Don't crash when accessing QVariant data pointer

The write method is called with a QVariant, and even though the property
might be of a QObject type, the variant might not contain a QObject. So
accessing the variant data directly via QVariant::constData and
static_cast'ing the void* to QObject* is not safe.

Add an explicit check before accessing. An alternative would be to at
least Q_ASSERT that the result of the cast and a QVariant::value call is
the same, which would then not introduce any performance penalty in
release builds. However, users use release-builds of qml and Qt tooling
to write QML, and we writing wrong QML code should not crash then
either.

Include a test case that segfaults without the fix.

Pick-to: 6.2
Fixes: QTBUG-98367
Change-Id: Ib3ae82d03c9b2df6251ee88d5bd969dd4f796a41
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>

1 files changed, 20 insertions, 0 deletions

diff --git a/tests/auto/qml/qqmlproperty/data/bindToNonQObjectTarget.qml b/tests/auto/qml/qqmlproperty/data/bindToNonQObjectTarget.qml
new file mode 100644
index 0000000000..d8a06aa5f9
--- /dev/null
+++ b/tests/auto/qml/qqmlproperty/data/bindToNonQObjectTarget.qml
@@ -0,0 +1,20 @@
+import QtQuick
+
+Item {
+  id: top;
+  visible:true;
+  width:300;
+  height:300
+  Text {
+    id: text
+    width: 30; height: 30
+    text: "1234.56"
+    font.bold: true
+    Binding {
+      target: text.font // which is not a QObject, so can't use it as a binding target
+      property: 'bold'
+      value: false;
+      when: width < 30
+    }
+  }
+}