From: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Date: Wed, 31 Dec 2025 10:28:57 +0000 (+0300)
Subject: QReadWriteLock: fix data race on the d_ptr members
X-Git-Tag: archive/raspbian/5.15.17+dfsg-6+rpi1^2~13
X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/%22/%22http:/www.example.com/cgi/%22?a=commitdiff_plain;h=ea0dc295685f416f54b920dceb1016b550b34473;p=qtbase-opensource-src.git

QReadWriteLock: fix data race on the d_ptr members

Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit?id=80d01c4ccb697b9d
Last-Update: 2025-12-14

The loadRelaxed() at the beginning of tryLockForRead/tryLockForWrite
isn't enough to bring us the non-atomic write of the recursive bool.
Same issue with the std::mutex itself.

Gbp-Pq: Name qreadwritelock_data_race.diff
---

diff --git a/src/corelib/thread/qreadwritelock.cpp b/src/corelib/thread/qreadwritelock.cpp
index 9dd850311..84d73444b 100644
--- a/src/corelib/thread/qreadwritelock.cpp
+++ b/src/corelib/thread/qreadwritelock.cpp
@@ -258,7 +258,10 @@ bool QReadWriteLock::tryLockForRead(int timeout)
             d = val;
         }
         Q_ASSERT(!isUncontendedLocked(d));
-        // d is an actual pointer;
+        // d is an actual pointer; acquire its contents
+        d = d_ptr.loadAcquire();
+        if (!d || isUncontendedLocked(d))
+            continue;
 
         if (d->recursive)
             return d->recursiveLockForRead(timeout);
@@ -365,7 +368,10 @@ bool QReadWriteLock::tryLockForWrite(int timeout)
             d = val;
         }
         Q_ASSERT(!isUncontendedLocked(d));
-        // d is an actual pointer;
+        // d is an actual pointer; acquire its contents
+        d = d_ptr.loadAcquire();
+        if (!d || isUncontendedLocked(d))
+            continue;
 
         if (d->recursive)
             return d->recursiveLockForWrite(timeout);