Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-88356

Memory corruption in QSignalSpy + moc-generated code

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: P1: Critical P1: Critical
    • 6.0.0 RC
    • 6.0.0 Beta2
    • Build tools: moc
    • None
    • 16d412da4c0d7ef4776604b906fccb8132a7712d (qt/qtbase/dev)

      In testlib/qsignalspy.h, there is the following code:

                      void *argv[] = { &tp, &i };
                      QMetaObject::metacall(const_cast<QObject*>(obj),
                                            QMetaObject::RegisterMethodArgumentMetaType,
                                            member.methodIndex(), argv);
      

      i is in this case the iterator of the for loop.

      Since 0161f00e5043090f22b23de9822c09062b17d675 we generate the following code in moc:

          } else if (_c == QMetaObject::RegisterMethodArgumentMetaType) {
              if (_id < 2)
                  *reinterpret_cast<QMetaType *>(_a[0]) = QMetaType();
      

      This overwrites the loop iterator with 0 if sizeof(int) < sizeof(void*), and we enter an infinite loop.

      I am assuming the code in QSignalSpy is wrong, but since it is the moc output that has changed and it causes memory corruption, I think it is better if someone who knows this code makes the call on what the right fix is.

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            fabiankosmale Fabian Kosmale
            esabraha Eskil Abrahamsen Blomfeldt
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved:

                There are no open Gerrit changes