diff options
author | Marc Mutz <marc.mutz@kdab.com> | 2014-08-29 22:27:00 +0200 |
---|---|---|
committer | Marc Mutz <marc.mutz@kdab.com> | 2014-10-03 20:45:09 +0200 |
commit | 1adc586abda245c9caf78a929fd96917532f44a3 (patch) | |
tree | 803e24e884ef6595000c94e2a86760fb9ad9784f /src/gui/painting/qbrush.cpp | |
parent | 39b32f0874de8325f51d0b3ea72fc0ad0aa75f5f (diff) |
QBrush: be more robust in detach()
If detach() was called with a newStyle corresponding to a gradient,
but with d->style not a gradient, it would execute an invalid cast
and read invalid memory.
The reason this has not been seen in practice is that a non-gradient
brush instance can currently never become a gradient one. But that
may change when someone adds an operator=(QGradient), so in the
interest of robust code, add a check to verify the old style was a
gradient before accessing the corresponding member.
Change-Id: I216a144d31a9ed7145bcd829f3ae5f44a41672db
Reviewed-by: Gunnar Sletta <gunnar@sletta.org>
Diffstat (limited to 'src/gui/painting/qbrush.cpp')
-rw-r--r-- | src/gui/painting/qbrush.cpp | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/src/gui/painting/qbrush.cpp b/src/gui/painting/qbrush.cpp index eca2860ab9..d120175108 100644 --- a/src/gui/painting/qbrush.cpp +++ b/src/gui/painting/qbrush.cpp @@ -596,8 +596,16 @@ void QBrush::detach(Qt::BrushStyle newStyle) case Qt::RadialGradientPattern: case Qt::ConicalGradientPattern: x.reset(new QGradientBrushData); - static_cast<QGradientBrushData *>(x.data())->gradient = - static_cast<QGradientBrushData *>(d.data())->gradient; + switch (d->style) { + case Qt::LinearGradientPattern: + case Qt::RadialGradientPattern: + case Qt::ConicalGradientPattern: + static_cast<QGradientBrushData *>(x.data())->gradient = + static_cast<QGradientBrushData *>(d.data())->gradient; + break; + default: + break; + } break; default: x.reset(new QBrushData); |