----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://git.reviewboard.kde.org/r/126411/ -----------------------------------------------------------
Review request for Plasma. Repository: plasma-framework Description ------- Plasma framework's FrameSVG class uses cached regions for efficiency. However Coverity caught a mis-use of QCache in FrameSvg::mask(), which could lead to a use-after-free situation. (CID 1291560) Basically, any pointer passed into QCache::insert must be assumed to be deleted after insert() has been called -- we can't then return that pointer to the caller. Moreover we were simply returning a pointer to calling code that had been (and still would be) owned by QCache, which is unsafe as it can be deleted at any time. The fix in both cases is to make a local copy of the QRegion from out of the cache and return that. I didn't thoroughly look for other cases where we return cached pointers, or evaluate whether the performance impact from making local copies makes the cache less useful, this patch just fixes the immediate bug. Diffs ----- src/plasma/framesvg.cpp 107e0e6 Diff: https://git.reviewboard.kde.org/r/126411/diff/ Testing ------- Everything compiles, Plasma shell boots up with the new code without issue, switching Plasma themes works fine. I checked for open bugs but didn't see anything obvious (that wasn't already closed years ago, at least). Thanks, Michael Pyne
_______________________________________________ Plasma-devel mailing list Plasma-devel@kde.org https://mail.kde.org/mailman/listinfo/plasma-devel
