Skip to content

Fix use-after-free when the user hovers over an auto-hide plasma panel in wayland...

Edge::handle calls showOnScreenEdge, which (on wayland) eventually calls internalShow, which eventually calls ScreenEdges::reserve, which destroys the same edge. When showScreenOnEdge returns, 'this' has been freed.

Using a singleshot timer allows Edge::handle to return before the Edge is destroyed.

Honestly I haven't quite fully understood the technical structure of KWin (this is my first KDE contribution) so I'm not sure this is the most correct approach here. But I figure an actual change is a great way to start a discussion! :D Maybe there's another event queuing mechanism in KWin that should be utilized to queue things like this?

For reference, I've attached a screenshot of the offending stack trace. Note that 'this' is the same in the destructor and ::handle. Screenshot_20200624_214211

Merge request reports

Loading