AuroraMiddleware/qt5base-lts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

QNetworkReplyHttpImpl: Fix UB (member call) in destruction sequence

Browse Source 
Found by UBSan:

  qnetworkreplyhttpimpl.cpp:457:29: runtime error: member call on address 0x602000009cf0 which does not point to an object of type 'QNetworkReplyHttpImpl'
  0x602000009cf0: note: object is of type 'QObject'
   1e 00 80 18  20 e0 bb 12 54 7f 00 00  00 f2 00 00 70 61 00 00  02 00 00 00 ff ff ff 06  08 00 00 00
                ^~~~~~~~~~~~~~~~~~~~~~~
                vptr for 'QObject'
    #0 0x7f541461b71b in QNetworkReplyHttpImplPrivate::~QNetworkReplyHttpImplPrivate() qnetworkreplyhttpimpl.cpp:457
    #1 0x7f541461b7f0 in QNetworkReplyHttpImplPrivate::~QNetworkReplyHttpImplPrivate() qnetworkreplyhttpimpl.cpp:458
    #2 0x7f540f26df1a in QScopedPointerDeleter<QObjectData>::cleanup(QObjectData*) qscopedpointer.h:54
    #3 0x7f540f26df1a in QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> >::~QScopedPointer() qscopedpointer.h:101
    #4 0x7f540f26df1a in QObject::~QObject() qobject.cpp:940
    #5 0x7f540e915f6e in QIODevice::~QIODevice() qiodevice.cpp:416
    #6 0x7f5414599bae in QNetworkReply::~QNetworkReply() qnetworkreply.cpp:444
    #7 0x7f54145e6f5e in QNetworkReplyHttpImpl::~QNetworkReplyHttpImpl() qnetworkreplyhttpimpl.cpp:239
    #8 0x7f54145e6f5e in QNetworkReplyHttpImpl::~QNetworkReplyHttpImpl() qnetworkreplyhttpimpl.cpp:242
    #9 0x7f54144b3539 in void qDeleteAll<QList<QNetworkReply*>::const_iterator>(QList<QNetworkReply*>::const_iterator, QList<QNetworkReply*>::const_iterator) qalgorithms.h:317
    #10 0x7f54144b3539 in void qDeleteAll<QList<QNetworkReply*> >(QList<QNetworkReply*> const&) qalgorithms.h:325
    #11 0x7f54144b3539 in QNetworkAccessManager::~QNetworkAccessManager() qnetworkaccessmanager.cpp:496

Fix by moving the emission of the QNetworkReplyHttpImpl::abortHttpRequest()
signal from ~Private, when the public object is merely a QObject anymore,
to ~QNetworkReplyHttpImpl(), when the public class is still itself.

Change-Id: Ifb3b19f6d180452bdf3fc26f54629ef780a5d9d9
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@theqtcompany.com>
This commit is contained in:
Marc Mutz 2016-10-09 18:08:14 +02:00
parent 0e61323c87
commit 0cccc23478
1 changed files with 2 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/network/access/qnetworkreplyhttpimpl.cpp
View File

@ -238,7 +238,8 @@ QNetworkReplyHttpImpl::QNetworkReplyHttpImpl(QNetworkAccessManager* const manage
QNetworkReplyHttpImpl::~QNetworkReplyHttpImpl()
{
// Most work is done in private destructor
// This will do nothing if the request was already finished or aborted
emit abortHttpRequest();
}
void QNetworkReplyHttpImpl::close()
@ -452,9 +453,6 @@ QNetworkReplyHttpImplPrivate::QNetworkReplyHttpImplPrivate()
QNetworkReplyHttpImplPrivate::~QNetworkReplyHttpImplPrivate()
{
Q_Q(QNetworkReplyHttpImpl);
// This will do nothing if the request was already finished or aborted
emit q->abortHttpRequest();
}
/*