From f25203296d4e29b5e7e4000950f76045a5a832bd Mon Sep 17 00:00:00 2001
From: Simon Hausmann <simon.hausmann@qt.io>
Date: Wed, 29 Nov 2017 14:33:16 +0100
Subject: Fix stack use after scope when calling overloaded constructors

This is a regression of commit 0d7dd44d781a73c4bd065c0660d4a2f824a86f05
that ended up moving the stack-local storage into a scope that's too
close. Pointers into the storage are stored in methodArgTypes and used
throughput the surrounding while loop.

Covered by tst_QJSEngine::newQMetaObject when run with ASAN.

Change-Id: I44928d67ebdb0b5bdcf99ddd8193f692c2a94539
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
---
 src/qml/jsruntime/qv4qobjectwrapper.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/qml/jsruntime/qv4qobjectwrapper.cpp b/src/qml/jsruntime/qv4qobjectwrapper.cpp
index 8d96f5b480..326381f38d 100644
--- a/src/qml/jsruntime/qv4qobjectwrapper.cpp
+++ b/src/qml/jsruntime/qv4qobjectwrapper.cpp
@@ -1968,10 +1968,10 @@ ReturnedValue QMetaObjectWrapper::callOverloadedConstructor(QV4::ExecutionEngine
 
     for (int i = 0; i < numberOfConstructors; i++) {
         const QQmlPropertyData & attempt = d()->constructors[i];
+        QQmlMetaObject::ArgTypeStorage storage;
         int methodArgumentCount = 0;
         int *methodArgTypes = 0;
         if (attempt.hasArguments()) {
-            QQmlMetaObject::ArgTypeStorage storage;
             int *args = object.constructorParameterTypes(attempt.coreIndex(), &storage, 0);
             if (!args) // Must be an unknown argument
                 continue;
-- 
cgit v1.2.3