diff options
author | Simon Hausmann <simon.hausmann@qt.io> | 2017-11-29 14:33:16 +0100 |
---|---|---|
committer | Lars Knoll <lars.knoll@qt.io> | 2017-12-14 13:16:21 +0000 |
commit | f25203296d4e29b5e7e4000950f76045a5a832bd (patch) | |
tree | 0b897252199798c5c4259356f449543235c69f2e | |
parent | d7a4658475cfb460979d7af02de048a9405c123e (diff) |
Fix stack use after scope when calling overloaded constructors
This is a regression of commit 0d7dd44d781a73c4bd065c0660d4a2f824a86f05
that ended up moving the stack-local storage into a scope that's too
close. Pointers into the storage are stored in methodArgTypes and used
throughput the surrounding while loop.
Covered by tst_QJSEngine::newQMetaObject when run with ASAN.
Change-Id: I44928d67ebdb0b5bdcf99ddd8193f692c2a94539
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
-rw-r--r-- | src/qml/jsruntime/qv4qobjectwrapper.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/qml/jsruntime/qv4qobjectwrapper.cpp b/src/qml/jsruntime/qv4qobjectwrapper.cpp index 8d96f5b480..326381f38d 100644 --- a/src/qml/jsruntime/qv4qobjectwrapper.cpp +++ b/src/qml/jsruntime/qv4qobjectwrapper.cpp @@ -1968,10 +1968,10 @@ ReturnedValue QMetaObjectWrapper::callOverloadedConstructor(QV4::ExecutionEngine for (int i = 0; i < numberOfConstructors; i++) { const QQmlPropertyData & attempt = d()->constructors[i]; + QQmlMetaObject::ArgTypeStorage storage; int methodArgumentCount = 0; int *methodArgTypes = 0; if (attempt.hasArguments()) { - QQmlMetaObject::ArgTypeStorage storage; int *args = object.constructorParameterTypes(attempt.coreIndex(), &storage, 0); if (!args) // Must be an unknown argument continue; |