From 5dc724d98dec8b4dfaa04132cac227d1909ca825 Mon Sep 17 00:00:00 2001 From: Marc Mutz Date: Tue, 17 May 2022 17:13:04 +0200 Subject: [PATCH] Fix data race in QObject::moveToThread() We dereference thisThreadData in the next line, at a point in time where we haven't, yet, verified that it's this_thread's QThreadData, so we need an acquire fence. The alternative would be to re-arrange the code so that dereferencing the pointer is delayed until after we verified it's this_thread's, but that doesn't seem readily possible. Even if it was easy, we'd first need to verify whether there are any writes into QThreadData objects after they've been constructed, in which case the acquire fence may be needed even in case it's 'ours'. So just add the acquire fence. Pick-to: 6.3 6.2 5.15 Change-Id: I468bc1f971bd87345bfcd6c13b7384bdf09d086a Reviewed-by: Thiago Macieira --- src/corelib/kernel/qobject.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/corelib/kernel/qobject.cpp b/src/corelib/kernel/qobject.cpp index 1d96110e257..e15dbde52e3 100644 --- a/src/corelib/kernel/qobject.cpp +++ b/src/corelib/kernel/qobject.cpp @@ -1817,7 +1817,7 @@ void QObject::moveToThread(QThread *targetThread) QThreadData *currentData = QThreadData::current(); QThreadData *targetData = targetThread ? QThreadData::get2(targetThread) : nullptr; - QThreadData *thisThreadData = d->threadData.loadRelaxed(); + QThreadData *thisThreadData = d->threadData.loadAcquire(); if (!thisThreadData->thread.loadAcquire() && currentData == targetData) { // one exception to the rule: we allow moving objects with no thread affinity to the current thread currentData = d->threadData;