Details
-
Bug
-
Resolution: Done
-
P1: Critical
-
5.6.2, 5.9.1
-
fc3ecd2522deb3f6d8d48b66dbd89402e1ab4b53 3513995d8fde7f002977275463fcea1b86f4a693 f724b5380c911fbc841ff8ed4831dccd37fff6e9
Description
In QQuickAnimatedImage there is a race condition with asynchronous network request, which could cause a crash.
Crash stack in this case looks like this:
1 QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData>>::data 2 qGetPtrHelper<QScopedPointer<QObjectData>> 3 QMovie::d_func 4 QMovie::isValid 5 QQuickAnimatedImage::movieRequestFinished 6 QQuickAnimatedImage::qt_static_metacall 7 QMetaObject::activate 8 QMetaObject::activate 9 QNetworkReply::finished 10 QNetworkReplyHttpImplPrivate::finished 11 QNetworkReplyHttpImplPrivate::replyFinished 12 QNetworkReplyHttpImpl::qt_static_metacall 13 QMetaCallEvent::placeMetaCall 14 QObject::event 15 QCoreApplicationPrivate::notify_helper 16 doNotify 17 QCoreApplication::notify 18 QGuiApplication::notify 19 QCoreApplication::notifyInternal2 20 QCoreApplication::sendEvent 21 QCoreApplicationPrivate::sendPostedEvents 22 QCoreApplication::sendPostedEvents 23 postEventSourceDispatch 24 g_main_context_dispatch 25 ?? 26 g_main_context_iteration 27 QEventDispatcherGlib::processEvents 28 QPAEventDispatcherGlib::processEvents 29 QEventLoop::processEvents 30 QEventLoop::exec 31 QCoreApplication::exec 32 QGuiApplication::exec 33 main
The reason is inside QQuickAnimatedImage::movieRequestFinished there is no check for null pointer at line:
if (!d->_movie->isValid()) {
Therefore the solution would be to check d->_movie before dereferencing it.