mirror of
https://invent.kde.org/network/kdeconnect-kde.git
synced 2026-03-01 18:23:24 +01:00
1bc2b86a15
This commit resolves two distinct race conditions related to `QProcess` lifecycle management in the VirtualMonitorPlugin. First, a use-after-free could occur if `stop()` was called externally (e.g., via a network packet or D-Bus) while `requestRdp()` was executing. The function would assign a new `QProcess` to `m_process` and then proceed to configure it. An intervening call to `stop()` would delete the process, leaving `requestRdp()` operating on a dangling pointer, which would lead to a crash. Second, a data race existed in the `QProcess::finished` signal handler. The lambda captured `this` and accessed the shared `m_process` member. If a process crashed and the retry logic was triggered, `requestRdp()` would be called again from within the lambda, reassigning `m_process` to a new instance. The original lambda would then incorrectly operate on the new process, for example by reading its error stream or managing its lifecycle. Both race conditions are fixed by changing how the `QProcess` object is created and managed: 1. The `QProcess` is now created and fully configured in a local variable. It is only assigned to the `m_process` member immediately before being started. This minimizes the time window for the use-after-free vulnerability. 2. The lambda connected to the `finished` signal now captures the pointer to the specific `QProcess` instance it is associated with. This ensures the handler always operates on the correct process, fixing the data race and ensuring correct behavior during retries.
10 KiB
10 KiB