Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-106024

[QAxServerBase::Invoke] ActiveQt should only call the dispatch method if the types match

XMLWordPrintable

    • Windows

      ActiveQt is blindly smashing any Qt::Usertype compatible object (including any IUnknown, IDispatch, etc.) into a void pointer and passing it into the dispatch method.

      Pointer smashing in this way might even be considered a security vulnerability, which could allow an arbitrary code execution.

      https://github.com/qt/qtactiveqt/blob/9771bfaf97939203c014def6cfab2a9e8f043745/src/activeqt/control/qaxserverbase.cpp#L2442-L2447

      ActiveQt should only call the dispatch method if the types match – ActiveQt already knows the ptype, and if the ptype doesn't match the signature of the method we're going to call, then ActiveQt should fail the call with ERROR_INVALID_PARAMETER or something.

      In a case, a dispatch method received the QAxServerBase class, the wrong type entirely, instead of being rejected.

        For Gerrit Dashboard: QTBUG-106024
        # Subject Branch Project Status CR V
        439516,4 AxServer: Accept unconventional IDispatch calls from python dev qt/qtactiveqt Status: MERGED +2 0
        439519,3 Fix returning QAxServer objects from methods dev qt/qtactiveqt Status: MERGED +2 0
        439571,2 Fix returning QAxServer objects from methods 6.4 qt/qtactiveqt Status: MERGED +2 0
        439572,2 AxServer: Accept unconventional IDispatch calls from python 6.4 qt/qtactiveqt Status: MERGED +2 0

            vhilshei Volker Hilsheimer
            nagrohn Nahomi Gröhn (Inactive)
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved:

                There are no open Gerrit changes