diff options
author | Kirill Burtsev <kirill.burtsev@qt.io> | 2021-07-22 12:32:17 +0200 |
---|---|---|
committer | Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> | 2021-07-22 20:52:14 +0000 |
commit | c65b417ac1c006abe6a0064bbe2740ec017935a4 (patch) | |
tree | 9f5994177254304b55acae4eb7f239b860a1cb06 /src/core/profile_io_data_qt.cpp | |
parent | 330ff27d9a2e266995c7c1fdcbfefb092fa6b4ba (diff) |
Fix crash in UI thread after deletion of profile io data on IO thread
Access happen if io data was removed in io thread by posted task earlier
than shutdown call. Ammends a5e627160c
==853575==ERROR: AddressSanitizer: heap-use-after-free on address ...
READ of size 1 at 0x6120001946c0 thread T0
#0 QtWebEngineCore::ProfileIODataQt::shutdownOnUIThread() profile_io_data_qt.cpp:109:9
#1 QtWebEngineCore::ProfileQt::~ProfileQt() profile_qt.cpp:117:22
Change-Id: Ia5b7710553e80cbb95bde0855093d31a60781c2b
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit 95a166e60bf8a23001adc3cdbd90a3b10340b11f)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
Diffstat (limited to 'src/core/profile_io_data_qt.cpp')
-rw-r--r-- | src/core/profile_io_data_qt.cpp | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/src/core/profile_io_data_qt.cpp b/src/core/profile_io_data_qt.cpp index c6d5e6763..bc256bb08 100644 --- a/src/core/profile_io_data_qt.cpp +++ b/src/core/profile_io_data_qt.cpp @@ -101,17 +101,19 @@ void ProfileIODataQt::shutdownOnUIThread() if (m_cookieDelegate) m_cookieDelegate->unsetMojoCookieManager(); m_proxyConfigMonitor.reset(); - bool posted = content::BrowserThread::DeleteSoon(content::BrowserThread::IO, FROM_HERE, this); - if (!posted) { - qWarning() << "Could not delete ProfileIODataQt on io thread !"; - delete this; - } + if (m_clearHttpCacheInProgress) { m_clearHttpCacheInProgress = false; content::BrowsingDataRemover *remover = content::BrowserContext::GetBrowsingDataRemover(m_profileAdapter->profile()); remover->RemoveObserver(&m_removerObserver); } + + bool posted = content::BrowserThread::DeleteSoon(content::BrowserThread::IO, FROM_HERE, this); + if (!posted) { + qWarning() << "Could not delete ProfileIODataQt on io thread !"; + delete this; + } } content::ResourceContext *ProfileIODataQt::resourceContext() |