forked from pool/libqt5-qtbase
6851d4cabb
Added Fix-use-after-free-bug.patch from upstream (qtbug#43623, boo#870151) OBS-URL: https://build.opensuse.org/request/show/280927 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libqt5-qtbase?expand=0&rev=35
38 lines
1.1 KiB
Diff
38 lines
1.1 KiB
Diff
From: Gatis Paeglis <gatis.paeglis@theqtcompany.com>
|
|
Date: Wed, 07 Jan 2015 13:50:41 +0000
|
|
Subject: Fix use-after-free bug
|
|
X-Git-Url: http://quickgit.kde.org/?p=qt%2Fqtbase.git&a=commitdiff&h=d40b66a8ef98777c69ac293dac9a332f88832c23
|
|
---
|
|
Fix use-after-free bug
|
|
|
|
xcb_image_destroy() calls free on m_xcb_image
|
|
and then few lines down we access member of
|
|
m_xcb_image. Swap order of these two actions.
|
|
|
|
Change-Id: I01fb43a066459cce462df6af22161c35cef524eb
|
|
Task-number: QTBUG-43623
|
|
Reviewed-by: Shawn Rutledge <shawn.rutledge@digia.com>
|
|
---
|
|
|
|
|
|
--- a/src/plugins/platforms/xcb/qxcbbackingstore.cpp
|
|
+++ b/src/plugins/platforms/xcb/qxcbbackingstore.cpp
|
|
@@ -145,8 +145,6 @@
|
|
if (segmentSize && m_shm_info.shmaddr)
|
|
Q_XCB_CALL(xcb_shm_detach(xcb_connection(), m_shm_info.shmseg));
|
|
|
|
- xcb_image_destroy(m_xcb_image);
|
|
-
|
|
if (segmentSize) {
|
|
if (m_shm_info.shmaddr) {
|
|
shmdt(m_shm_info.shmaddr);
|
|
@@ -155,6 +153,8 @@
|
|
free(m_xcb_image->data);
|
|
}
|
|
}
|
|
+
|
|
+ xcb_image_destroy(m_xcb_image);
|
|
|
|
if (m_gc)
|
|
Q_XCB_CALL(xcb_free_gc(xcb_connection(), m_gc));
|