From 0c03e7ccfc0e84c106491cd2967594501a09fe3d Mon Sep 17 00:00:00 2001 From: Vlad Zahorodnii Date: Mon, 5 Feb 2024 15:07:15 +0200 Subject: [PATCH] plugins/slidingpopups: Always ref window when sliding it offscreen Imagine the following case: - the window is hidden, slideOut() is called but no deleted reference is created because the window is not deleted - the window is closed, slideOut() won't be called because the window is hidden and SlidingPopupsEffect::slotWindowClosed() ignores closed windows that are already hidden - the window is deleted in meanwhile - the sliding popups effects attempt to delete m_animations[w] entry, but since "w" is a dangling pointer at this point, visibleRef is going to access released memory To fix that, make slideOut() always ref the window. --- src/plugins/slidingpopups/slidingpopups.cpp | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/plugins/slidingpopups/slidingpopups.cpp b/src/plugins/slidingpopups/slidingpopups.cpp index 85e3607915..ab3f1073a8 100644 --- a/src/plugins/slidingpopups/slidingpopups.cpp +++ b/src/plugins/slidingpopups/slidingpopups.cpp @@ -553,9 +553,7 @@ void SlidingPopupsEffect::slideOut(EffectWindow *w) } Animation &animation = m_animations[w]; - if (w->isDeleted()) { - animation.deletedRef = EffectWindowDeletedRef(w); - } + animation.deletedRef = EffectWindowDeletedRef(w); animation.visibleRef = EffectWindowVisibleRef(w, EffectWindow::PAINT_DISABLED); animation.kind = AnimationKind::Out; animation.timeLine.setDirection(TimeLine::Backward);