From 2c0e46cedb6305671b1eafa1e0c6071a8ab48b27 Mon Sep 17 00:00:00 2001
From: outfoxxed <outfoxxed@outfoxxed.me>
Date: Tue, 12 Nov 2024 03:23:59 -0800
Subject: [PATCH] core/lazyloader: fix incubator UAF in forceCompletion

The incubator was deleted via onIncubationCompleted before it was done
working when completed via forceCompletion().
---
 src/core/lazyloader.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/core/lazyloader.cpp b/src/core/lazyloader.cpp
index 76317223..be0eb78b 100644
--- a/src/core/lazyloader.cpp
+++ b/src/core/lazyloader.cpp
@@ -179,7 +179,9 @@ void LazyLoader::incubateIfReady(bool overrideReloadCheck) {
 
 void LazyLoader::onIncubationCompleted() {
 	this->setItem(this->incubator->object());
-	delete this->incubator;
+	// The incubator is not necessarily inert at the time of this callback,
+	// so deleteLater is required.
+	this->incubator->deleteLater();
 	this->incubator = nullptr;
 	this->targetLoading = false;
 	emit this->loadingChanged();