From 083181c6cc851bccc60f523bcf6073feb2d36afc Mon Sep 17 00:00:00 2001
From: Friedemann Kleint <Friedemann.Kleint@qt.io>
Date: Wed, 15 Sep 2021 16:30:14 +0200
Subject: shiboken6: Fix potential invalid memory read

Do not store a reference to the (cached) function
modifications in CppGenerator::writeVirtualMethodNative()
as nested method calls may invalidate it.

Change-Id: Iac6b0f27649935c875603c6fff10a80d98824714
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Christian Tismer <tismer@stackless.com>
(cherry picked from commit 393543d02ac5b8908ff80f75e0460bbb4fb901aa)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
---
 sources/shiboken6/generator/shiboken/cppgenerator.cpp | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/sources/shiboken6/generator/shiboken/cppgenerator.cpp b/sources/shiboken6/generator/shiboken/cppgenerator.cpp
index e84f29303..6a3cb0fe9 100644
--- a/sources/shiboken6/generator/shiboken/cppgenerator.cpp
+++ b/sources/shiboken6/generator/shiboken/cppgenerator.cpp
@@ -1002,9 +1002,8 @@ void CppGenerator::writeVirtualMethodNative(TextStream &s,
     s << functionSignature(func, prefix, QString(), Generator::SkipDefaultValues|Generator::OriginalTypeDescription)
       << "\n{\n" << indent;
 
-    const FunctionModificationList &functionModifications = func->modifications();
-
-    const QString returnStatement = virtualMethodReturn(s, api(), func, functionModifications);
+    const QString returnStatement = virtualMethodReturn(s, api(), func,
+                                                        func->modifications());
 
     if (func->isAbstract() && func->isModifiedRemoved()) {
         qCWarning(lcShiboken, "%s", qPrintable(msgPureVirtualFunctionRemoved(func.data())));
@@ -1126,7 +1125,7 @@ void CppGenerator::writeVirtualMethodNative(TextStream &s,
 
     bool invalidateReturn = false;
     QSet<int> invalidateArgs;
-    for (const FunctionModification &funcMod : functionModifications) {
+    for (const FunctionModification &funcMod : func->modifications()) {
         for (const ArgumentModification &argMod : funcMod.argument_mods()) {
             const int index = argMod.index();
             if (argMod.resetAfterUse() && !invalidateArgs.contains(index)) {
@@ -1228,7 +1227,7 @@ void CppGenerator::writeVirtualMethodNative(TextStream &s,
     }
 
 
-    for (const FunctionModification &funcMod : functionModifications) {
+    for (const FunctionModification &funcMod : func->modifications()) {
         for (const ArgumentModification &argMod : funcMod.argument_mods()) {
             if (argMod.index() == 0
                 && argMod.nativeOwnership() == TypeSystem::CppOwnership) {
-- 
cgit v1.2.3