Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-69384

Race condition with QWaylandView::setBufferLocked

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • P1: Critical
    • 5.11.3, 5.12.0
    • 5.9.6
    • QPA: Wayland
    • None

    Description

      QWaylandViewPrivate::markSurfaceAsDestroyed() emits the surfaceDestroyed() signal after dereferencing the current buffer. This means that the buffer may be deleted before the compositor has a chance to call setBufferLocked. This causes an invalid memory read (and potential crash) in the close animation of the qwindow-compositor example.

      Note that this is harder to reproduce after https://codereview.qt-project.org/#/c/224283/ since textures aren't deleted immediately.

      Attachments

        Issue Links

          resulted from

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-69186 Not rendered QQuickView with Wayland shared memory fallback

          • P2: Important - Urgent, should be fixed, but will not stop the release.
          • Closed
          For Gerrit Dashboard: QTBUG-69384
          # Subject Branch Project Status CR V
          233929,5 Don't destroy buffer before surfaceDestroyed signal 5.11 qt/qtwayland Status: MERGED -2 0
          234307,3 Make sure we don't use deleted memory in example 5.11 qt/qtwayland Status: MERGED +2 0

          Activity

            People

              tvete Paul Olav Tvete
              tvete Paul Olav Tvete
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes