Fix use-after-delete bug in tst_QWidget::taskQTBUG_27643_enterEvents()

ASAN report:

  READ of size 8 at 0x606000011990 thread T0
    #0 0x505e3b in EnterTestMainDialog::eventFilter(QObject*, QEvent*) tests/auto/widgets/kernel/qwidget/tst_qwidget.cpp:10294
    [...]

  0x606000011990 is located 48 bytes inside of 56-byte region [0x606000011960,0x606000011998)
  freed by thread T0 here:
    #0 0x2b8df3551c79 in operator delete(void*) ../../../../gcc/libsanitizer/asan/asan_new_delete.cc:92
    #1 0x418ab5 in EnterTestMainDialog::buttonPressed() tests/auto/widgets/kernel/qwidget/tst_qwidget.cpp:10276

  previously allocated by thread T0 here:
    #0 0x2b8df3551739 in operator new(unsigned long) ../../../../gcc/libsanitizer/asan/asan_new_delete.cc:60
    #1 0x4188cf in EnterTestMainDialog::buttonPressed() tests/auto/widgets/kernel/qwidget/tst_qwidget.cpp:10272

EnterTestMainDialog::eventFilter() checks for nullness of 'modal'
before accessing it, but buttonPressed() did not reset 'modal'
to nullptr after deletion.

Change-Id: I65562a29f8264a6996d7d615e06de1d1afb5af53
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@digia.com>
This commit is contained in:
Marc Mutz 2014-10-17 16:19:16 +02:00
parent 4de382f4a2
commit 239b71d07d

View File

@ -10274,6 +10274,7 @@ public slots:
QTimer::singleShot(100, this, SLOT(doMouseMoves())); QTimer::singleShot(100, this, SLOT(doMouseMoves()));
modal->exec(); modal->exec();
delete modal; delete modal;
modal = Q_NULLPTR;
} }
void doMouseMoves() void doMouseMoves()