summaryrefslogtreecommitdiffstats
path: root/src/gui
diff options
context:
space:
mode:
authorMarc Mutz <marc.mutz@kdab.com>2014-08-29 22:27:00 +0200
committerMarc Mutz <marc.mutz@kdab.com>2014-10-03 20:45:09 +0200
commit1adc586abda245c9caf78a929fd96917532f44a3 (patch)
tree803e24e884ef6595000c94e2a86760fb9ad9784f /src/gui
parent39b32f0874de8325f51d0b3ea72fc0ad0aa75f5f (diff)
QBrush: be more robust in detach()
If detach() was called with a newStyle corresponding to a gradient, but with d->style not a gradient, it would execute an invalid cast and read invalid memory. The reason this has not been seen in practice is that a non-gradient brush instance can currently never become a gradient one. But that may change when someone adds an operator=(QGradient), so in the interest of robust code, add a check to verify the old style was a gradient before accessing the corresponding member. Change-Id: I216a144d31a9ed7145bcd829f3ae5f44a41672db Reviewed-by: Gunnar Sletta <gunnar@sletta.org>
Diffstat (limited to 'src/gui')
-rw-r--r--src/gui/painting/qbrush.cpp12
1 files changed, 10 insertions, 2 deletions
diff --git a/src/gui/painting/qbrush.cpp b/src/gui/painting/qbrush.cpp
index eca2860ab9..d120175108 100644
--- a/src/gui/painting/qbrush.cpp
+++ b/src/gui/painting/qbrush.cpp
@@ -596,8 +596,16 @@ void QBrush::detach(Qt::BrushStyle newStyle)
case Qt::RadialGradientPattern:
case Qt::ConicalGradientPattern:
x.reset(new QGradientBrushData);
- static_cast<QGradientBrushData *>(x.data())->gradient =
- static_cast<QGradientBrushData *>(d.data())->gradient;
+ switch (d->style) {
+ case Qt::LinearGradientPattern:
+ case Qt::RadialGradientPattern:
+ case Qt::ConicalGradientPattern:
+ static_cast<QGradientBrushData *>(x.data())->gradient =
+ static_cast<QGradientBrushData *>(d.data())->gradient;
+ break;
+ default:
+ break;
+ }
break;
default:
x.reset(new QBrushData);
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-03 21:52:12 +0000