AuroraMiddleware/qt5base-lts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

QMacPasteBoard - protect against dangling pointers

Browse Source 
In QMacPasteboard we use converters from QMacInternalPasteboardMime, which
has essentially a global QList of available converters.
QMacInternalPasteboardMime and derived classes register/unregister their
instances in this list (in ctors/dtors) and then QMacPasteboard is using
converters from this list. Unfortunately, when we're un-registering converter
(and this means we delete those objects) we do not remove dangling pointers
from our pasteboard objects. Apparently, this problem can be seen only when
working with macextras (thus having an access to this private API in client's
code).

Task-number: QTBUG-54832
Change-Id: Ie3aef4aaca8ef6c80544dc58821cf43fc26f84a1
Reviewed-by: Morten Johan Sørvig <morten.sorvig@qt.io>
This commit is contained in:
Timur Pocheptsov 2017-03-16 13:21:27 +01:00
parent b07a06745e
commit 64475272a2
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/plugins/platforms/cocoa/qmacclipboard.mm
View File

@ -139,10 +139,22 @@ OSStatus QMacPasteboard::promiseKeeper(PasteboardRef paste, PasteboardItemID id,
const long promise_id = (long)id;
// Find the kept promise
QList<QMacInternalPasteboardMime*> availableConverters
= QMacInternalPasteboardMime::all(QMacInternalPasteboardMime::MIME_ALL);
const QString flavorAsQString = QString::fromCFString(flavor);
QMacPasteboard::Promise promise;
for (int i = 0; i < qpaste->promises.size(); i++){
QMacPasteboard::Promise tmp = qpaste->promises[i];
if (!availableConverters.contains(tmp.convertor)) {
// promise.converter is a pointer initialized by the value found
// in QMacInternalPasteboardMime's global list of QMacInternalPasteboardMimes.
// We add pointers to this list in QMacInternalPasteboardMime's ctor;
// we remove these pointers in QMacInternalPasteboardMime's dtor.
// If tmp.converter was not found in this list, we probably have a
// dangling pointer so let's skip it.
continue;
}
if (tmp.itemId == promise_id && tmp.convertor->canConvert(tmp.mime, flavorAsQString)){
promise = tmp;
break;