Fix heap-use-after-free
AbandonedPublic

Authored by zzag on Wed, Dec 5, 8:18 PM.

Details

Reviewers
None
Group Reviewers
KWin
Summary

After Scene::Window::updateShadow is called, this is a dangling
pointer. So, we have to capture m_topLevel instead.

Test Plan

It should make CI a little bit happier.

Diff Detail

Repository
R108 KWin
Branch
fix-heap-use-after-free
Lint
Lint OK
Unit
No Unit Test Coverage
Build Status
Buildable 5731
Build 5749: arc lint + arc unit
zzag created this revision.Wed, Dec 5, 8:18 PM
Restricted Application added a project: KWin. · View Herald TranscriptWed, Dec 5, 8:18 PM
Restricted Application added a subscriber: kwin. · View Herald Transcript
zzag requested review of this revision.Wed, Dec 5, 8:18 PM

Either ship it, or see my comment and I'll post that.

shadow.cpp
337

That was a nasty trap, good thing ASAN was there.

Alternative suggestion: https://phabricator.kde.org/P278

It matches the existing documentation for updateShadow and doesn't have surprise object deletions.

zzag abandoned this revision.Thu, Dec 6, 8:48 AM

Either ship it, or see my comment and I'll post that.

I prefer your solution more.