Details
-
Bug
-
Resolution: Fixed
-
P1: Critical
-
6.6.0
-
None
-
ba6ddfab5 (dev), b76cb7cb6 (6.6)
Description
QQmlScriptString::operator==(const QQmlScriptString &) crashes if other is invalid, i.e. has a null d-pointer. It has a guard against its own d being null, but not against the other.d being null:
bool QQmlScriptString::operator==(const QQmlScriptString &other) const { if (d == other.d) return true; if (!d) return false; // boom if other.d == nullptr if (d->isNumberLiteral || other.d->isNumberLiteral) return d->isNumberLiteral && other.d->isNumberLiteral && d->numberValue == other.d->numberValue; ...
This effectively breaks all QQmlScriptString comparisons.