Bug 451946

Summary: Calling KIdleTime::removeIdleTimeout() during KidleTime::timeoutReached() signal causes crash
Product: [Frameworks and Libraries] frameworks-kidletime Reporter: Ada Christine Fontaine <adachristine18>
Component: generalAssignee: kdelibs bugs <kdelibs-bugs>
Status: RESOLVED FIXED    
Severity: crash CC: aspotashev
Priority: NOR    
Version: 5.92.0   
Target Milestone: ---   
Platform: Arch Linux   
OS: Linux   
Latest Commit: Version Fixed In: 5.93.0
Sentry Crash Report:
Attachments: backtrace

Description Ada Christine Fontaine 2022-03-27 01:05:18 UTC
Created attachment 147756 [details]
backtrace

Calling KIdleTime::removeIdleTimeout() from a slot connected to KIdleTime::timeoutReached() will cause an application to crash at QHashData::nextNode()

STEPS TO REPRODUCE
1. connect a slot to KIdleTime::timeoutReached()
2. call KIdletime::instance()->setTimeout()
3. wait for the timeout to occur
3. call KIdleTime::instance()->removeTimeout() with the returned key from setTimeout() inside the connected slot.
4. return from the slot

OBSERVED RESULT
application crashes at QHashData::nextNode() via QHash::iterator::operator++()

EXPECTED RESULT
application proceeds normally

SOFTWARE/OS VERSIONS
Linux: 5.17.0
KDE Frameworks Version: 5.92.0
Qt Version: 5.15.5

ADDITIONAL INFORMATION
Comment 1 Ada Christine Fontaine 2022-03-28 09:39:40 UTC
Git commit cd5040684723b87c7ba5b7cc1b1a63402902a641 by Ada Christine.
Committed on 27/03/2022 at 22:28.
Pushed by ahmadsamir into branch 'master'.

Fixed crash during KIdleTime::timeoutReached()

timeoutReached() will cause a crash if an item is removed from associations
during signal dispatch due to iterator invalidation. iterate over a
const container of the assoication keys only triggering ones matching
the current timeout value to avoid the crash and unnecessary copying

M  +5    -5    src/kidletime.cpp

https://invent.kde.org/frameworks/kidletime/commit/cd5040684723b87c7ba5b7cc1b1a63402902a641