From 99a668c324218a1fab4824a9707194ff38df6dfe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=BCri=20Valdmann?= Date: Wed, 12 Aug 2020 14:30:32 +0200 Subject: Fix swap condition in DisplayGLOutputSurface::updatePaintNode MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The buffer pointers m_middleBuffer and m_frontBuffer are swapped in updatePaintNode on the condition that m_middleBuffer is non-null and it's serviceId non-zero. But neither m_middleBuffer nor it's serviceId is immediately cleared, leaving the possibility that a subsequent call to updatePaintNode could swap the buffer pointers again if this call occurs before m_middleBuffer is cleared in swapBuffersOnVizThread. The m_taskRunner pointer is however cleared immediately and therefore the subsequent call to updatePaintNode will trigger a segmentation fault. Since m_taskRunner precisely tracks the condition when we should or should not swap, change the swap condition to simply require that m_taskRunner is non-null. Fixes: QTBUG-85817 Change-Id: Iad89bb0f4de7c0c151d5c5bd63ac74ab6cdd9087 Reviewed-by: Michael BrĂ¼ning --- src/core/compositor/display_gl_output_surface_qsg.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/compositor/display_gl_output_surface_qsg.cpp b/src/core/compositor/display_gl_output_surface_qsg.cpp index 2f7b3de84..d4b9154d1 100644 --- a/src/core/compositor/display_gl_output_surface_qsg.cpp +++ b/src/core/compositor/display_gl_output_surface_qsg.cpp @@ -88,7 +88,7 @@ QSGNode *DisplayGLOutputSurface::updatePaintNode(QSGNode *oldNode, RenderWidgetH { { QMutexLocker locker(&m_mutex); - if (m_middleBuffer && m_middleBuffer->serviceId) { + if (m_taskRunner) { std::swap(m_middleBuffer, m_frontBuffer); m_taskRunner->PostTask( FROM_HERE, -- cgit v1.2.3