Details
-
Bug
-
Resolution: Done
-
P1: Critical
-
6.0.0 Beta2
-
None
-
16d412da4c0d7ef4776604b906fccb8132a7712d (qt/qtbase/dev)
Description
In testlib/qsignalspy.h, there is the following code:
void *argv[] = { &tp, &i };
QMetaObject::metacall(const_cast<QObject*>(obj),
QMetaObject::RegisterMethodArgumentMetaType,
member.methodIndex(), argv);
i is in this case the iterator of the for loop.
Since 0161f00e5043090f22b23de9822c09062b17d675 we generate the following code in moc:
} else if (_c == QMetaObject::RegisterMethodArgumentMetaType) {
if (_id < 2)
*reinterpret_cast<QMetaType *>(_a[0]) = QMetaType();
This overwrites the loop iterator with 0 if sizeof(int) < sizeof(void*), and we enter an infinite loop.
I am assuming the code in QSignalSpy is wrong, but since it is the moc output that has changed and it causes memory corruption, I think it is better if someone who knows this code makes the call on what the right fix is.
Attachments
Issue Links
- resulted from
-
-
- Closed
-
| For Gerrit Dashboard: QTBUG-88356 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 320980,4 | QSignalSpy: Use QMetaType instead of metatype id in initArgs | dev | qt/qtbase | Status: MERGED | +2 | 0 |