414d86d374 (patch)
tree: 70a7dd7aa6ed21add7e772176204b9f78d68e96e /src/corelib/thread/qsemaphore.cpp
parent: 3552afe38a6ba3feebe4fd9ecd561a8c0c2b9717 (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/src/corelib/thread/qsemaphore.cpp b/src/corelib/thread/qsemaphore.cpp
index b11a7051b6..72781942ac 100644
--- a/src/corelib/thread/qsemaphore.cpp
+++ b/src/corelib/thread/qsemaphore.cpp
@@ -401,10 +401,10 @@ void QSemaphore::release(int n)
         return;
     }
 
-    {
-        const auto locker = qt_scoped_lock(d->mutex);
-        d->avail += n;
-    }
+    // Keep mutex locked until after notify_all() lest another thread acquire()s
+    // the semaphore once d->avail == 0 and then destroys it, leaving `d` dangling.
+    const auto locker = qt_scoped_lock(d->mutex);
+    d->avail += n;
     d->cond.notify_all();
 }
author	Thiago Macieira <thiago.macieira@intel.com>	2024-01-11 11:51:40 -0800
committer	Marc Mutz <marc.mutz@qt.io>	2024-01-12 20:01:22 +0000
commit	763ab0e6236de80a0b589fc574c75a414d86d374 (patch)
tree	70a7dd7aa6ed21add7e772176204b9f78d68e96e /src/corelib/thread/qsemaphore.cpp
parent	3552afe38a6ba3feebe4fd9ecd561a8c0c2b9717 (diff)