From cf2364b80fa8ae844df8350cd5833d47cce235f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Kundr=C3=A1t?= <jkt@kde.org> Date: Mon, 9 Mar 2020 08:24:48 -0700 Subject: [PATCH] Fix possible crash when downloading attachments Turns out we've been happily deleting network replies from the QNetworkReply::finished(). That was never a good thing to do, but it did not use to crash with older Qt. Now it does. After changing to deleteLater(), there's a window for already-deregistered replies to generate events, therefore the assert has to go, too, otherwise Bad Things happen: (gdb) bt #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 #1 0x00007ffff16bdcd2 in __GI_abort () at abort.c:89 #2 0x00007ffff2400bcb in qt_message_fatal (context=..., message=<synthetic pointer>...) at /var/tmp/portage/dev-qt/qtcore-5.13.9999/work/qtcore-5.13.9999/src/corelib/global/qlogging.cpp:1904 #3 QMessageLogger::fatal (this=this@entry=0x7fffffffc990, msg=msg@entry=0x7ffff2690b10 "ASSERT: \"%s\" in file %s, line %d") at /var/tmp/portage/dev-qt/qtcore-5.13.9999/work/qtcore-5.13.9999/src/corelib/global/qlogging.cpp:888 #4 0x00007ffff23fff7c in qt_assert (assertion=assertion@entry=0x5555558451d7 "reply", file=file@entry=0x555555841a38 "/home/jkt/work/prog/trojita/src/Imap/Network/FileDownloadManager.cpp", line=line@entry=142) at /var/tmp/portage/dev-qt/qtcore-5.13.9999/work/qtcore-5.13.9999/src/corelib/global/qglobal.cpp:3247 #5 0x00005555555da840 in Imap::Network::FileDownloadManager::onPartDataTransfered (this=0x555556a20990) #6 0x00007ffff25f1bdf in QtPrivate::QSlotObjectBase::call (a=0x7fffffffcaa0, r=0x555556a20990, this=0x5555569f99c0) at ../../include/QtCore/../../../qtcore-5.13.9999/src/corelib/kernel/qobjectdefs_impl.h:394 #7 QMetaObject::activate(QObject*, int, int, void**) () at /var/tmp/portage/dev-qt/qtcore-5.13.9999/work/qtcore-5.13.9999/src/corelib/kernel/qobject.cpp:3787 #8 0x00007ffff25f20b7 in QMetaObject::activate (sender=sender@entry=0x555556a21370, m=m@entry=0x7ffff3f96b00 <QNetworkReply::staticMetaObject>, local_signal_index=local_signal_index@entry=1, argv=argv@entry=0x0) at /var/tmp/portage/dev-qt/qtcore-5.13.9999/work/qtcore-5.13.9999/src/corelib/kernel/qobject.cpp:3658 #9 0x00007ffff3d3cbf3 in QNetworkReply::finished (this=this@entry=0x555556a21370) at .moc/moc_qnetworkreply.cpp:385 #10 0x0000555555709485 in Imap::Network::MsgPartNetworkReply::slotMyDataChanged() () at /home/jkt/work/prog/trojita/src/Imap/Network/MsgPartNetworkReply.cpp:112 BUG: 417697 Reported-by: Stefan de Konink <stefan@konink.de> Change-Id: I79f340c5a471430a14474472513d0a055c7238d6 --- src/Imap/Network/FileDownloadManager.cpp | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/Imap/Network/FileDownloadManager.cpp b/src/Imap/Network/FileDownloadManager.cpp index 16b6c8df..c3f72176 100644 --- a/src/Imap/Network/FileDownloadManager.cpp +++ b/src/Imap/Network/FileDownloadManager.cpp @@ -139,7 +139,9 @@ void FileDownloadManager::downloadMessage() void FileDownloadManager::onPartDataTransfered() { - Q_ASSERT(reply); + if (!reply) { + return; + } if (reply->error() == QNetworkReply::NoError) { if (!saving.open(QIODevice::WriteOnly)) { emit transferError(saving.errorString()); @@ -192,11 +194,11 @@ void FileDownloadManager::onCombinerTransferError(const QString &message) void FileDownloadManager::deleteReply(QNetworkReply *reply) { - if (reply == this->reply) { + if (reply && reply == this->reply) { if (!saved) onPartDataTransfered(); - delete reply; - this->reply = 0; + reply->deleteLater(); + this->reply = nullptr; } } -- GitLab