Page MenuHomekolab.org

Fix use-after-free bug
Needs ReviewPublic

Authored by sicherha on Feb 21 2021, 11:03 AM.

Details

Reviewers
mollekopf
Summary

QByteArray::fromRawData() does not copy the contents of the source
buffer. If the resulting QByteArray object lives longer than the source
buffer, we run into use-after-free problems.

In this particular instance, the source data resides in a temporary
rvalue object.

Fix dangling pointers

std::vector gives zero guarantees that pointers to its elements remain
valid when the vector's size changes. In particular, pushing new
elements into the vector may trigger reallocation of the underlying heap
area.

Consequently, Event::delegate() needs to ensure that any modifications
to the d->attendees vector are performed before pointers to its elements
are taken and collected.

Found with Valgrind.

Diff Detail

Repository
rLK libkolab
Branch
fix-memory-bugs (branched from master)
Lint
No Linters Available
Unit
No Unit Test Coverage
Build Status
Buildable 33340
Build 13084: arc lint + arc unit

Event Timeline

sicherha requested review of this revision.Feb 21 2021, 11:03 AM
sicherha created this revision.