Problem investigating a heap-use-after-free in kwindowsystem

Thomas L├╝bking thomas.luebking at
Fri Oct 2 21:34:43 BST 2015

get_stringlist_reply creates the byte arrays QByteArray::fromRawData(), nukes the reply and returns the list which now contains freed memory.

This also was just a problem in Baloo; smells like the ::fromRawArray "constructor" could use a free function pointer to be called when the bytearray is ultimately released.

Until then the functions will have to copy the data and/or the function needs to be "pimped" to allow the client code to nuke the bytearray payload when it's no longer required.


More information about the kde-core-devel mailing list