core/reloader: fix UAF of old generation during scene destroy

2024-04-20 00:36:25 -07:00 · 2024-04-20 00:36:25 -07:00 · 31462b9797
parent 97bcdbecc1
commit 31462b9797
2 changed files with 15 additions and 6 deletions
--- a/src/core/generation.cpp
+++ b/src/core/generation.cpp
@ -43,6 +43,17 @@ EngineGeneration::~EngineGeneration() {
 	if (this->root != nullptr) this->root->deleteLater();
 }

+void EngineGeneration::destroy() {
+	if (this->root != nullptr) {
+		QObject::connect(this->root, &QObject::destroyed, this, [this]() {
+			delete this;
+		});
+
+		this->root->deleteLater();
+		this->root = nullptr;
+	}
+}
+
 void EngineGeneration::onReload(EngineGeneration* old) {
 	if (old != nullptr) {
 		// if the old generation holds the window incubation controller as the
@ -61,12 +72,8 @@ void EngineGeneration::onReload(EngineGeneration* old) {
 	emit this->reloadFinished();

 	if (old != nullptr) {
-		QTimer::singleShot(0, [this, old]() {
-			// The delete must happen in the next tick or you get segfaults,
-			// seems to be deleteLater related.
-			delete old;
-			this->postReload();
-		});
+		old->destroy();
+		QObject::connect(old, &QObject::destroyed, this, [this]() { this->postReload(); });
 	} else {
 		this->postReload();
 	}
--- a/src/core/generation.hpp
+++ b/src/core/generation.hpp
@ -43,6 +43,8 @@ public:
 	DelayedQmlIncubationController delayedIncubationController;
 	bool reloadComplete = false;

+	void destroy();
+
 signals:
 	void filesChanged();
 	void reloadFinished();