Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-118591

Regression: QQmlScriptString::operator==() crashes

XMLWordPrintable

    • ba6ddfab5 (dev), b76cb7cb6 (6.6)

      QQmlScriptString::operator==(const QQmlScriptString &) crashes if other is invalid, i.e. has a null d-pointer. It has a guard against its own d being null, but not against the other.d being null:

      bool QQmlScriptString::operator==(const QQmlScriptString &other) const
{
    if (d == other.d)
        return true;
    if (!d)
        return false;

    // boom if other.d == nullptr
    if (d->isNumberLiteral || other.d->isNumberLiteral)
        return d->isNumberLiteral && other.d->isNumberLiteral && d->numberValue == other.d->numberValue;

    ...

      This effectively breaks all QQmlScriptString comparisons.

        For Gerrit Dashboard: QTBUG-118591
        # Subject Branch Project Status CR V
        514458,5 QQmlScriptString: Guard operator== against nullptr dev qt/qtdeclarative Status: MERGED +2 0
        515113,2 QQmlScriptString: Guard operator== against nullptr 6.6 qt/qtdeclarative Status: MERGED +2 0

            fabiankosmale Fabian Kosmale
            msarehn Arno Rehn
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved:

                There are no open Gerrit changes