Fix FPE in QApplicationPrivate::dispatchEnterLeave() due to invalid cursor position.

QGuiApplicationPrivate::lastCursorPosition is initialized to qInf(),
qIn(). Under some circumstances, this is passed to dispatchEnterLeave()
which causes an FPE in QPointF::toPoint().

Move the invocation of QPointF::toPoint() to the if-branch handling the
enter list, which already fixes the FPE. To be extra sure, clamp to
QWIDGETSIZE_MAX.

Task-number: QTBUG-45501
Change-Id: I2d1407415e6360196730d23ee319d1ee6981d1f5
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>

1 files changed, 4 insertions, 1 deletions

diff --git a/src/widgets/kernel/qapplication.cpp b/src/widgets/kernel/qapplication.cpp
index ed10beddd4..dd7474b930 100644
--- a/src/widgets/kernel/qapplication.cpp
+++ b/src/widgets/kernel/qapplication.cpp
@@ -2312,7 +2312,6 @@ QWidget *QApplicationPrivate::focusNextPrevChild_helper(QWidget *toplevel, bool
  */
 void QApplicationPrivate::dispatchEnterLeave(QWidget* enter, QWidget* leave, const QPointF &globalPosF)
 {
-    const QPoint globalPos = globalPosF.toPoint();
 #if 0
     if (leave) {
         QEvent e(QEvent::Leave);
@@ -2399,6 +2398,10 @@ void QApplicationPrivate::dispatchEnterLeave(QWidget* enter, QWidget* leave, con
         }
     }
     if (!enterList.isEmpty()) {
+        // Guard against QGuiApplicationPrivate::lastCursorPosition initialized to qInf(), qInf().
+        const QPoint globalPos = qIsInf(globalPosF.x())
+            ? QPoint(QWIDGETSIZE_MAX, QWIDGETSIZE_MAX)
+            : globalPosF.toPoint();
         const QPoint windowPos = enterList.front()->window()->mapFromGlobal(globalPos);
         for (int i = 0; i < enterList.size(); ++i) {
             w = enterList.at(i);