From 5283ee71040dc2f3a762e9cc5e807fb17587e9b7 Mon Sep 17 00:00:00 2001
From: Fabian Kosmale <fabian.kosmale@qt.io>
Date: Wed, 25 Nov 2020 21:09:27 +0100
Subject: [PATCH] QCache: Fix crash observed in tst_QAccessibility

Fixes a use-after-free which can reliably be observed under ASAN. In
QConfFileSettingsPrivate::~QConfFileSettingsPrivate we call
unusedCache->insert(conf_file->name, conf_file, ...)
Note that the key is a member of the object. Thus by deleting the object
before using the key, we dereference a dangling pointer.

Amends f08492c6fd9818c7d80b1725355453e179b4d85b.

Pick-to: dev 6.0.0
Change-Id: I3a550fc73446b72dd46456232e85f6d206d64c01
Reviewed-by: Andy Shaw <andy.shaw@qt.io>
---
 src/corelib/tools/qcache.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/corelib/tools/qcache.h b/src/corelib/tools/qcache.h
index 7c065a8806f..74784af1212 100644
--- a/src/corelib/tools/qcache.h
+++ b/src/corelib/tools/qcache.h
@@ -237,8 +237,8 @@ public:
     bool insert(const Key &key, T *object, qsizetype cost = 1)
     {
         if (cost > mx) {
-            delete object;
             remove(key);
+            delete object;
             return false;
         }
         trim(mx - cost);