From 92daa739ec114a0c9ae841db0459b0eff1f86cef Mon Sep 17 00:00:00 2001
From: Fabian Kosmale <fabian.kosmale@qt.io>
Date: Thu, 20 Feb 2020 10:36:37 +0100
Subject: QV4Engine: Avoid memory leak in toVariant conversion

We should really backport this to 5.14. Someone will hit it.

(cherry-picked from commit 78fd438f158839ffebcd52cc7974eac28489dbdd)
Change-Id: I2c713fd759ac40aaaac0c0943edb993d3e27686b
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
---
 src/qml/jsruntime/qv4engine.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/qml/jsruntime/qv4engine.cpp b/src/qml/jsruntime/qv4engine.cpp
index 76fefb767d..df2c46b64a 100644
--- a/src/qml/jsruntime/qv4engine.cpp
+++ b/src/qml/jsruntime/qv4engine.cpp
@@ -1516,7 +1516,11 @@ static QVariant toVariant(QV4::ExecutionEngine *e, const QV4::Value &value, int
             return retn;
 #endif
         if (typeHint != -1) {
-            retn = QVariant(typeHint, QMetaType::create(typeHint));
+            // the QVariant constructor will create a copy, so we have manually
+            // destroy the value returned by QMetaType::create
+            auto temp = QMetaType::create(typeHint);
+            retn = QVariant(typeHint, temp);
+            QMetaType::destroy(typeHint, temp);
             auto retnAsIterable = retn.value<QtMetaTypePrivate::QSequentialIterableImpl>();
             if (retnAsIterable._iteratorCapabilities & QtMetaTypePrivate::ContainerIsAppendable) {
                 auto const length = a->getLength();
-- 
cgit v1.2.3