From cea3c2ce02b86ce03880ef8386465efee4161471 Mon Sep 17 00:00:00 2001
From: Marc Mutz <marc.mutz@qt.io>
Date: Thu, 22 Dec 2022 15:11:52 +0100
Subject: [PATCH] Fix UB (reference to local variable leaving scope) in
 runOnAndroidMainThread()

The QAndroidApplication::runOnAndroidMainThread() function creates a
task on QThreadPool::globalInstance() to wait for a timeout and cancel
the QFuture representing the task.

It does so by passing a lambda to QThreadPool::start(std::function)
that captures the future, a local variable, by reference. This is UB
when the lambda is ever executed, because the local stack variable's
lifetime will have ended.

To fix, simply capture the future by value, not by reference. Since
QFuture::cancel() is not const, we need to make the lambda mutable.

Fixes: QTBUG-109586
Change-Id: Icacfb0dc76bcd3a145f90126f535e7c0f4b5ef6a
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Ville Voutilainen <ville.voutilainen@qt.io>
(cherry picked from commit 3642d5680df8a1b70e4a1a111347005e08555070)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
---
 src/corelib/platform/android/qandroidnativeinterface.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/corelib/platform/android/qandroidnativeinterface.cpp b/src/corelib/platform/android/qandroidnativeinterface.cpp
index d54bc862ddd..b28cc771d8b 100644
--- a/src/corelib/platform/android/qandroidnativeinterface.cpp
+++ b/src/corelib/platform/android/qandroidnativeinterface.cpp
@@ -166,7 +166,7 @@ QFuture<QVariant> QNativeInterface::QAndroidApplication::runOnAndroidMainThread(
     promise->start();
 
     if (!timeout.isForever()) {
-        QThreadPool::globalInstance()->start([=, &future]() {
+        QThreadPool::globalInstance()->start([=]() mutable {
             QEventLoop loop;
             QTimer::singleShot(timeout.remainingTime(), &loop, [&]() {
                 future.cancel();