From aa633ff276e593af227d7c4a84db230382185490 Mon Sep 17 00:00:00 2001
From: Anton Kudryavtsev <anton.kudryavtsev@corp.mail.ru>
Date: Mon, 15 Oct 2018 20:08:47 +0300
Subject: QMetaEnum: fix UB

Check ptr before usage.

Change-Id: Iac757a2e260b237d837318932cc0b5896c6e04c2
Reviewed-by: Olivier Goffart (Woboq GmbH) <ogoffart@woboq.com>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
---
 src/corelib/kernel/qmetaobject.cpp                    |  8 ++++++--
 tests/auto/corelib/kernel/qmetaenum/tst_qmetaenum.cpp | 10 ++++++++++
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/src/corelib/kernel/qmetaobject.cpp b/src/corelib/kernel/qmetaobject.cpp
index b647f69978..c642cd07f2 100644
--- a/src/corelib/kernel/qmetaobject.cpp
+++ b/src/corelib/kernel/qmetaobject.cpp
@@ -2652,8 +2652,10 @@ int QMetaEnum::value(int index) const
 */
 bool QMetaEnum::isFlag() const
 {
+    if (!mobj)
+        return false;
     const int offset = priv(mobj->d.data)->revision >= 8 ? 2 : 1;
-    return mobj && mobj->d.data[handle + offset] & EnumIsFlag;
+    return mobj->d.data[handle + offset] & EnumIsFlag;
 }
 
 /*!
@@ -2664,8 +2666,10 @@ bool QMetaEnum::isFlag() const
 */
 bool QMetaEnum::isScoped() const
 {
+    if (!mobj)
+        return false;
     const int offset = priv(mobj->d.data)->revision >= 8 ? 2 : 1;
-    return mobj && mobj->d.data[handle + offset] & EnumIsScoped;
+    return mobj->d.data[handle + offset] & EnumIsScoped;
 }
 
 /*!
diff --git a/tests/auto/corelib/kernel/qmetaenum/tst_qmetaenum.cpp b/tests/auto/corelib/kernel/qmetaenum/tst_qmetaenum.cpp
index bb111a9137..6ed0a6caa9 100644
--- a/tests/auto/corelib/kernel/qmetaenum/tst_qmetaenum.cpp
+++ b/tests/auto/corelib/kernel/qmetaenum/tst_qmetaenum.cpp
@@ -46,6 +46,7 @@ private slots:
     void fromType();
     void valuesToKeys_data();
     void valuesToKeys();
+    void defaultConstructed();
 };
 
 void tst_QMetaEnum::fromType()
@@ -99,6 +100,15 @@ void tst_QMetaEnum::valuesToKeys()
     QCOMPARE(me.valueToKeys(windowFlags), expected);
 }
 
+void tst_QMetaEnum::defaultConstructed()
+{
+    QMetaEnum e;
+    QVERIFY(!e.isValid());
+    QVERIFY(!e.isScoped());
+    QVERIFY(!e.isFlag());
+    QCOMPARE(e.name(), QByteArray());
+}
+
 Q_STATIC_ASSERT(QtPrivate::IsQEnumHelper<tst_QMetaEnum::SuperEnum>::Value);
 Q_STATIC_ASSERT(QtPrivate::IsQEnumHelper<Qt::WindowFlags>::Value);
 Q_STATIC_ASSERT(QtPrivate::IsQEnumHelper<Qt::Orientation>::Value);
-- 
cgit v1.2.3