Sandbox: Keep security tokens alive in canAccess methods

This fixes a regression introduced in 5111af7 and the corresponding issues (mixxxdj#11552 and mixxxdj#12137). To prevent this from happening again, 8c6154e marks `openSecurityToken` as `[[nodiscard]]`.
fwcd · Dec 22, 2023 · 94b5a11 · 94b5a11
1 parent 8c6154e
commit 94b5a11
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/src/util/sandbox.cpp b/src/util/sandbox.cpp
@@ -75,13 +75,17 @@ bool Sandbox::canAccess(mixxx::FileInfo* pFileInfo) {
     VERIFY_OR_DEBUG_ASSERT(pFileInfo) {
         return false;
     }
-    openSecurityToken(pFileInfo, true);
+    // NOTE: The token must be assigned to a variable, otherwise it will be
+    // invalidated immediately (causing `isReadable` to fail).
+    auto token = openSecurityToken(pFileInfo, true);
     return pFileInfo->isReadable();
 }
 
 //static
 bool Sandbox::canAccessDir(const QDir& dir) {
-    openSecurityTokenForDir(dir, true);
+    // NOTE: The token must be assigned to a variable, otherwise it will be
+    // invalidated immediately (causing `isReadable` to fail).
+    auto token = openSecurityTokenForDir(dir, true);
     return QFileInfo(dir.canonicalPath()).isReadable();
 }