1
0
forked from pool/libqt5-qtbase
libqt5-qtbase/Fix-use-after-free-bug.patch
Dominique Leuenberger 6851d4cabb Accepting request 280927 from KDE:Qt5
Added Fix-use-after-free-bug.patch from upstream (qtbug#43623, boo#870151)

OBS-URL: https://build.opensuse.org/request/show/280927
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libqt5-qtbase?expand=0&rev=35
2015-01-15 15:00:57 +00:00

38 lines
1.1 KiB
Diff

From: Gatis Paeglis <gatis.paeglis@theqtcompany.com>
Date: Wed, 07 Jan 2015 13:50:41 +0000
Subject: Fix use-after-free bug
X-Git-Url: http://quickgit.kde.org/?p=qt%2Fqtbase.git&a=commitdiff&h=d40b66a8ef98777c69ac293dac9a332f88832c23
---
Fix use-after-free bug
xcb_image_destroy() calls free on m_xcb_image
and then few lines down we access member of
m_xcb_image. Swap order of these two actions.
Change-Id: I01fb43a066459cce462df6af22161c35cef524eb
Task-number: QTBUG-43623
Reviewed-by: Shawn Rutledge <shawn.rutledge@digia.com>
---
--- a/src/plugins/platforms/xcb/qxcbbackingstore.cpp
+++ b/src/plugins/platforms/xcb/qxcbbackingstore.cpp
@@ -145,8 +145,6 @@
if (segmentSize && m_shm_info.shmaddr)
Q_XCB_CALL(xcb_shm_detach(xcb_connection(), m_shm_info.shmseg));
- xcb_image_destroy(m_xcb_image);
-
if (segmentSize) {
if (m_shm_info.shmaddr) {
shmdt(m_shm_info.shmaddr);
@@ -155,6 +153,8 @@
free(m_xcb_image->data);
}
}
+
+ xcb_image_destroy(m_xcb_image);
if (m_gc)
Q_XCB_CALL(xcb_free_gc(xcb_connection(), m_gc));