diff options
author | Volker Hilsheimer <volker.hilsheimer@qt.io> | 2021-12-10 15:30:50 +0100 |
---|---|---|
committer | Ulf Hermann <ulf.hermann@qt.io> | 2021-12-11 06:13:37 +0100 |
commit | d62c216cbd09fb43302b146d5d8aca529f2b70a7 (patch) | |
tree | 4f92fa5e8550a07ca7a3f3c9f9e46a004416b677 /src/qml/qml/qqmlproperty.cpp | |
parent | bea06407bc14e6c5d2102a64f4f8dcb8eca8f515 (diff) |
Don't crash when accessing QVariant data pointer
The write method is called with a QVariant, and even though the property
might be of a QObject type, the variant might not contain a QObject. So
accessing the variant data directly via QVariant::constData and
static_cast'ing the void* to QObject* is not safe.
Add an explicit check before accessing. An alternative would be to at
least Q_ASSERT that the result of the cast and a QVariant::value call is
the same, which would then not introduce any performance penalty in
release builds. However, users use release-builds of qml and Qt tooling
to write QML, and we writing wrong QML code should not crash then
either.
Include a test case that segfaults without the fix.
Pick-to: 6.2
Fixes: QTBUG-98367
Change-Id: Ib3ae82d03c9b2df6251ee88d5bd969dd4f796a41
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Diffstat (limited to 'src/qml/qml/qqmlproperty.cpp')
-rw-r--r-- | src/qml/qml/qqmlproperty.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/qml/qml/qqmlproperty.cpp b/src/qml/qml/qqmlproperty.cpp index 02a18164ab..9046cc26a0 100644 --- a/src/qml/qml/qqmlproperty.cpp +++ b/src/qml/qml/qqmlproperty.cpp @@ -1384,7 +1384,7 @@ bool QQmlPropertyPrivate::write( varType = variantMetaType; } QQmlMetaObject valMo = rawMetaObjectForType(enginePriv, varType); - if (valMo.isNull()) + if (valMo.isNull() || !varType.flags().testFlag(QMetaType::PointerToQObject)) return false; QObject *o = *static_cast<QObject *const *>(val.constData()); QQmlMetaObject propMo = rawMetaObjectForType(enginePriv, propertyMetaType); |