Details
-
Bug
-
Resolution: Done
-
P1: Critical
-
4.8.4, 5.0.1
-
None
-
I found this bug while investigating https://bugs.kde.org/show_bug.cgi?id=311751 in a Gentoo x86_64 system, GCC 4.7.2.
-
f0221d359499f675115da1f47dd3669a4383653d 5b285845a3c3478a4008b7e3416c3912c69fd20b
Description
(All line numbers refer to the code as found in the qt-everywhere-opensource-src-4.8.4 tarball)
Checking the code for QDeclarativeVMEMetaObject::metaCall you see that line 428 reinterprets the fourth parameter of the call as a flag. This is because it expects to be called from QMetaObject::write (see the comment in line 2356 in src/corelib/kernel/qmetaobject.cpp) but it is easy to check that, since QDeclarativeVMEMetaObject inherits from QMetaObject, it can be called from QMetaObject::metaCall (see line 240) in which case, the a parameter passed into QDeclarativeVMEMetaObject::metaCall has a very different structure. In particular, the fourth parameter may be undefined and can cause crashes in some systems.
Attachments
| For Gerrit Dashboard: QTBUG-29082 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 46228,3 | Fix call to QMetaObject::metaCall from updateProperty | 4.8 | qt/qt | Status: MERGED | +2 | 0 |
| 46616,4 | Fix call to QMetaObject::metaCall from updateProperty | stable | qt/qtbase | Status: MERGED | -1 | 0 |
| 48118,4 | Add Test for Animating Qml Dynamic Properties using QPropertyAnimation | stable | qt/qtdeclarative | Status: MERGED | +2 | 0 |