Don't crash when accessing QVariant data pointer

The write method is called with a QVariant, and even though the property
might be of a QObject type, the variant might not contain a QObject. So
accessing the variant data directly via QVariant::constData and
static_cast'ing the void* to QObject* is not safe.

Add an explicit check before accessing. An alternative would be to at
least Q_ASSERT that the result of the cast and a QVariant::value call is
the same, which would then not introduce any performance penalty in
release builds. However, users use release-builds of qml and Qt tooling
to write QML, and we writing wrong QML code should not crash then
either.

Include a test case that segfaults without the fix.

Pick-to: 6.2
Fixes: QTBUG-98367
Change-Id: Ib3ae82d03c9b2df6251ee88d5bd969dd4f796a41
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>

1 files changed, 1 insertions, 1 deletions

diff --git a/src/qml/qml/qqmlproperty.cpp b/src/qml/qml/qqmlproperty.cpp
index 02a18164ab..9046cc26a0 100644
--- a/src/qml/qml/qqmlproperty.cpp
+++ b/src/qml/qml/qqmlproperty.cpp
@@ -1384,7 +1384,7 @@ bool QQmlPropertyPrivate::write(
             varType = variantMetaType;
         }
         QQmlMetaObject valMo = rawMetaObjectForType(enginePriv, varType);
-        if (valMo.isNull())
+        if (valMo.isNull() || !varType.flags().testFlag(QMetaType::PointerToQObject))
             return false;
         QObject *o = *static_cast<QObject *const *>(val.constData());
         QQmlMetaObject propMo = rawMetaObjectForType(enginePriv, propertyMetaType);