diff options
author | Marc Mutz <marc.mutz@kdab.com> | 2016-09-18 16:44:19 +0200 |
---|---|---|
committer | Marc Mutz <marc.mutz@kdab.com> | 2016-09-18 17:59:24 +0000 |
commit | 8082c0dc81b50c44a0cf1984cb2c484b007c64a4 (patch) | |
tree | bca7a1b6432fb4a5b374f7784f63bf3ba53c5511 /tests/manual/qopenglwindow/multiwindow | |
parent | 29d64bc8e06d6809ac0c68b7b5459a8a51667769 (diff) |
QBrush: Fix UB (non-virtual dtor) in QBrush::detach()
As the d-pointer, QBrush uses a QScopedPointer with a
custom deleter that checks for QBrushData::style and
casts the QBrushData pointer down to corresponding
subclasses before calling delete on them.
In QBrush::detach(), however, any of the three brush
data classes were held in a QScopedPointer _without_
the custom deleter, invoking UB when that scoped
pointer would ever get to be the one that deleted
the payload instead of handing it over to the objects
d-pointer.
Found by making dtors protected following a Coverity
report wrongly marked as 'dismissed' (these static
checks are not included in this patch, since they
are binary-incompatible), to find out where Coverity
could possibly see a problem.
Also replace the d.reset(x.take()) that allowed this
mismatch to compile with d.swap(x), which nicely
ensures that x and d are of the same type.
Coverity-Id: 11772
Change-Id: I85e2c205df9291bd7508b6c90f7b03fbe8c3bcd2
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Diffstat (limited to 'tests/manual/qopenglwindow/multiwindow')
0 files changed, 0 insertions, 0 deletions