diff options
author | Juha Turunen <turunen@iki.fi> | 2015-10-11 20:29:51 -0700 |
---|---|---|
committer | Juha Turunen <juha.turunen@theqtcompany.com> | 2015-10-12 16:45:04 +0000 |
commit | a623fe8d2a60ff333d5779f877e3b20f0e141ff1 (patch) | |
tree | 020e3419e53eac73f471275d902134c693f4b48f /src | |
parent | 5962c6e37e747044ab005ca53c7a90b4db210767 (diff) | |
download | qtbase-a623fe8d2a60ff333d5779f877e3b20f0e141ff1.tar.gz |
Fixed a QTimer::singleShot() crash when a functor callback is used
If QTimer::singleShot() is used with a functor callback and a context
object with different thread affinity than the caller, a crash can
occur. If the context object's thread is scheduled before
connecting to QCoreApplication::aboutToQuit(), the timer has a change
to fire and QSingleShotTimer::timerEvent() will delete the
QSingleShotTimer object making the this pointer used in the
connection invalid. This can occur relatively often if an interval
of 0 is used.
Making the moveToThread() call the last thing in the constructor
ensures that the constructor gets to run to completion before the
timer has a chance to fire.
Task-number: QTBUG-48700
Change-Id: Iab73d02933635821b8d1ca1ff3d53e92eca85834
Reviewed-by: Olivier Goffart (Woboq GmbH) <ogoffart@woboq.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/corelib/kernel/qtimer.cpp | 9 |
1 files changed, 2 insertions, 7 deletions
diff --git a/src/corelib/kernel/qtimer.cpp b/src/corelib/kernel/qtimer.cpp index b9109a96aa..af9a1be6ab 100644 --- a/src/corelib/kernel/qtimer.cpp +++ b/src/corelib/kernel/qtimer.cpp @@ -278,15 +278,10 @@ QSingleShotTimer::QSingleShotTimer(int msec, Qt::TimerType timerType, const QObj { timerId = startTimer(msec, timerType); if (r && thread() != r->thread()) { - // We need the invocation to happen in the receiver object's thread. - // So, move QSingleShotTimer to the correct thread. Before that occurs, we - // shall remove the parent from the object. + // Avoid leaking the QSingleShotTimer instance in case the application exits before the timer fires + connect(QCoreApplication::instance(), &QCoreApplication::aboutToQuit, this, &QObject::deleteLater); setParent(0); moveToThread(r->thread()); - - // Given we're also parentless now, we should take defence against leaks - // in case the application quits before we expire. - connect(QCoreApplication::instance(), &QCoreApplication::aboutToQuit, this, &QObject::deleteLater); } } |