From 78fd438f158839ffebcd52cc7974eac28489dbdd Mon Sep 17 00:00:00 2001
From: Fabian Kosmale <fabian.kosmale@qt.io>
Date: Thu, 20 Feb 2020 10:36:37 +0100
Subject: QV4Engine: Avoid memory leak in toVariant conversion

Change-Id: I2c713fd759ac40aaaac0c0943edb993d3e27686b
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
---
 src/qml/jsruntime/qv4engine.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/qml/jsruntime/qv4engine.cpp b/src/qml/jsruntime/qv4engine.cpp
index a900e710c2..aea81b1e07 100644
--- a/src/qml/jsruntime/qv4engine.cpp
+++ b/src/qml/jsruntime/qv4engine.cpp
@@ -1520,7 +1520,11 @@ static QVariant toVariant(QV4::ExecutionEngine *e, const QV4::Value &value, int
             return retn;
 #endif
         if (typeHint != -1) {
-            retn = QVariant(typeHint, QMetaType::create(typeHint));
+            // the QVariant constructor will create a copy, so we have manually
+            // destroy the value returned by QMetaType::create
+            auto temp = QMetaType::create(typeHint);
+            retn = QVariant(typeHint, temp);
+            QMetaType::destroy(typeHint, temp);
             auto retnAsIterable = retn.value<QtMetaTypePrivate::QSequentialIterableImpl>();
             if (retnAsIterable._iteratorCapabilities & QtMetaTypePrivate::ContainerIsAppendable) {
                 auto const length = a->getLength();
-- 
cgit v1.2.3