QAbstractSocket - protect against the broken invariant

It's possible to use QAbstractSocket (more precisely QUdpSocket) in a quite unusual way: connect to its stateChanged() signal and call close() in the slot (thus invalidating socketEngine pointer). For QAbstractSocket::bind() this results in a null-pointer dereference. Task-number: QTBUG-69063 Change-Id: Ife2c778ff59ccc7b99a96caa5ba67f877aaefe42 Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
author: Timur Pocheptsov <timur.pocheptsov@qt.io> 2018-06-25 13:50:52 +0200
committer: Mårten Nordheim <marten.nordheim@qt.io> 2018-06-27 17:40:25 +0000
commit: b78342f553ee13944c19bfdf77cdf68b0de87e50 (patch)
tree: 1726b60133f9ea8463352f969abb44826c6dd3fa /src/network/socket
parent: d550ba4e9628cf67880a1c8596629ec598718b3e (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/src/network/socket/qabstractsocket.cpp b/src/network/socket/qabstractsocket.cpp
index 13e10e4102..4d9fda00ce 100644
--- a/src/network/socket/qabstractsocket.cpp
+++ b/src/network/socket/qabstractsocket.cpp
@@ -1609,7 +1609,10 @@ bool QAbstractSocketPrivate::bind(const QHostAddress &address, quint16 port, QAb
     localPort = socketEngine->localPort();
 
     emit q->stateChanged(state);
-    if (socketType == QAbstractSocket::UdpSocket)
+    // A slot attached to stateChanged() signal can break our invariant:
+    // by closing the socket it will reset its socket engine - thus we
+    // have additional check (isValid()) ...
+    if (q->isValid() && socketType == QAbstractSocket::UdpSocket)
         socketEngine->setReadNotificationEnabled(true);
     return true;
 }
author	Timur Pocheptsov <timur.pocheptsov@qt.io>	2018-06-25 13:50:52 +0200
committer	Mårten Nordheim <marten.nordheim@qt.io>	2018-06-27 17:40:25 +0000
commit	b78342f553ee13944c19bfdf77cdf68b0de87e50 (patch)
tree	1726b60133f9ea8463352f969abb44826c6dd3fa /src/network/socket
parent	d550ba4e9628cf67880a1c8596629ec598718b3e (diff)