Fix race condition in QFactoryLoader: lock the mutex we already have

The process of loading a plugin is examplified by the qLoadPlugin
function (though not all users of QFactoryLoader use this function, they
all do something similar):

    const int index = loader->indexOf(key);
    if (index != -1) {
        QObject *factoryObject = loader->instance(index);
        if (FactoryInterface *factory = qobject_cast<FactoryInterface *>(factoryObject))
            if (PluginInterface *result = factory->create(key, std::forward<Args>(args)...))
                return result;
    }

QFactoryLoader::indexOf already locked the mutex, but not
QFactoryLoader::instance. This commit fixes that.

Note that calling the virtual create() in the plugin's factory is not
protected by the mutex. Each plugin's factory must be thread-safe and
also create an object that works on any thread too. It's also the
responsibility of the caller of qLoadPlugin to ensure that it's called
thread-safely.

Task-number: QTBUG-42855
Change-Id: I63e21df51c7448bc8b5ffffd148ebee33d4c47de
Reviewed-by: Olivier Goffart (Woboq GmbH) <ogoffart@woboq.com>
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>

1 files changed, 2 insertions, 0 deletions

diff --git a/src/corelib/plugin/qfactoryloader.cpp b/src/corelib/plugin/qfactoryloader.cpp
index c09dc6c22b..b8e18cc9a8 100644
--- a/src/corelib/plugin/qfactoryloader.cpp
+++ b/src/corelib/plugin/qfactoryloader.cpp
@@ -282,6 +282,7 @@ QObject *QFactoryLoader::instance(int index) const
         return 0;
 
 #ifndef QT_NO_LIBRARY
+    QMutexLocker lock(&d->mutex);
     if (index < d->libraryList.size()) {
         QLibraryPrivate *library = d->libraryList.at(index);
         if (library->instance || library->loadPlugin()) {
@@ -297,6 +298,7 @@ QObject *QFactoryLoader::instance(int index) const
         return 0;
     }
     index -= d->libraryList.size();
+    lock.unlock();
 #endif
 
     QVector<QStaticPlugin> staticPlugins = QPluginLoader::staticPlugins();