Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-8700

Evaluating QVariant(QVariant::UserType) == QVariant(QVariant::UserType) crashes in qvariant.cpp because of null pointer reference.

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P1: Critical
    • 4.6.3
    • 4.5.2
    • Core: Object Model
    • None
    • windows xp
    • a4d7572059b5b56d49d7e0c3f3466686e1dc6e16

    Description

      QVariant::operator == may crash if the compared object is of user type.

      The easiest way to reproduce this is evaluating QVariant(QVariant::UserType) == QVariant(QVariant::UserType)

      The crash happens in qvariant.cpp line 470

          const char *const typeName = QMetaType::typeName(a->type);
    if (typeName[qstrlen(typeName) - 1] == '*')
        return *static_cast<void **>(a->data.shared->ptr) ==
               *static_cast<void **>(b->data.shared->ptr);

      The typeName can be NULL, in which case crash occurs.

      We used QVariant::UserType to create a "valid" QVariant to denote the null value of json. This might or might not be a good way to represent null value. Anyway, QVariant does not have a null type, it has invalid type and null values for other types.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            goffart Olivier Goffart (closed Nokia identity) (Inactive)
            eero.taipale@f-secure.com eero taipale
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes