diff options
author | Marc Mutz <marc.mutz@kdab.com> | 2016-03-12 00:58:52 +0100 |
---|---|---|
committer | Marc Mutz <marc.mutz@kdab.com> | 2016-03-15 10:39:31 +0000 |
commit | b4fa18a996bc29bbb04e7358ef57b287076b0aae (patch) | |
tree | 78ab8824338dacf31f85b5e873477ac61ee78fb7 /src | |
parent | 9739cae4c84218e1a805bbd82b2f40fe20d57b74 (diff) | |
download | qtbase-b4fa18a996bc29bbb04e7358ef57b287076b0aae.tar.gz |
Revert "Handle the QWidgetPrivate::mapper structure"
This reverts commit 90de48493be283b9afb249f6a0fd8dbd8958517d.
The call isn't necessary, but invokes undefined behavior.
It invokes undefined behavior because deleteTLSysExtra() is called
from deleteExtra(), which is called from ~QWidgetPrivate(), which is
called from ~QObject(). Thus, by the time we call q->windowType()
within setWinId(), q is no longer a QWidget, but only a QObject, and
calling a QWidget member function then is UB.
UBSan confirms:
qwidget_p.h:300:5: runtime error: downcast of address 0x2afdd4053620 which does not point to an object of type 'QWidget' (the Q_Q macro)
0x2afdd4053620: note: object is of type 'QObject'
qwidget.cpp:1712:93: runtime error: member call on address 0x2afdd4053620 which does not point to an object of type 'QWidget'
0x2afdd4053620: note: object is of type 'QObject'
It is also unnecessary:
deleteTLSysExtra() is called from two places: QWidget::destroy() and
deleteExtra(). deleteExtra() is only called from ~QWidgetPrivate()
which is only called from ~QObject() called by ~QWidget(), which,
however, already calls QWidget::destroy(). QWidget::destroy(), in
turn, unconditionally (for non-desktop widgets, at least) calls
setWinId(0) itself.
So fix the UB by removing the call without replacement.
Conflicts:
src/gui/kernel/qwidget_qpa.cpp
Change-Id: Ib3a8cc9d28a096183f1d3dfd1941ea5fdc6a4aac
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@theqtcompany.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/widgets/kernel/qwidget.cpp | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/src/widgets/kernel/qwidget.cpp b/src/widgets/kernel/qwidget.cpp index 7529f5b344..6fdd5d3d0e 100644 --- a/src/widgets/kernel/qwidget.cpp +++ b/src/widgets/kernel/qwidget.cpp @@ -1880,7 +1880,6 @@ void QWidgetPrivate::deleteTLSysExtra() if (extra->topextra->window) { extra->topextra->window->destroy(); } - setWinId(0); delete extra->topextra->window; extra->topextra->window = 0; |