git: 017b38ede362 - 2022Q1 - net/kldap: fix crash because of UB

From: Adriaan de Groot <adridg_at_FreeBSD.org>
Date: Mon, 24 Jan 2022 13:14:45 UTC
The branch 2022Q1 has been updated by adridg:

URL: https://cgit.FreeBSD.org/ports/commit/?id=017b38ede362a0ce60b109b4756f6924572df820

commit 017b38ede362a0ce60b109b4756f6924572df820
Author:     Adriaan de Groot <adridg@FreeBSD.org>
AuthorDate: 2022-01-24 11:02:08 +0000
Commit:     Adriaan de Groot <adridg@FreeBSD.org>
CommitDate: 2022-01-24 13:14:27 +0000

    net/kldap: fix crash because of UB
    
    Patch submitted upstream.
    
    PR:     261069
    (cherry picked from commit acbc052765d87af0a436f10b4c5a35880eaa14d2)
---
 net/kldap/Makefile            |  1 +
 net/kldap/files/patch-UB.diff | 68 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 69 insertions(+)

diff --git a/net/kldap/Makefile b/net/kldap/Makefile
index 4bbd45d60e18..ee58c745a78f 100644
--- a/net/kldap/Makefile
+++ b/net/kldap/Makefile
@@ -1,5 +1,6 @@
 PORTNAME=	kldap
 DISTVERSION=	${KDE_APPLICATIONS_VERSION}
+PORTREVISION=	1
 CATEGORIES=	net kde kde-applications
 
 MAINTAINER=	kde@FreeBSD.org
diff --git a/net/kldap/files/patch-UB.diff b/net/kldap/files/patch-UB.diff
new file mode 100644
index 000000000000..6a8c2057156f
--- /dev/null
+++ b/net/kldap/files/patch-UB.diff
@@ -0,0 +1,68 @@
+commit 1683a9d0749550b81ba3fd7ddeba4fc0884acb47
+Author: Adriaan de Groot <groot@kde.org>
+Date:   Mon Jan 24 11:27:29 2022 +0100
+
+    Fix crash in destructor when using libcxx (Clang STL, FreeBSD)
+    
+    This code crashes in the destructor of LdapClient on FreeBSD.
+    The crash is visible to uses who
+    - start KOrganizer
+    - click the "New Event" button
+    
+    The underlying issue is a lot like the one described in
+            https://blogs.kde.org/2021/02/20/uniqueptr-difference-between-libstdc-and-libc-crashes-your-application
+    There is a convoluted call-chain on destruction of LdapClient:
+    - ~LdapClient
+    - ~std::unique_ptr<LdapClientPrivate>
+    - ~LdapClientPrivate
+    - LdapClient::cancelQuery
+    - (accesses to members of LdapClientPrivate `d`)
+    
+    With libcxx, the pointer in `d` is already set to nullptr and
+    SEGV happens. I'm not sure it isn't UB, anyway, since the
+    destructor body for LdapClient has already run.
+    
+    The fix moves the implementation of `cancelQuery()` into
+    the private class. This means that the LdapClient class does
+    a little less poking-and-prodding in the private class,
+    but also cuts out the call-from-private-back-to-destroyed-
+    owning-LdapClient, fixing the SEGV and possible UB.
+diff --git src/widgets/ldapclient.cpp src/widgets/ldapclient.cpp
+index cf94ea9..012b3a7 100644
+--- src/widgets/ldapclient.cpp
++++ src/widgets/ldapclient.cpp
+@@ -31,9 +31,11 @@ public:
+ 
+     ~LdapClientPrivate()
+     {
+-        q->cancelQuery();
++        cancelQuery();
+     }
+ 
++    void cancelQuery();
++    
+     void startParseLDIF();
+     void parseLDIF(const QByteArray &data);
+     void endParseLDIF();
+@@ -133,12 +135,17 @@ void LdapClient::startQuery(const QString &filter)
+ 
+ void LdapClient::cancelQuery()
+ {
+-    if (d->mJob) {
+-        d->mJob->kill();
+-        d->mJob = nullptr;
++    d->cancelQuery();
++}
++
++void LdapClient::LdapClientPrivate::cancelQuery()
++{
++    if (mJob) {
++        mJob->kill();
++        mJob = nullptr;
+     }
+ 
+-    d->mActive = false;
++    mActive = false;
+ }
+ 
+ void LdapClient::LdapClientPrivate::slotData(KIO::Job *, const QByteArray &data)