First step to fix race condition about deleting QDBusPendingCallPrivate.
In a multithreaded application on a slow/single core cpu the following
race (and segmentation fault) can occur:
First thread A is running:
A: QDBusPendingReply<> reply = pi->asyncCallWithArgumentList(method, argumentList);
Then when the dbus answer arrives thread B will call:
B: QDBusConnectionPrivate::processFinishedCall()
B: ...
B: locker.unlock()
and runs until here, go on with thread A:
A: reply.waitForFinished();
A: QDBusPendingCallPrivate::waitForFinished()
A: {
A: QMutexLocker locker(&mutex);
A: if (replyMessage.type() != QDBusMessage::InvalidMessage)
A: return;
which returns immediately (mutex acquired, replyMessage alread set), now
reply goes out of scope (destructor called) and QDBusPendingCall::d's
destructor of type QExplicitlySharedDataPointer<QDBusPendingCallPrivate>
deletes the reference counted object QDBusPendingCallPrivate.
Now thread B continues, still in processFinishedCall()
B: if (call->watcherHelper)
B: call->watcherHelper->emitSignals(msg, call->sentMessage);
B:
B: if (msg.type() == QDBusMessage::ErrorMessage)
B: emit connection->callWithCallbackFailed(QDBusError(msg),
B: call->sentMessage);
accessing alread deleted object QDBusPendingCallPrivate via call->...
Fixed QDBusPendingCallPrivate deletion by proper reference counting
will be done in the next commit.
Task-number: QTBUG-27809
Change-Id: I15b3f0242471b62eaafadc763fb6a33339ff2fe1
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
72ecf5a7ec