From 378e99d719aacc1d8c06bf07588bbe61fd5aba15 Mon Sep 17 00:00:00 2001
From: Tobias Deiminger <haxtibal@posteo.de>
Date: Thu, 30 Jan 2020 09:28:17 +0100
Subject: [PATCH] Fix race condition in generator.cpp

The check whether to allocate a new QMutex was unprotected.
Two threads may check and allocate concurrently, but only one pointer gets
remembered, the other one will leak. In worst case the returned
mutex is different for two threads, so that two threads try to
synchronize by using two different mutexes.
---
 core/generator.cpp | 15 +++------------
 core/generator_p.h |  6 +++---
 2 files changed, 6 insertions(+), 15 deletions(-)

diff --git a/core/generator.cpp b/core/generator.cpp
index 9e43375a9..3da0b5ae1 100644
--- a/core/generator.cpp
+++ b/core/generator.cpp
@@ -41,7 +41,7 @@ using namespace Okular;
 GeneratorPrivate::GeneratorPrivate()
     : m_document( nullptr ),
       mPixmapGenerationThread( nullptr ), mTextPageGenerationThread( nullptr ),
-      m_mutex( nullptr ), m_threadsMutex( nullptr ), mPixmapReady( true ), mTextPageReady( true ),
+      mPixmapReady( true ), mTextPageReady( true ),
       m_closing( false ), m_closingLoop( nullptr ),
       m_dpi(72.0, 72.0)
 {
@@ -59,9 +59,6 @@ GeneratorPrivate::~GeneratorPrivate()
         mTextPageGenerationThread->wait();
 
     delete mTextPageGenerationThread;
-
-    delete m_mutex;
-    delete m_threadsMutex;
 }
 
 PixmapGenerationThread* GeneratorPrivate::pixmapGenerationThread()
@@ -163,9 +160,7 @@ void GeneratorPrivate::textpageGenerationFinished()
 
 QMutex* GeneratorPrivate::threadsLock()
 {
-    if ( !m_threadsMutex )
-        m_threadsMutex = new QMutex();
-    return m_threadsMutex;
+    return &m_threadsMutex;
 }
 
 QVariant GeneratorPrivate::metaData( const QString &, const QVariant & ) const
@@ -508,11 +503,7 @@ QVariant Generator::documentMetaData( const DocumentMetaDataKey key, const QVari
 QMutex* Generator::userMutex() const
 {
     Q_D( const Generator );
-    if ( !d->m_mutex )
-    {
-        d->m_mutex = new QMutex();
-    }
-    return d->m_mutex;
+    return &d->m_mutex;
 }
 
 void Generator::updatePageBoundingBox( int page, const NormalizedRect & boundingBox )
diff --git a/core/generator_p.h b/core/generator_p.h
index 239be0a79..e5854c81f 100644
--- a/core/generator_p.h
+++ b/core/generator_p.h
@@ -15,12 +15,12 @@
 
 #include "area.h"
 
+#include <QMutex>
 #include <QSet>
 #include <QThread>
 #include <QImage>
 
 class QEventLoop;
-class QMutex;
 
 #include "generator.h"
 #include "page.h"
@@ -65,8 +65,8 @@ class GeneratorPrivate
         QSet< int > m_features;
         PixmapGenerationThread *mPixmapGenerationThread;
         TextPageGenerationThread *mTextPageGenerationThread;
-        mutable QMutex *m_mutex;
-        QMutex *m_threadsMutex;
+        mutable QMutex m_mutex;
+        QMutex m_threadsMutex;
         bool mPixmapReady : 1;
         bool mTextPageReady : 1;
         bool m_closing : 1;