diff options
| author | Olivier Goffart <ogoffart@trolltech.com> | 2009-12-14 14:10:33 (GMT) |
|---|---|---|
| committer | Olivier Goffart <ogoffart@trolltech.com> | 2009-12-14 17:37:03 (GMT) |
| commit | 74bec871abb48baadf239fd12e77bb85924436a1 (patch) | |
| tree | 711e6383e3d60dbfdd0c4ce2333d9be935bf157a /src/corelib/kernel/qmetaobject.cpp | |
| parent | a72468e820c2922540737c053eef27d033c2e77b (diff) | |
| download | Qt-74bec871abb48baadf239fd12e77bb85924436a1.zip Qt-74bec871abb48baadf239fd12e77bb85924436a1.tar.gz Qt-74bec871abb48baadf239fd12e77bb85924436a1.tar.bz2 | |
Fix QMetaObject::connect and disconnect with "dynamic signals"
QML might pass index that are larger that the method cound.
We must not call QMetaObjectPrivate::originalClone in that case as
this would read invalid memory
Reviewed-by: brad
Diffstat (limited to 'src/corelib/kernel/qmetaobject.cpp')
| -rw-r--r-- | src/corelib/kernel/qmetaobject.cpp | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/corelib/kernel/qmetaobject.cpp b/src/corelib/kernel/qmetaobject.cpp index 6e6da19..72d6786 100644 --- a/src/corelib/kernel/qmetaobject.cpp +++ b/src/corelib/kernel/qmetaobject.cpp @@ -2648,6 +2648,7 @@ const char* QMetaClassInfo::value() const */ int QMetaObjectPrivate::originalClone(const QMetaObject *mobj, int local_method_index) { + Q_ASSERT(local_method_index < get(mobj)->methodCount); int handle = get(mobj)->methodData + 5 * local_method_index; while (mobj->d.data[handle + 4] & MethodCloned) { Q_ASSERT(local_method_index > 0); |