[Discover] [Bug 466619] Discover crashes in AbstractResource::isInstalled() after closing during initial loading

Aleix Pol Sat, 31 May 2025 07:55:22 -0700

https://bugs.kde.org/show_bug.cgi?id=466619


Aleix Pol <aleix...@kde.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
      Latest Commit|                            |https://invent.kde.org/plas
                   |                            |ma/discover/-/commit/82226e
                   |                            |8a5cd263d5e9eb2b4c7c48eb32c
                   |                            |fae296f
             Status|ASSIGNED                    |RESOLVED
         Resolution|---                         |FIXED

--- Comment #6 from Aleix Pol <aleix...@kde.org> ---
Git commit 82226e8a5cd263d5e9eb2b4c7c48eb32cfae296f by Aleix Pol Gonzalez, on
behalf of Wendi Gan.
Committed on 31/05/2025 at 14:54.
Pushed by apol into branch 'master'.

Fix use-after-free when closing Discover

When closing Discover:
- First, ResourcesModel::~ResourcesModel() is called, with `AbstractResource`
(child object of `AbstractResourcesBackend`) freed.
- Next, DiscoverObject::~DiscoverObject() is called, with its child object
`timeout` destroyed. Then, openResourceOrWait() is invoked, and
res.resource->isInstalled() accesses freed memory (use-after-free).

Change:
Add `m_isDeleting` to avoid accessing freed memory during destruction.

M  +4    -0    discover/DiscoverObject.cpp
M  +2    -0    discover/DiscoverObject.h

https://invent.kde.org/plasma/discover/-/commit/82226e8a5cd263d5e9eb2b4c7c48eb32cfae296f

-- 
You are receiving this mail because:
You are watching all bug changes.

[Discover] [Bug 466619] Discover crashes in AbstractResource::isInstalled() after closing during initial loading

Reply via email to