Fix data race in QObject::moveToThread()

We dereference thisThreadData in the next line, at a point in time where we haven't, yet, verified that it's this_thread's QThreadData, so we need an acquire fence. The alternative would be to re-arrange the code so that dereferencing the pointer is delayed until after we verified it's this_thread's, but that doesn't seem readily possible. Even if it was easy, we'd first need to verify whether there are any writes into QThreadData objects after they've been constructed, in which case the acquire fence may be needed even in case it's 'ours'. So just add the acquire fence. Pick-to: 6.3 6.2 5.15 Change-Id: I468bc1f971bd87345bfcd6c13b7384bdf09d086a Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
2022-05-17 17:13:04 +02:00 · 2022-05-17 17:13:04 +02:00 · 5dc724d98d
commit 5dc724d98d
parent 07d80deeab
1 changed files with 1 additions and 1 deletions
--- a/src/corelib/kernel/qobject.cpp
+++ b/src/corelib/kernel/qobject.cpp
@ -1817,7 +1817,7 @@ void QObject::moveToThread(QThread *targetThread)

    QThreadData *currentData = QThreadData::current();
    QThreadData *targetData = targetThread ? QThreadData::get2(targetThread) : nullptr;
-    QThreadData *thisThreadData = d->threadData.loadRelaxed();
+    QThreadData *thisThreadData = d->threadData.loadAcquire();
    if (!thisThreadData->thread.loadAcquire() && currentData == targetData) {
        // one exception to the rule: we allow moving objects with no thread affinity to the current thread
        currentData = d->threadData;