Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-128674

UB (invalid casts) in invokeOnGadget()

    XMLWordPrintable

Details

    Description

      We found in QtProtobuf an invalid cast from QObject* to QProtoBufMessage*¹. QProtoBufMessage does not inherit QObject, so this cast is invalid.

      It turns out that invokeOnGadget() also does cast from the Q_GADGET void*, which, too, isn't a QObject.

      I can't say that I've ever seen ubsan complaints about this, but I see calls to QObject::d_ptr and QObject::thread() in QMetaMethodInvoker, so I don't see how this can't be UB.

      ¹ https://codereview.qt-project.org/c/qt/qtgrpc/+/550655/comment/007ce129_c588b70f/

      Investigate whether we can split the QObject and Q_GADGET code-paths with the latter not casting to QObject* on the way already in Qt 7 or what else we can do to avoid the UB here.

      Then fix QtProtobuf, too.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            thiago Thiago Macieira
            mmutz Marc Mutz
            Vladimir Minenko Vladimir Minenko
            Alex Blasche Alex Blasche
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:

              Gerrit Reviews

                There are no open Gerrit changes