Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-29082

QDeclarativeVMEMetaObject::metaCall SIGSEGV when called from QMetaObject::metaCall

    XMLWordPrintable

Details

    • f0221d359499f675115da1f47dd3669a4383653d 5b285845a3c3478a4008b7e3416c3912c69fd20b

    Description

      (All line numbers refer to the code as found in the qt-everywhere-opensource-src-4.8.4 tarball)

      Checking the code for QDeclarativeVMEMetaObject::metaCall you see that line 428 reinterprets the fourth parameter of the call as a flag. This is because it expects to be called from QMetaObject::write (see the comment in line 2356 in src/corelib/kernel/qmetaobject.cpp) but it is easy to check that, since QDeclarativeVMEMetaObject inherits from QMetaObject, it can be called from QMetaObject::metaCall (see line 240) in which case, the a parameter passed into QDeclarativeVMEMetaObject::metaCall has a very different structure. In particular, the fourth parameter may be undefined and can cause crashes in some systems.

      Attachments

        For Gerrit Dashboard: QTBUG-29082
        # Subject Branch Project Status CR V

        Activity

          People

            dmaggot David E. Narváez
            dmaggot David E. Narváez
            Votes:
            7 Vote for this issue
            Watchers:
            18 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes