Commit 76dd5f33 authored by Jakub Nowak's avatar Jakub Nowak Committed by Nate Graham
Browse files

Fix use-after-free in ContainmentInterface

The object in property "wallpaperGraphicsObject" isn't cleared after being freed.
This causes use-after-free in WorkspaceScripting::Applet::writeConfig at
https://invent.kde.org/plasma/plasma-workspace/-/blob/master/shell/scripting/applet.cpp#L108.

BUG: 451267
FIXED-IN: 5.94
parent 70d0df15
Pipeline #166640 passed with stage
in 3 minutes and 21 seconds
......@@ -800,8 +800,7 @@ void ContainmentInterface::loadWallpaper()
m_containment->setProperty("wallpaperGraphicsObject", QVariant::fromValue(m_wallpaperInterface));
} else if (m_wallpaperInterface && m_containment->wallpaper().isEmpty()) {
m_wallpaperInterface->deleteLater();
m_wallpaperInterface = nullptr;
deleteWallpaperInterface();
}
Q_EMIT wallpaperInterfaceChanged();
......@@ -1165,8 +1164,7 @@ void ContainmentInterface::itemChange(ItemChange change, const ItemChangeData &v
if (value.window && !m_containment->wallpaper().isEmpty()) {
loadWallpaper();
} else if (m_wallpaperInterface) {
m_wallpaperInterface->deleteLater();
m_wallpaperInterface = nullptr;
deleteWallpaperInterface();
Q_EMIT wallpaperInterfaceChanged();
}
}
......@@ -1174,5 +1172,12 @@ void ContainmentInterface::itemChange(ItemChange change, const ItemChangeData &v
AppletInterface::itemChange(change, value);
}
void ContainmentInterface::deleteWallpaperInterface()
{
m_containment->setProperty("wallpaperGraphicsObject", QVariant());
m_wallpaperInterface->deleteLater();
m_wallpaperInterface = nullptr;
}
#include "moc_containmentinterface.cpp"
......@@ -211,6 +211,7 @@ private Q_SLOTS:
private:
void clearDataForMimeJob(KIO::Job *job);
void setAppletArgs(Plasma::Applet *applet, const QString &mimetype, const QString &data);
void deleteWallpaperInterface();
WallpaperInterface *m_wallpaperInterface;
QList<QObject *> m_appletInterfaces;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment