Details
-
Bug
-
Resolution: Invalid
-
P2: Important
-
None
-
5.9.0
-
None
Description
Hi all,
Our code scanner has reported a use-after-free at file qt5/qtbase/src/corelib/thread/qthread_unix.cpp:257,
There is a `data->deref()` in the middle of the function, we couldn't find any `ref()` acts on `data` before the `deref`. Assume the reference count has initialized 1, this line of `data->deref()` would delete the data object, then the followings are `use-after-free`?
file qt5/qtbase/src/corelib/thread/qthread_unix.cpp:257
QThreadData *QThreadData::current(bool createIfNecessary) { QThreadData *data = get_thread_data(); if (!data && createIfNecessary) { data = new QThreadData; QT_TRY { set_thread_data(data); data->thread = new QAdoptedThread(data); } QT_CATCH(...) { clear_thread_data(); data->deref(); data = 0; QT_RETHROW; } data->deref(); data->isAdopted = true; data->threadId.store(to_HANDLE(pthread_self())); if (!QCoreApplicationPrivate::theMainThread) QCoreApplicationPrivate::theMainThread = data->thread.load(); } return data; }
Could some one have a look and see if it is a true case ?
Regards,
SourceBrella Inc.