Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-7801

QWidgetPrivate::unregisterOleDnd may delete the dropTarget without setting the pointer to null leading to a crash

    XMLWordPrintable

Details

    • Bug
    • Resolution: Incomplete
    • Not Evaluated
    • None
    • 4.6.0, 4.6.1
    • None
    • None
    • Windows XP. Qt 4.6.1.

    Description

      This is a Windows specific bug report (qwidget_win.cpp).

      In the method below the dropTarget->Release() may delete the dropTarget if the ref count reaches zero. However later in the method dropTarget can be accessed in:

      CoLockObjectExternal(dropTarget, false, true);

      ... which leads to a crash. So if the dropTarget->Release() returns 0 the dropTarget ptr should be set to 0 ?

      void QWidgetPrivate::unregisterOleDnd(QWidget *widget, QOleDropTarget *dropTarget)
      {
      dropTarget->releaseQt();
      dropTarget->Release();

      Q_ASSERT(widget->testAttribute(Qt::WA_WState_Created));
      if (!widget->internalWinId()) {
      QWidget *nativeParent = widget->nativeParentWidget();
      Q_ASSERT(nativeParent);
      QWExtra *nativeExtra = nativeParent->d_func()->extra;
      Q_ASSERT(nativeExtra);
      nativeExtra->oleDropWidgets.removeAll(widget);
      nativeExtra->oleDropWidgets.removeAll(static_cast<QWidget *>(0));
      if (nativeExtra->oleDropWidgets.isEmpty() && nativeExtra->dropTarget
      && !nativeParent->testAttribute(Qt::WA_DropSiteRegistered))

      { #ifndef Q_OS_WINCE CoLockObjectExternal(nativeExtra->dropTarget, false, true); #endif RevokeDragDrop(nativeParent->internalWinId()); nativeExtra->dropTarget = 0; }

      } else

      { #ifndef Q_OS_WINCE CoLockObjectExternal(dropTarget, false, true); #endif RevokeDragDrop(widget->internalWinId()); }

      }

      Attachments

        Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              sorvig Morten Sørvig
              tirouvin Timo Rouvinen
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes