From f8c5af9ef4e2db8eb676f78038c02a14c3175877 Mon Sep 17 00:00:00 2001
From: Ivan Solovev <ivan.solovev@qt.io>
Date: Thu, 21 Dec 2023 11:46:00 +0100
Subject: [PATCH] QFuture: immediately delete watcher after the context is
 destroyed
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

We used deleteLater(), which was triggering ASAN use-after-free error.
Apparently, what could happen is that after the context was destroyed,
we called deleteLater(), but if at this point the previous future got
finished, we still tried to emit watcher->run() to execute the
continuation. And then the watcher got deleted.

This patch replaces deleteLater() with a plain delete call. This looks
safe, because the watcher is only accessed while holding the lock.

Amends 59e21a536f7f81625216dc7a621e7be59919da33.

Fixes: QTBUG-120302
Change-Id: Ia32f20bfe8daea2e2346f3d446c978ae305d2f68
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit 11333a097290e4247b27adbfd024d5aa964bed35)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 7f6b62f3fcf2fccf0b97457c64fb20a0377cb958)
---
 src/corelib/thread/qfutureinterface.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/corelib/thread/qfutureinterface.cpp b/src/corelib/thread/qfutureinterface.cpp
index 9fbecd095fd..7bee6dd72e7 100644
--- a/src/corelib/thread/qfutureinterface.cpp
+++ b/src/corelib/thread/qfutureinterface.cpp
@@ -77,7 +77,7 @@ void QtPrivate::watchContinuationImpl(const QObject *context, QSlotObjectBase *s
     auto watcherMutex = std::make_shared<QRecursiveMutex>();
     const auto destroyWatcher = [watcherMutex, watcher]() mutable {
         QMutexLocker lock(watcherMutex.get());
-        watcher->deleteLater();
+        delete watcher;
     };
 
     // ### we're missing a convenient way to `QObject::connect()` to a `QSlotObjectBase`...