summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimon Hausmann <simon.hausmann@qt.io>2017-11-29 14:33:16 +0100
committerLars Knoll <lars.knoll@qt.io>2017-12-14 13:16:21 +0000
commitf25203296d4e29b5e7e4000950f76045a5a832bd (patch)
tree0b897252199798c5c4259356f449543235c69f2e
parentd7a4658475cfb460979d7af02de048a9405c123e (diff)
Fix stack use after scope when calling overloaded constructors
This is a regression of commit 0d7dd44d781a73c4bd065c0660d4a2f824a86f05 that ended up moving the stack-local storage into a scope that's too close. Pointers into the storage are stored in methodArgTypes and used throughput the surrounding while loop. Covered by tst_QJSEngine::newQMetaObject when run with ASAN. Change-Id: I44928d67ebdb0b5bdcf99ddd8193f692c2a94539 Reviewed-by: Lars Knoll <lars.knoll@qt.io>
-rw-r--r--src/qml/jsruntime/qv4qobjectwrapper.cpp2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/qml/jsruntime/qv4qobjectwrapper.cpp b/src/qml/jsruntime/qv4qobjectwrapper.cpp
index 8d96f5b480..326381f38d 100644
--- a/src/qml/jsruntime/qv4qobjectwrapper.cpp
+++ b/src/qml/jsruntime/qv4qobjectwrapper.cpp
@@ -1968,10 +1968,10 @@ ReturnedValue QMetaObjectWrapper::callOverloadedConstructor(QV4::ExecutionEngine
for (int i = 0; i < numberOfConstructors; i++) {
const QQmlPropertyData & attempt = d()->constructors[i];
+ QQmlMetaObject::ArgTypeStorage storage;
int methodArgumentCount = 0;
int *methodArgTypes = 0;
if (attempt.hasArguments()) {
- QQmlMetaObject::ArgTypeStorage storage;
int *args = object.constructorParameterTypes(attempt.coreIndex(), &storage, 0);
if (!args) // Must be an unknown argument
continue;