diff options
| author | Lorn Potter <lorn.potter@gmail.com> | 2022-12-16 19:03:32 +1000 |
|---|---|---|
| committer | Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> | 2022-12-28 02:29:12 +0000 |
| commit | 5187f8f851f0894279d48b5bd733b6609c1dd468 (patch) | |
| tree | ae5dc5211cb575bbfa31ff12c233a92374d56c69 | |
| parent | 8bef4bb41c4aa25f1c1bfa13548e02bedbfa19e5 (diff) | |
| download | qtwebsockets-5187f8f851f0894279d48b5bd733b6609c1dd468.tar.gz | |
wasm: fix heap-use-after-free when using deleteLater
QWebSocketPrivate was getting destroyed before the emscripten
close callback was getting called, which was then calling back into the
already destroyed object.
So we set the UnconnectedState before it gets destroyed.
Fixes: QTBUG-108996
Change-Id: I8ebbe5a55188a31209a95d2a71eea2faee3465ad
Reviewed-by: Morten Johan Sørvig <morten.sorvig@qt.io>
(cherry picked from commit c321349f285913dd32718e74ad48c5972f6d1f87)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
| -rw-r--r-- | src/websockets/qwebsocket_p.cpp | 4 | ||||
| -rw-r--r-- | src/websockets/qwebsocket_wasm_p.cpp | 7 |
2 files changed, 7 insertions, 4 deletions
diff --git a/src/websockets/qwebsocket_p.cpp b/src/websockets/qwebsocket_p.cpp index 71cbe6a..b600d0c 100644 --- a/src/websockets/qwebsocket_p.cpp +++ b/src/websockets/qwebsocket_p.cpp @@ -174,6 +174,10 @@ void QWebSocketPrivate::init() */ QWebSocketPrivate::~QWebSocketPrivate() { +#ifdef Q_OS_WASM + if (m_socketContext) + emscripten_websocket_delete(m_socketContext); +#endif } /*! diff --git a/src/websockets/qwebsocket_wasm_p.cpp b/src/websockets/qwebsocket_wasm_p.cpp index d783f90..257baf5 100644 --- a/src/websockets/qwebsocket_wasm_p.cpp +++ b/src/websockets/qwebsocket_wasm_p.cpp @@ -111,14 +111,14 @@ void QWebSocketPrivate::close(QWebSocketProtocol::CloseCode closeCode, QString r Q_EMIT q->aboutToClose(); setSocketState(QAbstractSocket::ClosingState); - emscripten_websocket_get_ready_state(m_socketContext, &m_readyState); if (m_readyState == 1) { emscripten_websocket_close(m_socketContext, (int)closeCode, reason.toUtf8()); } + setSocketState(QAbstractSocket::UnconnectedState); + emit q->disconnected(); emscripten_websocket_get_ready_state(m_socketContext, &m_readyState); - } void QWebSocketPrivate::open(const QNetworkRequest &request, @@ -241,8 +241,7 @@ void QWebSocketPrivate::setSocketClosed(const EmscriptenWebSocketCloseEvent *emC m_errorString = QStringLiteral("The remote host closed the connection"); emit q->error(error()); } - setSocketState(QAbstractSocket::UnconnectedState); - emit q->disconnected(); + emscripten_websocket_get_ready_state(m_socketContext, &m_readyState); if (m_readyState == 3) { // closed |