From bb334e8181c52ad1f2b1cf1b89337870579ac8b0 Mon Sep 17 00:00:00 2001
From: Johannes Rosenqvist <xeroc81@gmail.com>
Date: Wed, 4 May 2022 12:49:24 +0200
Subject: Fix a QDBusConnection crash with pending calls when connection is
 closed

QDBusConnection::closeConnection does not use deref() on pendingCall
list so if there is an QDBusPendingCallWatcher watching the
pending call the QDbusPendingCallPrivate destructor will
run twice causing a crash.

Pick-to: 5.15 6.2 6.3
Change-Id: Ib811da36d3510f4292aa310c52c0617b885947b7
Reviewed-by: Johannes Rosenqvist <xeroc81@gmail.com>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
---
 src/dbus/qdbusintegrator.cpp | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'src/dbus')

diff --git a/src/dbus/qdbusintegrator.cpp b/src/dbus/qdbusintegrator.cpp
index 59b46f3e4a..5acc3448bf 100644
--- a/src/dbus/qdbusintegrator.cpp
+++ b/src/dbus/qdbusintegrator.cpp
@@ -1138,7 +1138,13 @@ void QDBusConnectionPrivate::closeConnection()
         }
     }
 
-    qDeleteAll(pendingCalls);
+    for (auto it = pendingCalls.begin(); it != pendingCalls.end(); ++it) {
+        auto call = *it;
+        if (!call->ref.deref()) {
+            delete call;
+        }
+    }
+    pendingCalls.clear();
 
     // Disconnect all signals from signal hooks and from the object tree to
     // avoid QObject::destroyed being sent to dbus daemon thread which has
-- 
cgit v1.2.3