whytofly
/
qt6-bb10
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

QAbstractSocket - protect against the broken invariant 

It's possible to use QAbstractSocket (more precisely QUdpSocket) in
a quite unusual way: connect to its stateChanged() signal and call
close() in the slot (thus invalidating socketEngine pointer). For
QAbstractSocket::bind() this results in a null-pointer
dereference.

Task-number: QTBUG-69063
Change-Id: Ife2c778ff59ccc7b99a96caa5ba67f877aaefe42
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
bb10
Timur Pocheptsov 2018-06-25 13:50:52 +02:00 committed by Mårten Nordheim
parent d550ba4e96
commit b78342f553
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/network/socket/qabstractsocket.cpp
View File

@ -1609,7 +1609,10 @@ bool QAbstractSocketPrivate::bind(const QHostAddress &address, quint16 port, QAb
localPort = socketEngine->localPort();
emit q->stateChanged(state);
if (socketType == QAbstractSocket::UdpSocket)
// A slot attached to stateChanged() signal can break our invariant:
// by closing the socket it will reset its socket engine - thus we
// have additional check (isValid()) ...
if (q->isValid() && socketType == QAbstractSocket::UdpSocket)
socketEngine->setReadNotificationEnabled(true);
return true;
}