QCache: Fix crash observed in tst_QAccessibility

Fixes a use-after-free which can reliably be observed under ASAN. In QConfFileSettingsPrivate::~QConfFileSettingsPrivate we call unusedCache->insert(conf_file->name, conf_file, ...) Note that the key is a member of the object. Thus by deleting the object before using the key, we dereference a dangling pointer. Amends f08492c6fd9818c7d80b1725355453e179b4d85b. Change-Id: I3a550fc73446b72dd46456232e85f6d206d64c01 Reviewed-by: Andy Shaw <andy.shaw@qt.io> (cherry picked from commit 5283ee71040dc2f3a762e9cc5e807fb17587e9b7) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
author: Fabian Kosmale <fabian.kosmale@qt.io> 2020-11-25 21:09:27 +0100
committer: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> 2020-11-27 07:28:24 +0000
commit: 5abe64928cad7d92bbb3e8499b0db63c6deec363 (patch)
tree: da5f8a733b49602e6ce3f7bfb7059dda2391deb0
parent: d3caea04dc6c3a7072a43294b70bec860c199bf1 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/corelib/tools/qcache.h b/src/corelib/tools/qcache.h
index 7c065a8806..74784af121 100644
--- a/src/corelib/tools/qcache.h
+++ b/src/corelib/tools/qcache.h
@@ -237,8 +237,8 @@ public:
     bool insert(const Key &key, T *object, qsizetype cost = 1)
     {
         if (cost > mx) {
-            delete object;
             remove(key);
+            delete object;
             return false;
         }
         trim(mx - cost);
author	Fabian Kosmale <fabian.kosmale@qt.io>	2020-11-25 21:09:27 +0100
committer	Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>	2020-11-27 07:28:24 +0000
commit	5abe64928cad7d92bbb3e8499b0db63c6deec363 (patch)
tree	da5f8a733b49602e6ce3f7bfb7059dda2391deb0
parent	d3caea04dc6c3a7072a43294b70bec860c199bf1 (diff)