From 740b5c1fea56d1ec7b227b25e58a64355a8963f9 Mon Sep 17 00:00:00 2001
From: Olivier Goffart <ogoffart@woboq.com>
Date: Fri, 24 Feb 2017 11:27:21 +0100
Subject: Fix UB in QWidgetResizeHandler::eventFilter

Unconditional cast to a QMouseEvent while the event might also be a
QKeyEvent.

Change-Id: If5eb6fbad6e4440c167ff95298f51efde1834217
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
---
 src/widgets/widgets/qwidgetresizehandler.cpp | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

(limited to 'src/widgets/widgets')

diff --git a/src/widgets/widgets/qwidgetresizehandler.cpp b/src/widgets/widgets/qwidgetresizehandler.cpp
index 016598849b..dc7353a6ca 100644
--- a/src/widgets/widgets/qwidgetresizehandler.cpp
+++ b/src/widgets/widgets/qwidgetresizehandler.cpp
@@ -112,9 +112,9 @@ bool QWidgetResizeHandler::eventFilter(QObject *o, QEvent *ee)
         return false;
     }
 
-    QMouseEvent *e = (QMouseEvent*)ee;
-    switch (e->type()) {
+    switch (ee->type()) {
     case QEvent::MouseButtonPress: {
+        QMouseEvent *e = static_cast<QMouseEvent *>(ee);
         if (w->isMaximized())
             break;
         if (!widget->rect().contains(widget->mapFromGlobal(e->globalPos())))
@@ -155,7 +155,7 @@ bool QWidgetResizeHandler::eventFilter(QObject *o, QEvent *ee)
     case QEvent::MouseButtonRelease:
         if (w->isMaximized())
             break;
-        if (e->button() == Qt::LeftButton) {
+        if (static_cast<QMouseEvent *>(ee)->button() == Qt::LeftButton) {
             moveResizeMode = false;
             buttonDown = false;
             widget->releaseMouse();
@@ -171,6 +171,7 @@ bool QWidgetResizeHandler::eventFilter(QObject *o, QEvent *ee)
     case QEvent::MouseMove: {
         if (w->isMaximized())
             break;
+        QMouseEvent *e = static_cast<QMouseEvent *>(ee);
         buttonDown = buttonDown && (e->buttons() & Qt::LeftButton); // safety, state machine broken!
         bool me = movingEnabled;
         movingEnabled = (me && o == widget && (buttonDown || moveResizeMode));
@@ -184,11 +185,11 @@ bool QWidgetResizeHandler::eventFilter(QObject *o, QEvent *ee)
         }
     } break;
     case QEvent::KeyPress:
-        keyPressEvent((QKeyEvent*)e);
+        keyPressEvent(static_cast<QKeyEvent *>(ee));
         break;
     case QEvent::ShortcutOverride:
         if (buttonDown) {
-            ((QKeyEvent*)ee)->accept();
+            ee->accept();
             return true;
         }
         break;
-- 
cgit v1.2.3