Details
-
Bug
-
Resolution: Fixed
-
P2: Important
-
6.4.0 Beta3
-
Windows
Description
ActiveQt is blindly smashing any Qt::Usertype compatible object (including any IUnknown, IDispatch, etc.) into a void pointer and passing it into the dispatch method.
Pointer smashing in this way might even be considered a security vulnerability, which could allow an arbitrary code execution.
ActiveQt should only call the dispatch method if the types match – ActiveQt already knows the ptype, and if the ptype doesn't match the signature of the method we're going to call, then ActiveQt should fail the call with ERROR_INVALID_PARAMETER or something.
In a case, a dispatch method received the QAxServerBase class, the wrong type entirely, instead of being rejected.
Attachments
Issue Links
- relates to
-
-
- Closed
-
| For Gerrit Dashboard: QTBUG-106024 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 439516,4 | AxServer: Accept unconventional IDispatch calls from python | dev | qt/qtactiveqt | Status: MERGED | +2 | 0 |
| 439519,3 | Fix returning QAxServer objects from methods | dev | qt/qtactiveqt | Status: MERGED | +2 | 0 |
| 439571,2 | Fix returning QAxServer objects from methods | 6.4 | qt/qtactiveqt | Status: MERGED | +2 | 0 |
| 439572,2 | AxServer: Accept unconventional IDispatch calls from python | 6.4 | qt/qtactiveqt | Status: MERGED | +2 | 0 |