diff options
authorJüri Valdmann <>2020-08-12 14:30:32 +0200
committerJüri Valdmann <>2020-08-14 14:39:46 +0200
commit99a668c324218a1fab4824a9707194ff38df6dfe (patch)
parentcc5bf0d5852d4e55abdda12061eb3908f8d84856 (diff)
Fix swap condition in DisplayGLOutputSurface::updatePaintNode
The buffer pointers m_middleBuffer and m_frontBuffer are swapped in updatePaintNode on the condition that m_middleBuffer is non-null and it's serviceId non-zero. But neither m_middleBuffer nor it's serviceId is immediately cleared, leaving the possibility that a subsequent call to updatePaintNode could swap the buffer pointers again if this call occurs before m_middleBuffer is cleared in swapBuffersOnVizThread. The m_taskRunner pointer is however cleared immediately and therefore the subsequent call to updatePaintNode will trigger a segmentation fault. Since m_taskRunner precisely tracks the condition when we should or should not swap, change the swap condition to simply require that m_taskRunner is non-null. Fixes: QTBUG-85817 Change-Id: Iad89bb0f4de7c0c151d5c5bd63ac74ab6cdd9087 Reviewed-by: Michael Brüning <>
1 files changed, 1 insertions, 1 deletions
diff --git a/src/core/compositor/display_gl_output_surface_qsg.cpp b/src/core/compositor/display_gl_output_surface_qsg.cpp
index 2f7b3de84..d4b9154d1 100644
--- a/src/core/compositor/display_gl_output_surface_qsg.cpp
+++ b/src/core/compositor/display_gl_output_surface_qsg.cpp
@@ -88,7 +88,7 @@ QSGNode *DisplayGLOutputSurface::updatePaintNode(QSGNode *oldNode, RenderWidgetH
QMutexLocker locker(&m_mutex);
- if (m_middleBuffer && m_middleBuffer->serviceId) {
+ if (m_taskRunner) {
std::swap(m_middleBuffer, m_frontBuffer);