[graphics/krita] plugins/dockers/palettedocker: 419140 Fix use-after-free in the resource server
L. E. Segovia
null at kde.org
Thu Jun 25 14:53:31 BST 2020
Git commit 84c95ef6c50d7ddea6cfbec643476077f5f2ea19 by L. E. Segovia.
Committed on 25/06/2020 at 13:38.
Pushed by lsegovia into branch 'master'.
419140 Fix use-after-free in the resource server
Sometimes (under Windows), the main window (and the palette docker)
gets destroyed before the palettes' resource server. Since the docker
does not remove itself as an observer in its destructor, the resource
server will do it on destruction -- thus trying to access a long dead
object.
It is interesting to see that this use-after-free happens:
- 100% reliably on Windows only
- and, to the best of my knowledge, with debug builds.
BUG: 419140
CCMAIL: kimageshop at kde.org
(cherry picked from commit 4cf116cbe65901146edc4c0de5a6d62a89c41172)
M +4 -1 plugins/dockers/palettedocker/palettedocker_dock.cpp
https://invent.kde.org/graphics/krita/commit/84c95ef6c50d7ddea6cfbec643476077f5f2ea19
diff --git a/plugins/dockers/palettedocker/palettedocker_dock.cpp b/plugins/dockers/palettedocker/palettedocker_dock.cpp
index 689d76c0a5..d507a5d51a 100644
--- a/plugins/dockers/palettedocker/palettedocker_dock.cpp
+++ b/plugins/dockers/palettedocker/palettedocker_dock.cpp
@@ -146,7 +146,10 @@ PaletteDockerDock::PaletteDockerDock( )
}
PaletteDockerDock::~PaletteDockerDock()
-{ }
+{
+ KoResourceServer<KoColorSet> *srv = KoResourceServerProvider::instance()->paletteServer();
+ srv->removeObserver(this);
+}
void PaletteDockerDock::setViewManager(KisViewManager* kisview)
{
More information about the kimageshop
mailing list