diff options
| author | Marc Mutz <marc.mutz@kdab.com> | 2016-01-06 17:46:11 +0100 |
|---|---|---|
| committer | Marc Mutz <marc.mutz@kdab.com> | 2016-01-09 15:18:50 +0000 |
| commit | 1e2b42523f3a04fc3403ef6864bbcba447e4362c (patch) | |
| tree | 181833897d869e43a2c7f9f4f12dd6158fd31093 /src/corelib/kernel | |
| parent | 889fcfbf2b97c71146d182277068e7fbdb06587f (diff) | |
Fix UB in tst_QObject::disconnectDoesNotLeakFunctor()
If CountedStruct is passed a GetSenderObject object,
it will attempt to call a member on it from within
its own destructor.
That works usually quite well, but in this test case,
which tests for function object leaks when a connection
is torn down because the sender object is destroyed,
the destruction of the CountedStruct happens when all
connections are severed in ~QObject. At that point,
what used to be a GetSenderObject instance no longer
is one and the call into one of its member functions
invokes undefined behavior.
Fix by making QObject::sender() public by a using
declaration instead of a wrapper function.
Found by UBSan:
tests/auto/corelib/kernel/qobject/tst_qobject.cpp:6007:104: runtime error: member call on address 0x7ffc6e7538b0 which does not point to an object of type 'GetSenderObject'
0x7ffc6e7538b0: note: object is of type 'QObject'
Change-Id: Ia973140037b3c1b5a670a8a3949d09b956f40349
Reviewed-by: Olivier Goffart (Woboq GmbH) <ogoffart@woboq.com>
Diffstat (limited to 'src/corelib/kernel')
0 files changed, 0 insertions, 0 deletions