kosslan/quickshell
1
0
Fork 0
forked from quickshell/quickshell
Code Pull requests Activity

core/lazyloader: fix incubator UAF in forceCompletion

Browse source 
The incubator was deleted via onIncubationCompleted before it was done
working when completed via forceCompletion().
This commit is contained in:
outfoxxed 2024-11-12 03:23:59 -08:00
parent 74f371850d
commit 2c0e46cedb
Signed by: outfoxxed
GPG key ID: 4C88A185FB89301E
1 changed files with 3 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/core/lazyloader.cpp
View file

@ -179,7 +179,9 @@ void LazyLoader::incubateIfReady(bool overrideReloadCheck) {
void LazyLoader::onIncubationCompleted() {
this->setItem(this->incubator->object());
delete this->incubator;
// The incubator is not necessarily inert at the time of this callback,
// so deleteLater is required.
this->incubator->deleteLater();
this->incubator = nullptr;
this->targetLoading = false;
emit this->loadingChanged();