diff options
| author | Marc Mutz <marc.mutz@qt.io> | 2022-05-17 17:13:04 +0200 |
|---|---|---|
| committer | Marc Mutz <marc.mutz@qt.io> | 2022-05-18 06:37:42 +0200 |
| commit | 5dc724d98dec8b4dfaa04132cac227d1909ca825 (patch) | |
| tree | d2387fb79271cd6cea407afabd6329ef96d59460 /src/corelib/kernel/qobject.cpp | |
| parent | 07d80deeab64db9e10364a162f7d2b7bf9f8bb93 (diff) | |
Fix data race in QObject::moveToThread()
We dereference thisThreadData in the next line, at a point in time
where we haven't, yet, verified that it's this_thread's QThreadData,
so we need an acquire fence.
The alternative would be to re-arrange the code so that dereferencing
the pointer is delayed until after we verified it's this_thread's, but
that doesn't seem readily possible.
Even if it was easy, we'd first need to verify whether there are any
writes into QThreadData objects after they've been constructed, in
which case the acquire fence may be needed even in case it's 'ours'.
So just add the acquire fence.
Pick-to: 6.3 6.2 5.15
Change-Id: I468bc1f971bd87345bfcd6c13b7384bdf09d086a
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Diffstat (limited to 'src/corelib/kernel/qobject.cpp')
| -rw-r--r-- | src/corelib/kernel/qobject.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/corelib/kernel/qobject.cpp b/src/corelib/kernel/qobject.cpp index 1d96110e257..e15dbde52e3 100644 --- a/src/corelib/kernel/qobject.cpp +++ b/src/corelib/kernel/qobject.cpp @@ -1817,7 +1817,7 @@ void QObject::moveToThread(QThread *targetThread) QThreadData *currentData = QThreadData::current(); QThreadData *targetData = targetThread ? QThreadData::get2(targetThread) : nullptr; - QThreadData *thisThreadData = d->threadData.loadRelaxed(); + QThreadData *thisThreadData = d->threadData.loadAcquire(); if (!thisThreadData->thread.loadAcquire() && currentData == targetData) { // one exception to the rule: we allow moving objects with no thread affinity to the current thread currentData = d->threadData; |