Review Request 126409: Fix use-after-free in .desktop file parser
Michael Pyne
mpyne at kde.org
Mon Dec 21 19:41:38 UTC 2015
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/126409/
-----------------------------------------------------------
(Updated Dec. 21, 2015, 7:41 p.m.)
Status
------
This change has been marked as submitted.
Review request for KDE Frameworks and Alex Richardson.
Changes
-------
Submitted with commit 95a1349d4ddb17c834f6a98e85b11814dcb807f8 by Michael Pyne to branch master.
Repository: kcoreaddons
Description
-------
Patch to fix a use-after-free issue in kcoreaddons/src/lib/plugin/desktopfileparser.cpp, noted by Coverity (CID 1336157)
The issue is that if `defs << *def` happens after the call to s_serviceTypes->insert(), the `*def` might already have been deleted by QCache. Attached patch fixes by making the copy before the call to insert().
Really, it's probably better to not use QCache here if we can avoid it, but I'm not sure enough of the code to go that route. But if this is something that's only run once or twice anyways then there's no real need to use QCache instead of QMap, I would think.
Diffs
-----
src/lib/plugin/desktopfileparser.cpp 06a4a1d
Diff: https://git.reviewboard.kde.org/r/126409/diff/
Testing
-------
desktoptojsontest still passes, code compiles.
Thanks,
Michael Pyne
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20151221/b50717f5/attachment.html>
More information about the Kde-frameworks-devel
mailing list