QDeclarativeVMEMetaObject::metaCall SIGSEGV when called from QMetaObject::metaCall

(All line numbers refer to the code as found in the qt-everywhere-opensource-src-4.8.4 tarball)

Checking the code for QDeclarativeVMEMetaObject::metaCall you see that line 428 reinterprets the fourth parameter of the call as a flag. This is because it expects to be called from QMetaObject::write (see the comment in line 2356 in src/corelib/kernel/qmetaobject.cpp) but it is easy to check that, since QDeclarativeVMEMetaObject inherits from QMetaObject, it can be called from QMetaObject::metaCall (see line 240) in which case, the a parameter passed into QDeclarativeVMEMetaObject::metaCall has a very different structure. In particular, the fourth parameter may be undefined and can cause crashes in some systems.