[Nepomuk] Review Request: Fix crash due to dangling pointers by zeroing them.
Simeon Bird
bladud at gmail.com
Fri Nov 16 00:56:37 UTC 2012
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://git.reviewboard.kde.org/r/107339/
-----------------------------------------------------------
Review request for Nepomuk.
Description
-------
Fix convoluted crash on deletion of Query::Folder.
Sequence of events could be:
1. Folder::~Folder called.
2. SearchRunnable->cancel called => SearchRunnable->m_folder = 0.
3. Deletes all connections.
4. deleteLater called again, during destructor (is this ever safe?)
5. SearchRunnable::run called => since m_folder is zero, returns and
deletes SearchRunnable without setting m_folder -> SearchRunnable to
zero.
6. mutex unlocked at end of destructor
7. Folder::~Folder called again by queued deleteLater (?)
8. SearchRunnable already deleted after step 5. Crash.
Fixed by setting m_currentSearchRunnable = 0 after cancelling the folder
listing.
This is slightly guess-work, but it's the best I can come up with. I'd appreciate if someone who knows more Qt could tell me if my story above is possible or not.
This addresses bug 308773.
http://bugs.kde.org/show_bug.cgi?id=308773
Diffs
-----
services/storage/query/folder.cpp 18e8ff7140eb03e12fcab7bead2b0d4bd6fa7474
Diff: http://git.reviewboard.kde.org/r/107339/diff/
Testing
-------
Compiled, ran. Can't reproduce crash, so not certain that it fixes it.
Thanks,
Simeon Bird
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/nepomuk/attachments/20121116/062d73c5/attachment.html>
More information about the Nepomuk
mailing list