summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorSimon Hausmann <simon.hausmann@nokia.com>2011-01-28 11:23:08 (GMT)
committerSimon Hausmann <simon.hausmann@nokia.com>2011-01-28 12:04:26 (GMT)
commitbdf3782b40b0fc2ebfda960be08c90b549cfd970 (patch)
tree2a3fb241d43ff0769a22a841bc00c41ce39f2b3a /src
parent298b54b4fa99db47d62ec37eacefb4f419b79a69 (diff)
downloadQt-bdf3782b40b0fc2ebfda960be08c90b549cfd970.zip
Qt-bdf3782b40b0fc2ebfda960be08c90b549cfd970.tar.gz
Qt-bdf3782b40b0fc2ebfda960be08c90b549cfd970.tar.bz2
Fix potential networking crash due to null-pointer dereference
An internal bug report suggests that we unconditionally dereference the backend pointer in QNetworkReplyImpl when checking for the synchronity of the originating request. The dereferencing code was introduced in commit ad1e82323225e996720136e8b2d669166b8d8441. Unfortunately the report does not detail where/how the crash happened, but it appears plausible that the backend pointer became null, and the surrounding code that has extra checks suggests this, too. In an attempt of defensive programming this patch introduces the missing check in the reported line 112 as well as in other places where it seems appropriate. Reviewed-by: Peter Hartmann
Diffstat (limited to 'src')
-rw-r--r--src/network/access/qnetworkreplyimpl.cpp6
1 files changed, 3 insertions, 3 deletions
diff --git a/src/network/access/qnetworkreplyimpl.cpp b/src/network/access/qnetworkreplyimpl.cpp
index 9d7082c..343f344 100644
--- a/src/network/access/qnetworkreplyimpl.cpp
+++ b/src/network/access/qnetworkreplyimpl.cpp
@@ -109,7 +109,7 @@ void QNetworkReplyImplPrivate::_q_startOperation()
}
#endif
- if (backend->isSynchronous()) {
+ if (backend && backend->isSynchronous()) {
state = Finished;
} else {
if (state != Finished) {
@@ -296,7 +296,7 @@ void QNetworkReplyImplPrivate::setup(QNetworkAccessManager::Operation op, const
// in QtWebKit.
QVariant synchronousHttpAttribute = req.attribute(
static_cast<QNetworkRequest::Attribute>(QNetworkRequest::DownloadBufferAttribute + 1));
- if (synchronousHttpAttribute.toBool()) {
+ if (backend && synchronousHttpAttribute.toBool()) {
backend->setSynchronous(true);
if (outgoingData && outgoingData->isSequential()) {
outgoingDataBuffer = new QRingBuffer();
@@ -351,7 +351,7 @@ void QNetworkReplyImplPrivate::setup(QNetworkAccessManager::Operation op, const
QMetaObject::invokeMethod(q, "_q_startOperation", Qt::QueuedConnection);
}
#else
- if (backend->isSynchronous())
+ if (backend && backend->isSynchronous())
_q_startOperation();
else
QMetaObject::invokeMethod(q, "_q_startOperation", Qt::QueuedConnection);