This Qml will result in a crash if MyQObject (from Tomte 2.0, name and version arbitrarily chosen) is defined in a C++ namespace.
The meta object is somehow flagged as an Enum of Flag, which causes QMetaObject::property(int index) to try to descope the type. In this process it calls QMetaObject_findMetaObject(const QMetaObject *self, const char *name). In this function the first if statement will evaluate to true if you DON'T use namespaces, and false if you do. Now the next if statement (corelib/kernel/qmetaobject.cpp:673):
It turns out extraData is uninitialized, so execution will enter the body of the if statement and eventually dereference extraData (corelib/kernel/qmetaobject.cpp:684):
While the rest of the members of QMetaData::d are initialized in QMetaObjectBuilder::fromRelocatableData(), extraData is not.
So I guess this is really two bugs:
- The class gets flagged as a Flag or Enum. (And this happens also when not using namespace.)
- A pointer is not initialized, and then dereferenced.
In the attached test case, myNamespace::MyQObject and MyQObjectNoNS are identical except for the namespace difference. The test succeeds when MyQObjectNoNS is used instead.