diff options
author | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2018-06-25 13:50:52 +0200 |
---|---|---|
committer | Mårten Nordheim <marten.nordheim@qt.io> | 2018-06-27 17:40:25 +0000 |
commit | b78342f553ee13944c19bfdf77cdf68b0de87e50 (patch) | |
tree | 1726b60133f9ea8463352f969abb44826c6dd3fa /src/network/socket/qabstractsocket.cpp | |
parent | d550ba4e9628cf67880a1c8596629ec598718b3e (diff) |
QAbstractSocket - protect against the broken invariant
It's possible to use QAbstractSocket (more precisely QUdpSocket) in
a quite unusual way: connect to its stateChanged() signal and call
close() in the slot (thus invalidating socketEngine pointer). For
QAbstractSocket::bind() this results in a null-pointer
dereference.
Task-number: QTBUG-69063
Change-Id: Ife2c778ff59ccc7b99a96caa5ba67f877aaefe42
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Diffstat (limited to 'src/network/socket/qabstractsocket.cpp')
-rw-r--r-- | src/network/socket/qabstractsocket.cpp | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/network/socket/qabstractsocket.cpp b/src/network/socket/qabstractsocket.cpp index 13e10e4102..4d9fda00ce 100644 --- a/src/network/socket/qabstractsocket.cpp +++ b/src/network/socket/qabstractsocket.cpp @@ -1609,7 +1609,10 @@ bool QAbstractSocketPrivate::bind(const QHostAddress &address, quint16 port, QAb localPort = socketEngine->localPort(); emit q->stateChanged(state); - if (socketType == QAbstractSocket::UdpSocket) + // A slot attached to stateChanged() signal can break our invariant: + // by closing the socket it will reset its socket engine - thus we + // have additional check (isValid()) ... + if (q->isValid() && socketType == QAbstractSocket::UdpSocket) socketEngine->setReadNotificationEnabled(true); return true; } |