Fix occasional UAF crashes in KConfig::sync() during exit

Previously, c035e95 introduced `QtConcurrent::run` to execute `KConfig::sync()` in a separate thread. However, this introduced thread-safety issue:

BUG 518433 (UAF caused by RC):
During application exit, the main thread frees the old `s_sessionConfig` in `KMWSessionManager::saveState()` to create a new one. Meanwhile, the worker thread is still iterating over the old instance's entryMap during `KConfig::sync()`, leading to a Use-After-Free (UAF) crash.

Changes:
Copy the `config` in the main thread so `KConfig::sync()` can safely run in the worker.

BUG: 518433
BUG: 516481
CCBUG: 425627

1 files changed, 5 insertions, 2 deletions

diff --git a/src/dolphinmainwindow.cpp b/src/dolphinmainwindow.cpp
index e6da0f5e0..615e52480 100644
--- a/src/dolphinmainwindow.cpp
+++ b/src/dolphinmainwindow.cpp
@@ -87,6 +87,7 @@
 #include <QLineEdit>
 #include <QMenuBar>
 #include <QPushButton>
+#include <QSharedPointer>
 #include <QShowEvent>
 #include <QStandardPaths>
 #include <QTimer>
@@ -788,8 +789,10 @@ void DolphinMainWindow::slotSaveSession()
         KConfigGroup group = config->group(QStringLiteral("Number"));
         group.writeEntry("NumberOfWindows", 1); // Makes session restore aware that there is a window to restore.
 
-        auto future = QtConcurrent::run([config]() {
-            config->sync();
+        // Copy the config in the main thread so sync() can safely run in the worker.
+        QSharedPointer<KConfig> configCopy(config->copyTo(config->name()));
+        auto future = QtConcurrent::run([configCopy]() {
+            configCopy->sync();
         });
         m_sessionSaveWatcher->setFuture(future);
     }