diff options
author | Adriaan de Groot <adridg@FreeBSD.org> | 2022-01-24 11:02:08 +0000 |
---|---|---|
committer | Adriaan de Groot <adridg@FreeBSD.org> | 2022-01-24 13:12:01 +0000 |
commit | acbc052765d87af0a436f10b4c5a35880eaa14d2 (patch) | |
tree | 26c93b8225e516c2c38d90b9da613ca64bf95bf0 | |
parent | 9a56c8f62c66b5076f5a2c58d8229e1834a50f3d (diff) | |
download | ports-acbc052765d87af0a436f10b4c5a35880eaa14d2.tar.gz ports-acbc052765d87af0a436f10b4c5a35880eaa14d2.zip |
net/kldap: fix crash because of UB
Patch submitted upstream.
PR: 261069
-rw-r--r-- | net/kldap/Makefile | 1 | ||||
-rw-r--r-- | net/kldap/files/patch-UB.diff | 68 |
2 files changed, 69 insertions, 0 deletions
diff --git a/net/kldap/Makefile b/net/kldap/Makefile index 4bbd45d60e18..ee58c745a78f 100644 --- a/net/kldap/Makefile +++ b/net/kldap/Makefile @@ -1,5 +1,6 @@ PORTNAME= kldap DISTVERSION= ${KDE_APPLICATIONS_VERSION} +PORTREVISION= 1 CATEGORIES= net kde kde-applications MAINTAINER= kde@FreeBSD.org diff --git a/net/kldap/files/patch-UB.diff b/net/kldap/files/patch-UB.diff new file mode 100644 index 000000000000..6a8c2057156f --- /dev/null +++ b/net/kldap/files/patch-UB.diff @@ -0,0 +1,68 @@ +commit 1683a9d0749550b81ba3fd7ddeba4fc0884acb47 +Author: Adriaan de Groot <groot@kde.org> +Date: Mon Jan 24 11:27:29 2022 +0100 + + Fix crash in destructor when using libcxx (Clang STL, FreeBSD) + + This code crashes in the destructor of LdapClient on FreeBSD. + The crash is visible to uses who + - start KOrganizer + - click the "New Event" button + + The underlying issue is a lot like the one described in + https://blogs.kde.org/2021/02/20/uniqueptr-difference-between-libstdc-and-libc-crashes-your-application + There is a convoluted call-chain on destruction of LdapClient: + - ~LdapClient + - ~std::unique_ptr<LdapClientPrivate> + - ~LdapClientPrivate + - LdapClient::cancelQuery + - (accesses to members of LdapClientPrivate `d`) + + With libcxx, the pointer in `d` is already set to nullptr and + SEGV happens. I'm not sure it isn't UB, anyway, since the + destructor body for LdapClient has already run. + + The fix moves the implementation of `cancelQuery()` into + the private class. This means that the LdapClient class does + a little less poking-and-prodding in the private class, + but also cuts out the call-from-private-back-to-destroyed- + owning-LdapClient, fixing the SEGV and possible UB. +diff --git src/widgets/ldapclient.cpp src/widgets/ldapclient.cpp +index cf94ea9..012b3a7 100644 +--- src/widgets/ldapclient.cpp ++++ src/widgets/ldapclient.cpp +@@ -31,9 +31,11 @@ public: + + ~LdapClientPrivate() + { +- q->cancelQuery(); ++ cancelQuery(); + } + ++ void cancelQuery(); ++ + void startParseLDIF(); + void parseLDIF(const QByteArray &data); + void endParseLDIF(); +@@ -133,12 +135,17 @@ void LdapClient::startQuery(const QString &filter) + + void LdapClient::cancelQuery() + { +- if (d->mJob) { +- d->mJob->kill(); +- d->mJob = nullptr; ++ d->cancelQuery(); ++} ++ ++void LdapClient::LdapClientPrivate::cancelQuery() ++{ ++ if (mJob) { ++ mJob->kill(); ++ mJob = nullptr; + } + +- d->mActive = false; ++ mActive = false; + } + + void LdapClient::LdapClientPrivate::slotData(KIO::Job *, const QByteArray &data) |