kosslan/quickshell
1
0
Fork 0
forked from quickshell/quickshell
Code Pull requests Activity

core/reloader: fix UAF of old generation during scene destroy

Browse source
This commit is contained in:
outfoxxed 2024-04-20 00:36:25 -07:00
parent 97bcdbecc1
commit 31462b9797
Signed by: outfoxxed
GPG key ID: 4C88A185FB89301E
2 changed files with 15 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

19
src/core/generation.cpp
View file

@ -43,6 +43,17 @@ EngineGeneration::~EngineGeneration() {
if (this->root != nullptr) this->root->deleteLater(); if (this->root != nullptr) this->root->deleteLater();
} }
void EngineGeneration::destroy() {
if (this->root != nullptr) {
QObject::connect(this->root, &QObject::destroyed, this, [this]() {
delete this;
});
this->root->deleteLater();
this->root = nullptr;
}
}
void EngineGeneration::onReload(EngineGeneration* old) { void EngineGeneration::onReload(EngineGeneration* old) {
if (old != nullptr) { if (old != nullptr) {
// if the old generation holds the window incubation controller as the // if the old generation holds the window incubation controller as the
@ -61,12 +72,8 @@ void EngineGeneration::onReload(EngineGeneration* old) {
emit this->reloadFinished(); emit this->reloadFinished();
if (old != nullptr) { if (old != nullptr) {
QTimer::singleShot(0, [this, old]() { old->destroy();
// The delete must happen in the next tick or you get segfaults, QObject::connect(old, &QObject::destroyed, this, [this]() { this->postReload(); });
// seems to be deleteLater related.
delete old;
this->postReload();
});
} else { } else {
this->postReload(); this->postReload();
} }

2
src/core/generation.hpp
View file

@ -43,6 +43,8 @@ public:
DelayedQmlIncubationController delayedIncubationController; DelayedQmlIncubationController delayedIncubationController;
bool reloadComplete = false; bool reloadComplete = false;
void destroy();
signals: signals:
void filesChanged(); void filesChanged();
void reloadFinished(); void reloadFinished();