diff options
| author | Marc Mutz <marc.mutz@kdab.com> | 2014-10-17 16:19:16 +0200 |
|---|---|---|
| committer | Marc Mutz <marc.mutz@kdab.com> | 2014-10-18 00:33:03 +0200 |
| commit | 239b71d07d8a129ed445c7553c738934c7828711 (patch) | |
| tree | 7ba4ef51a510e5552d200f4329110191a0971e5d | |
| parent | 4de382f4a222e3f589e9fd554610f920c1957d10 (diff) | |
Fix use-after-delete bug in tst_QWidget::taskQTBUG_27643_enterEvents()
ASAN report:
READ of size 8 at 0x606000011990 thread T0
#0 0x505e3b in EnterTestMainDialog::eventFilter(QObject*, QEvent*) tests/auto/widgets/kernel/qwidget/tst_qwidget.cpp:10294
[...]
0x606000011990 is located 48 bytes inside of 56-byte region [0x606000011960,0x606000011998)
freed by thread T0 here:
#0 0x2b8df3551c79 in operator delete(void*) ../../../../gcc/libsanitizer/asan/asan_new_delete.cc:92
#1 0x418ab5 in EnterTestMainDialog::buttonPressed() tests/auto/widgets/kernel/qwidget/tst_qwidget.cpp:10276
previously allocated by thread T0 here:
#0 0x2b8df3551739 in operator new(unsigned long) ../../../../gcc/libsanitizer/asan/asan_new_delete.cc:60
#1 0x4188cf in EnterTestMainDialog::buttonPressed() tests/auto/widgets/kernel/qwidget/tst_qwidget.cpp:10272
EnterTestMainDialog::eventFilter() checks for nullness of 'modal'
before accessing it, but buttonPressed() did not reset 'modal'
to nullptr after deletion.
Change-Id: I65562a29f8264a6996d7d615e06de1d1afb5af53
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@digia.com>
| -rw-r--r-- | tests/auto/widgets/kernel/qwidget/tst_qwidget.cpp | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/tests/auto/widgets/kernel/qwidget/tst_qwidget.cpp b/tests/auto/widgets/kernel/qwidget/tst_qwidget.cpp index 34bb4cfdf6..ec3e8ece6a 100644 --- a/tests/auto/widgets/kernel/qwidget/tst_qwidget.cpp +++ b/tests/auto/widgets/kernel/qwidget/tst_qwidget.cpp @@ -10274,6 +10274,7 @@ public slots: QTimer::singleShot(100, this, SLOT(doMouseMoves())); modal->exec(); delete modal; + modal = Q_NULLPTR; } void doMouseMoves() |