diff options
| author | Simon Hausmann <simon.hausmann@nokia.com> | 2011-01-28 11:23:08 (GMT) |
|---|---|---|
| committer | Jason McDonald <jason.mcdonald@nokia.com> | 2011-02-01 11:48:28 (GMT) |
| commit | 94c2723da7bd0af72a1dc6228f8029fa7bb239b7 (patch) | |
| tree | 5e8f0abd65aabb55ace532076fec6b6537cf7d13 | |
| parent | 307eceb786d3558b604c25353d67aed6ef9b0702 (diff) | |
| download | Qt-94c2723da7bd0af72a1dc6228f8029fa7bb239b7.zip Qt-94c2723da7bd0af72a1dc6228f8029fa7bb239b7.tar.gz Qt-94c2723da7bd0af72a1dc6228f8029fa7bb239b7.tar.bz2 | |
Fix potential networking crash due to null-pointer dereference
An internal bug report suggests that we unconditionally dereference the backend
pointer in QNetworkReplyImpl when checking for the synchronity of the
originating request. The dereferencing code was introduced in commit
ad1e82323225e996720136e8b2d669166b8d8441. Unfortunately the report does not
detail where/how the crash happened, but it appears plausible that the backend
pointer became null, and the surrounding code that has extra checks suggests
this, too. In an attempt of defensive programming this patch introduces
the missing check in the reported line 112 as well as in other places
where it seems appropriate.
Reviewed-by: Peter Hartmann
(cherry picked from commit bdf3782b40b0fc2ebfda960be08c90b549cfd970)
| -rw-r--r-- | src/network/access/qnetworkreplyimpl.cpp | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/network/access/qnetworkreplyimpl.cpp b/src/network/access/qnetworkreplyimpl.cpp index 9d7082c..343f344 100644 --- a/src/network/access/qnetworkreplyimpl.cpp +++ b/src/network/access/qnetworkreplyimpl.cpp @@ -109,7 +109,7 @@ void QNetworkReplyImplPrivate::_q_startOperation() } #endif - if (backend->isSynchronous()) { + if (backend && backend->isSynchronous()) { state = Finished; } else { if (state != Finished) { @@ -296,7 +296,7 @@ void QNetworkReplyImplPrivate::setup(QNetworkAccessManager::Operation op, const // in QtWebKit. QVariant synchronousHttpAttribute = req.attribute( static_cast<QNetworkRequest::Attribute>(QNetworkRequest::DownloadBufferAttribute + 1)); - if (synchronousHttpAttribute.toBool()) { + if (backend && synchronousHttpAttribute.toBool()) { backend->setSynchronous(true); if (outgoingData && outgoingData->isSequential()) { outgoingDataBuffer = new QRingBuffer(); @@ -351,7 +351,7 @@ void QNetworkReplyImplPrivate::setup(QNetworkAccessManager::Operation op, const QMetaObject::invokeMethod(q, "_q_startOperation", Qt::QueuedConnection); } #else - if (backend->isSynchronous()) + if (backend && backend->isSynchronous()) _q_startOperation(); else QMetaObject::invokeMethod(q, "_q_startOperation", Qt::QueuedConnection); |