From 239b71d07d8a129ed445c7553c738934c7828711 Mon Sep 17 00:00:00 2001 From: Marc Mutz Date: Fri, 17 Oct 2014 16:19:16 +0200 Subject: [PATCH] Fix use-after-delete bug in tst_QWidget::taskQTBUG_27643_enterEvents() ASAN report: READ of size 8 at 0x606000011990 thread T0 #0 0x505e3b in EnterTestMainDialog::eventFilter(QObject*, QEvent*) tests/auto/widgets/kernel/qwidget/tst_qwidget.cpp:10294 [...] 0x606000011990 is located 48 bytes inside of 56-byte region [0x606000011960,0x606000011998) freed by thread T0 here: #0 0x2b8df3551c79 in operator delete(void*) ../../../../gcc/libsanitizer/asan/asan_new_delete.cc:92 #1 0x418ab5 in EnterTestMainDialog::buttonPressed() tests/auto/widgets/kernel/qwidget/tst_qwidget.cpp:10276 previously allocated by thread T0 here: #0 0x2b8df3551739 in operator new(unsigned long) ../../../../gcc/libsanitizer/asan/asan_new_delete.cc:60 #1 0x4188cf in EnterTestMainDialog::buttonPressed() tests/auto/widgets/kernel/qwidget/tst_qwidget.cpp:10272 EnterTestMainDialog::eventFilter() checks for nullness of 'modal' before accessing it, but buttonPressed() did not reset 'modal' to nullptr after deletion. Change-Id: I65562a29f8264a6996d7d615e06de1d1afb5af53 Reviewed-by: Friedemann Kleint --- tests/auto/widgets/kernel/qwidget/tst_qwidget.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/auto/widgets/kernel/qwidget/tst_qwidget.cpp b/tests/auto/widgets/kernel/qwidget/tst_qwidget.cpp index 34bb4cfdf6..ec3e8ece6a 100644 --- a/tests/auto/widgets/kernel/qwidget/tst_qwidget.cpp +++ b/tests/auto/widgets/kernel/qwidget/tst_qwidget.cpp @@ -10274,6 +10274,7 @@ public slots: QTimer::singleShot(100, this, SLOT(doMouseMoves())); modal->exec(); delete modal; + modal = Q_NULLPTR; } void doMouseMoves()