Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-69384

Race condition with QWaylandView::setBufferLocked

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • P1: Critical
    • 5.11.3, 5.12.0
    • 5.9.6
    • QPA: Wayland
    • None

    Description

      QWaylandViewPrivate::markSurfaceAsDestroyed() emits the surfaceDestroyed() signal after dereferencing the current buffer. This means that the buffer may be deleted before the compositor has a chance to call setBufferLocked. This causes an invalid memory read (and potential crash) in the close animation of the qwindow-compositor example.

      Note that this is harder to reproduce after https://codereview.qt-project.org/#/c/224283/ since textures aren't deleted immediately.

      Attachments

        1. valgrind.txt
          4 kB
          Paul Olav Tvete

        Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              tvete Paul Olav Tvete
              tvete Paul Olav Tvete
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes