aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAdriaan de Groot <adridg@FreeBSD.org>2022-01-24 11:02:08 +0000
committerAdriaan de Groot <adridg@FreeBSD.org>2022-01-24 13:12:01 +0000
commitacbc052765d87af0a436f10b4c5a35880eaa14d2 (patch)
tree26c93b8225e516c2c38d90b9da613ca64bf95bf0
parent9a56c8f62c66b5076f5a2c58d8229e1834a50f3d (diff)
downloadports-acbc052765d87af0a436f10b4c5a35880eaa14d2.tar.gz
ports-acbc052765d87af0a436f10b4c5a35880eaa14d2.zip
net/kldap: fix crash because of UB
Patch submitted upstream. PR: 261069
-rw-r--r--net/kldap/Makefile1
-rw-r--r--net/kldap/files/patch-UB.diff68
2 files changed, 69 insertions, 0 deletions
diff --git a/net/kldap/Makefile b/net/kldap/Makefile
index 4bbd45d60e18..ee58c745a78f 100644
--- a/net/kldap/Makefile
+++ b/net/kldap/Makefile
@@ -1,5 +1,6 @@
PORTNAME= kldap
DISTVERSION= ${KDE_APPLICATIONS_VERSION}
+PORTREVISION= 1
CATEGORIES= net kde kde-applications
MAINTAINER= kde@FreeBSD.org
diff --git a/net/kldap/files/patch-UB.diff b/net/kldap/files/patch-UB.diff
new file mode 100644
index 000000000000..6a8c2057156f
--- /dev/null
+++ b/net/kldap/files/patch-UB.diff
@@ -0,0 +1,68 @@
+commit 1683a9d0749550b81ba3fd7ddeba4fc0884acb47
+Author: Adriaan de Groot <groot@kde.org>
+Date: Mon Jan 24 11:27:29 2022 +0100
+
+ Fix crash in destructor when using libcxx (Clang STL, FreeBSD)
+
+ This code crashes in the destructor of LdapClient on FreeBSD.
+ The crash is visible to uses who
+ - start KOrganizer
+ - click the "New Event" button
+
+ The underlying issue is a lot like the one described in
+ https://blogs.kde.org/2021/02/20/uniqueptr-difference-between-libstdc-and-libc-crashes-your-application
+ There is a convoluted call-chain on destruction of LdapClient:
+ - ~LdapClient
+ - ~std::unique_ptr<LdapClientPrivate>
+ - ~LdapClientPrivate
+ - LdapClient::cancelQuery
+ - (accesses to members of LdapClientPrivate `d`)
+
+ With libcxx, the pointer in `d` is already set to nullptr and
+ SEGV happens. I'm not sure it isn't UB, anyway, since the
+ destructor body for LdapClient has already run.
+
+ The fix moves the implementation of `cancelQuery()` into
+ the private class. This means that the LdapClient class does
+ a little less poking-and-prodding in the private class,
+ but also cuts out the call-from-private-back-to-destroyed-
+ owning-LdapClient, fixing the SEGV and possible UB.
+diff --git src/widgets/ldapclient.cpp src/widgets/ldapclient.cpp
+index cf94ea9..012b3a7 100644
+--- src/widgets/ldapclient.cpp
++++ src/widgets/ldapclient.cpp
+@@ -31,9 +31,11 @@ public:
+
+ ~LdapClientPrivate()
+ {
+- q->cancelQuery();
++ cancelQuery();
+ }
+
++ void cancelQuery();
++
+ void startParseLDIF();
+ void parseLDIF(const QByteArray &data);
+ void endParseLDIF();
+@@ -133,12 +135,17 @@ void LdapClient::startQuery(const QString &filter)
+
+ void LdapClient::cancelQuery()
+ {
+- if (d->mJob) {
+- d->mJob->kill();
+- d->mJob = nullptr;
++ d->cancelQuery();
++}
++
++void LdapClient::LdapClientPrivate::cancelQuery()
++{
++ if (mJob) {
++ mJob->kill();
++ mJob = nullptr;
+ }
+
+- d->mActive = false;
++ mActive = false;
+ }
+
+ void LdapClient::LdapClientPrivate::slotData(KIO::Job *, const QByteArray &data)