Details
-
Bug
-
Resolution: Done
-
P1: Critical
-
6.0.0 Beta2
-
None
-
16d412da4c0d7ef4776604b906fccb8132a7712d (qt/qtbase/dev)
Description
In testlib/qsignalspy.h, there is the following code:
void *argv[] = { &tp, &i }; QMetaObject::metacall(const_cast<QObject*>(obj), QMetaObject::RegisterMethodArgumentMetaType, member.methodIndex(), argv);
i is in this case the iterator of the for loop.
Since 0161f00e5043090f22b23de9822c09062b17d675 we generate the following code in moc:
} else if (_c == QMetaObject::RegisterMethodArgumentMetaType) { if (_id < 2) *reinterpret_cast<QMetaType *>(_a[0]) = QMetaType();
This overwrites the loop iterator with 0 if sizeof(int) < sizeof(void*), and we enter an infinite loop.
I am assuming the code in QSignalSpy is wrong, but since it is the moc output that has changed and it causes memory corruption, I think it is better if someone who knows this code makes the call on what the right fix is.
Attachments
Issue Links
- resulted from
-
QTBUG-88260 flood warnings on Ubuntu 20.04 in CI
- Closed