diff options
| author | Sami Shalayel <sami.shalayel@qt.io> | 2022-11-30 15:29:13 +0100 |
|---|---|---|
| committer | Sami Shalayel <sami.shalayel@qt.io> | 2022-12-02 18:53:12 +0000 |
| commit | cda417cf03694256a84b4abe77de0f5f49ebdf32 (patch) | |
| tree | 20a4627920c717b6a9d3e845080f488fb3e58b5c /src/qml/jsruntime/qv4qobjectwrapper.cpp | |
| parent | 3f4856dbca0114b8f354df482fec437dc6b04d23 (diff) | |
| download | qtdeclarative-cda417cf03694256a84b4abe77de0f5f49ebdf32.tar.gz | |
qv4qobjectwrapper: return false on failed argument conversion
It was possible to call c++-methods (either invokable or as slot) with
wrong arguments, which caused a crash.
The reason was that CallMethod(...) converted something to a QObject
without checking if it was an actual QObject. The wrongly typed argument
would end up reinterpret_cast'ed into another type for the call, which
leads to segmentation fault when accessing the argument in the function.
Added a test where an int tried to be reinterpret-cast'ed into a QFont.
Pick-to: 6.4 6.2
Fixes: QTBUG-108994
Change-Id: I8c45c9124411ad3fd100faed0b03390843f7d034
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
Diffstat (limited to 'src/qml/jsruntime/qv4qobjectwrapper.cpp')
| -rw-r--r-- | src/qml/jsruntime/qv4qobjectwrapper.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/qml/jsruntime/qv4qobjectwrapper.cpp b/src/qml/jsruntime/qv4qobjectwrapper.cpp index e249c8a6d8..bf6bc630f8 100644 --- a/src/qml/jsruntime/qv4qobjectwrapper.cpp +++ b/src/qml/jsruntime/qv4qobjectwrapper.cpp @@ -2176,7 +2176,7 @@ bool CallArgument::fromValue(QMetaType metaType, ExecutionEngine *engine, const } const QQmlMetaObject mo = QQmlMetaType::rawMetaObjectForType(metaType); - if (!mo.isNull()) { + if (!mo.isNull() && v.metaType().flags().testFlag(QMetaType::PointerToQObject)) { QObject *obj = QQmlMetaType::toQObject(v); if (obj != nullptr && !QQmlMetaObject::canConvert(obj, mo)) { |