From a623fe8d2a60ff333d5779f877e3b20f0e141ff1 Mon Sep 17 00:00:00 2001 From: Juha Turunen Date: Sun, 11 Oct 2015 20:29:51 -0700 Subject: Fixed a QTimer::singleShot() crash when a functor callback is used If QTimer::singleShot() is used with a functor callback and a context object with different thread affinity than the caller, a crash can occur. If the context object's thread is scheduled before connecting to QCoreApplication::aboutToQuit(), the timer has a change to fire and QSingleShotTimer::timerEvent() will delete the QSingleShotTimer object making the this pointer used in the connection invalid. This can occur relatively often if an interval of 0 is used. Making the moveToThread() call the last thing in the constructor ensures that the constructor gets to run to completion before the timer has a chance to fire. Task-number: QTBUG-48700 Change-Id: Iab73d02933635821b8d1ca1ff3d53e92eca85834 Reviewed-by: Olivier Goffart (Woboq GmbH) --- src/corelib/kernel/qtimer.cpp | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) (limited to 'src') diff --git a/src/corelib/kernel/qtimer.cpp b/src/corelib/kernel/qtimer.cpp index b9109a96aa..af9a1be6ab 100644 --- a/src/corelib/kernel/qtimer.cpp +++ b/src/corelib/kernel/qtimer.cpp @@ -278,15 +278,10 @@ QSingleShotTimer::QSingleShotTimer(int msec, Qt::TimerType timerType, const QObj { timerId = startTimer(msec, timerType); if (r && thread() != r->thread()) { - // We need the invocation to happen in the receiver object's thread. - // So, move QSingleShotTimer to the correct thread. Before that occurs, we - // shall remove the parent from the object. + // Avoid leaking the QSingleShotTimer instance in case the application exits before the timer fires + connect(QCoreApplication::instance(), &QCoreApplication::aboutToQuit, this, &QObject::deleteLater); setParent(0); moveToThread(r->thread()); - - // Given we're also parentless now, we should take defence against leaks - // in case the application quits before we expire. - connect(QCoreApplication::instance(), &QCoreApplication::aboutToQuit, this, &QObject::deleteLater); } } -- cgit v1.2.1