From ca7995590e1c75a2b813dafcafbf0bc17c949817 Mon Sep 17 00:00:00 2001 From: David Schulz Date: Wed, 17 Jun 2020 06:56:17 +0200 Subject: [PATCH] Clang: fix heap-use-after-free of ClangCompletionAssistProcessor Do not delete the ClangCompletionAssistProcessor when resetting the BackendReceiver since the CodeAssist is the owner of the processor. The processor will be deleted in the async completion handler set in CodeAssistantPrivate::requestProposal. Task-number: QTCREATORBUG-24151 Change-Id: I36cdfd6412cc6ed2b2658e8691f9f4217790affc Reviewed-by: Christian Kandeler --- src/plugins/clangcodemodel/clangbackendreceiver.cpp | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/plugins/clangcodemodel/clangbackendreceiver.cpp b/src/plugins/clangcodemodel/clangbackendreceiver.cpp index 47d624a1473..f9cf7badeaf 100644 --- a/src/plugins/clangcodemodel/clangbackendreceiver.cpp +++ b/src/plugins/clangcodemodel/clangbackendreceiver.cpp @@ -159,10 +159,8 @@ bool BackendReceiver::isExpectingCompletionsMessage() const void BackendReceiver::reset() { // Clean up waiting assist processors - for (ClangCompletionAssistProcessor *processor : m_assistProcessorsTable) { + for (ClangCompletionAssistProcessor *processor : m_assistProcessorsTable) processor->setAsyncProposalAvailable(nullptr); - delete processor; - } m_assistProcessorsTable.clear(); // Clean up futures for references; TODO: Remove duplication