From 5968096434469811ebdbc71e4141489ebfcedfea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Gr=C3=A4=C3=9Flin?= Date: Wed, 30 Sep 2015 09:51:31 +0200 Subject: [PATCH] Fix heap-use-after-free use in resolving ClientMachine Discovered by ASAN on the CI system causing the TestClientMachine::hostName(ostname) to fail since it's enabled. What happened is that the QByteArray returned by getHostName() gets destroyed in the main thread but accessed in the resolve thread. This is changed by calling getHostName in the resolve thread. REVIEW: 125458 --- client_machine.cpp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/client_machine.cpp b/client_machine.cpp index 809896728b..764b137138 100644 --- a/client_machine.cpp +++ b/client_machine.cpp @@ -98,7 +98,11 @@ void GetAddrInfo::resolve() m_addressHints->ai_flags |= AI_CANONNAME; m_watcher->setFuture(QtConcurrent::run(getaddrinfo, m_hostName.constData(), nullptr, m_addressHints, &m_address)); - m_ownAddressWatcher->setFuture(QtConcurrent::run(getaddrinfo, getHostName().constData(), nullptr, m_addressHints, &m_ownAddress)); + m_ownAddressWatcher->setFuture(QtConcurrent::run([this] { + // needs to be performed in a lambda as getHostName() returns a temporary value which would + // get destroyed in the main thread before the getaddrinfo thread is able to read it + return getaddrinfo(getHostName().constData(), nullptr, m_addressHints, &m_ownAddress); + })); } void GetAddrInfo::slotResolved()