ActiveQt is blindly smashing any Qt::Usertype compatible object (including any IUnknown, IDispatch, etc.) into a void pointer and passing it into the dispatch method.

Pointer smashing in this way might even be considered a security vulnerability, which could allow an arbitrary code execution.

https://github.com/qt/qtactiveqt/blob/9771bfaf97939203c014def6cfab2a9e8f043745/src/activeqt/control/qaxserverbase.cpp#L2442-L2447

ActiveQt should only call the dispatch method if the types match – ActiveQt already knows the ptype, and if the ptype doesn't match the signature of the method we're going to call, then ActiveQt should fail the call with ERROR_INVALID_PARAMETER or something.

In a case, a dispatch method received the QAxServerBase class, the wrong type entirely, instead of being rejected.