From: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Date: Thu, 16 Apr 2020 17:05:12 +0000 (+0100)
Subject: fix iteration in source check in error case
X-Git-Tag: archive/raspbian/5.12.5+dfsg-10+rpi1^2~9
X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/success/%22http:/www.example.com/cgi/success?a=commitdiff_plain;h=855ce94a327bed9caa05036ed4dc470c8d2448f0;p=qtbase-opensource-src.git

fix iteration in source check in error case

Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=37df81b788ebe700
Last-Update: 2020-04-16

It was accessing the deleted current element in a potentially
reallocated container.

Gbp-Pq: Name qeventdispatcher_glib_use_after_free.diff
---

diff --git a/src/corelib/kernel/qeventdispatcher_glib.cpp b/src/corelib/kernel/qeventdispatcher_glib.cpp
index 45c6e29e4..34c2dde6a 100644
--- a/src/corelib/kernel/qeventdispatcher_glib.cpp
+++ b/src/corelib/kernel/qeventdispatcher_glib.cpp
@@ -86,9 +86,10 @@ static gboolean socketNotifierSourceCheck(GSource *source)
                      p->pollfd.fd, t[int(p->socketNotifier->type())]);
             // ### note, modifies src->pollfds!
             p->socketNotifier->setEnabled(false);
+            i--;
+        } else {
+            pending = pending || ((p->pollfd.revents & p->pollfd.events) != 0);
         }
-
-        pending = ((p->pollfd.revents & p->pollfd.events) != 0);
     }
 
     return pending;