diff options
| author | Sami Shalayel <sami.shalayel@qt.io> | 2022-11-30 15:29:13 +0100 |
|---|---|---|
| committer | Sami Shalayel <sami.shalayel@qt.io> | 2022-12-16 11:30:46 +0100 |
| commit | 99b768517087ceec657bb1cbd01722e39d76a249 (patch) | |
| tree | 13421b9805aa363246c4143308225281987f3010 /src/qml | |
| parent | c0f563357c69c27afa8a33377ed19f2214c3d96c (diff) | |
qv4qobjectwrapper: return false on failed argument conversion
It was possible to call c++-methods (either invokable or as slot) with
wrong arguments, which caused a crash.
The reason was that CallMethod(...) converted something to a QObject
without checking if it was an actual QObject. The wrongly typed argument
would end up reinterpret_cast'ed into another type for the call, which
leads to segmentation fault when accessing the argument in the function.
Added a test where an int tried to be reinterpret-cast'ed into a QFont.
Fixes: QTBUG-108994
Change-Id: I8c45c9124411ad3fd100faed0b03390843f7d034
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
(cherry picked from commit cda417cf03694256a84b4abe77de0f5f49ebdf32)
Diffstat (limited to 'src/qml')
| -rw-r--r-- | src/qml/jsruntime/qv4qobjectwrapper.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/qml/jsruntime/qv4qobjectwrapper.cpp b/src/qml/jsruntime/qv4qobjectwrapper.cpp index 3d1d129b38..942c0a70f9 100644 --- a/src/qml/jsruntime/qv4qobjectwrapper.cpp +++ b/src/qml/jsruntime/qv4qobjectwrapper.cpp @@ -1992,7 +1992,7 @@ bool CallArgument::fromValue(QMetaType metaType, QV4::ExecutionEngine *engine, c qvariantPtr->convert(callMetaType); } else { QQmlMetaObject mo = ep ? ep->rawMetaObjectForType(callType) : QQmlMetaObject(); - if (!mo.isNull()) { + if (!mo.isNull() && v.metaType().flags().testFlag(QMetaType::PointerToQObject)) { QObject *obj = QQmlMetaType::toQObject(v); if (obj != nullptr && !QQmlMetaObject::canConvert(obj, mo)) { |