From 6f75c189e1e5651b716afb316c801d080001c155 Mon Sep 17 00:00:00 2001 From: Joerg Bornemann Date: Wed, 24 Feb 2016 12:36:36 +0100 Subject: Fix crash in QProcess::waitForFinished on Windows Suppose the user connects QProcess::readyReadStandardOutput with a slot that calls QCoreApplication::processEvents. Assume the event loop did not handle events between QProcess::start and QProcess::waitForFinished. The process writes to stdout and exits. QProcessPrivate::waitForFinished calls drainOutputPipes which calls QWindowsPipeWriter::waitForReadyRead. This in turn will trigger _q_processDied via the readyRead signal and processEvents. _q_processDied will delete the pid object and set pid to null. After drainOutputPipes returns, _q_processDied is called again but it must not be called if pid is already destroyed. Prevent calling _q_processDied if pid is null. Task-number: QTBUG-48697 Change-Id: Iee047938ee1529057a1a43d71f4e882750903c7e Reviewed-by: Oswald Buddenhagen --- src/corelib/io/qprocess_win.cpp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'src/corelib/io') diff --git a/src/corelib/io/qprocess_win.cpp b/src/corelib/io/qprocess_win.cpp index 80e6d5bb61..98ada82446 100644 --- a/src/corelib/io/qprocess_win.cpp +++ b/src/corelib/io/qprocess_win.cpp @@ -647,7 +647,8 @@ bool QProcessPrivate::waitForReadyRead(int msecs) return false; if (WaitForSingleObjectEx(pid->hProcess, 0, false) == WAIT_OBJECT_0) { bool readyReadEmitted = drainOutputPipes(); - _q_processDied(); + if (pid) + _q_processDied(); return readyReadEmitted; } @@ -752,7 +753,8 @@ bool QProcessPrivate::waitForFinished(int msecs) if (WaitForSingleObject(pid->hProcess, timer.nextSleepTime()) == WAIT_OBJECT_0) { drainOutputPipes(); - _q_processDied(); + if (pid) + _q_processDied(); return true; } -- cgit v1.2.3