summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFabian Kosmale <fabian.kosmale@qt.io>2020-11-25 21:09:27 +0100
committerQt Cherry-pick Bot <cherrypick_bot@qt-project.org>2020-11-26 12:19:09 +0000
commitec325887eb53ce25403ddc96bdc9fe9d143bfdd5 (patch)
tree4e2b84624d0130e8e3a9c83e067d46d10580d1c8
parente723f0aceb7de3b52fb40de3ef1fe0259fce47a8 (diff)
QCache: Fix crash observed in tst_QAccessibility
Fixes a use-after-free which can reliably be observed under ASAN. In QConfFileSettingsPrivate::~QConfFileSettingsPrivate we call unusedCache->insert(conf_file->name, conf_file, ...) Note that the key is a member of the object. Thus by deleting the object before using the key, we dereference a dangling pointer. Amends f08492c6fd9818c7d80b1725355453e179b4d85b. Change-Id: I3a550fc73446b72dd46456232e85f6d206d64c01 Reviewed-by: Andy Shaw <andy.shaw@qt.io> (cherry picked from commit 5283ee71040dc2f3a762e9cc5e807fb17587e9b7) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
-rw-r--r--src/corelib/tools/qcache.h2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/corelib/tools/qcache.h b/src/corelib/tools/qcache.h
index 7c065a8806..74784af121 100644
--- a/src/corelib/tools/qcache.h
+++ b/src/corelib/tools/qcache.h
@@ -237,8 +237,8 @@ public:
bool insert(const Key &key, T *object, qsizetype cost = 1)
{
if (cost > mx) {
- delete object;
remove(key);
+ delete object;
return false;
}
trim(mx - cost);