From 8ba68efda25bce3f9a13176d26ed6b3f5a8a99e7 Mon Sep 17 00:00:00 2001
From: yeshanshan <yeshanshan@uniontech.com>
Date: Wed, 11 Mar 2026 10:25:48 +0800
Subject: [PATCH] fix: prevent dangling pointer in
 XembedProtocol::onRemoveItemByPid
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

1. Fixed a potential dangling pointer issue by storing
m_registedItem.keys() in a local variable
2. Previously used m_registedItem.keys() directly which could become
invalid after container modification
3. Now using a const copy of keys to ensure stable iteration during
item removal
4. This prevents crashes when removing items from the tray icon registry

Influence:
1. Test tray icon removal functionality when applications exit
2. Verify no crashes occur during dynamic tray icon updates
3. Test with multiple tray icons being added and removed simultaneously
4. Verify tray icon registry remains stable during container
modifications

fix: 修复 XembedProtocol::onRemoveItemByPid 中的野指针问题

1. 通过将 m_registedItem.keys() 存储在局部变量中修复了潜在的野指针问题
2. 之前直接使用 m_registedItem.keys()，在容器修改后可能变为无效
3. 现在使用 keys 的常量副本以确保在移除项目期间迭代的稳定性
4. 这防止了从托盘图标注册表中移除项目时发生崩溃

Influence:
1. 测试应用程序退出时的托盘图标移除功能
2. 验证在动态托盘图标更新期间不会发生崩溃
3. 测试多个托盘图标同时添加和移除的情况
4. 验证托盘图标注册表在容器修改期间保持稳定
---
 plugins/application-tray/xembedprotocolhandler.cpp | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/plugins/application-tray/xembedprotocolhandler.cpp b/plugins/application-tray/xembedprotocolhandler.cpp
index 14ab1346f..8a8bc5f5f 100644
--- a/plugins/application-tray/xembedprotocolhandler.cpp
+++ b/plugins/application-tray/xembedprotocolhandler.cpp
@@ -1,4 +1,4 @@
-// SPDX-FileCopyrightText: 2024 UnionTech Software Technology Co., Ltd.
+// SPDX-FileCopyrightText: 2024 - 2026 UnionTech Software Technology Co., Ltd.
 //
 // SPDX-License-Identifier: GPL-3.0-or-later
 
@@ -115,8 +115,9 @@ void XembedProtocol::onTrayIconsChanged()
 
 void XembedProtocol::onRemoveItemByPid(uint pid)
 {
-    auto it = std::find_if(m_registedItem.keys().begin(), m_registedItem.keys().end(), [this, pid] (uint id) { return pid == m_item2Pid[id]; });
-    if (it != m_registedItem.keys().end()) {
+    const auto keys = m_registedItem.keys();
+    auto it = std::find_if(keys.begin(), keys.end(), [this, pid] (uint id) { return pid == m_item2Pid[id]; });
+    if (it != keys.end()) {
         m_item2Pid.remove(*it);
         m_registedItem.remove(*it);
     }