Details
-
Bug
-
Resolution: Invalid
-
P2: Important
-
None
-
5.9.0
-
None
Description
Hi all,
Our code scanner has reported a use-after-free at file qt5/qtbase/src/corelib/thread/qthread_unix.cpp:257,
There is a `data->deref()` in the middle of the function, we couldn't find any `ref()` acts on `data` before the `deref`. Assume the reference count has initialized 1, this line of `data->deref()` would delete the data object, then the followings are `use-after-free`?
file qt5/qtbase/src/corelib/thread/qthread_unix.cpp:257
QThreadData *QThreadData::current(bool createIfNecessary)
{
QThreadData *data = get_thread_data();
if (!data && createIfNecessary) {
data = new QThreadData;
QT_TRY {
set_thread_data(data);
data->thread = new QAdoptedThread(data);
} QT_CATCH(...) {
clear_thread_data();
data->deref();
data = 0;
QT_RETHROW;
}
data->deref();
data->isAdopted = true;
data->threadId.store(to_HANDLE(pthread_self()));
if (!QCoreApplicationPrivate::theMainThread)
QCoreApplicationPrivate::theMainThread = data->thread.load();
}
return data;
}
Could some one have a look and see if it is a true case ?
Regards,
SourceBrella Inc.
