Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
tst_QShortcut: Fix UB (invalid cast) in shortcutDestroyed()
The slot is invoked from QObject::destroyed(), which is emitted
from ~QObject. By that time the object is no longer a QShortcut,
so the static_cast it invalid.
Found by UBSan:
tst_qshortcut.cpp:1210:53: runtime error: downcast of address 0x6020000289d0 which does not point to an object of type 'QShortcut'
0x6020000289d0: note: object is of type 'QObject'
10 00 80 17 c0 ce 63 df 93 2b 00 00 b0 02 00 00 d0 60 00 00 02 00 00 00 ff ff ff 04 04 00 00 00
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'QObject'
#0 0x42b3bb in tst_QShortcut::shortcutDestroyed(QObject*) tst_qshortcut.cpp:1210
#1 0x446cc9 in tst_QShortcut::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) .moc/tst_qshortcut.moc:186
#2 0x2b93dba52c86 in QMetaObject::activate(QObject*, int, int, void**) qobject.cpp:3787
#3 0x2b93dba55400 in QObject::destroyed(QObject*) .moc/moc_qobject.cpp:213
#4 0x2b93dba8d80d in QObject::~QObject() qobject.cpp:967
#5 0x2b93c6b6e032 in QShortcut::~QShortcut() qshortcut.cpp:476
#6 0x2b93c6b6e370 in QShortcut::~QShortcut() qshortcut.cpp:481
#7 0x42a5de in void qDeleteAll<QList<QShortcut*>::const_iterator>(QList<QShortcut*>::const_iterator, QList<QShortcut*>::const_iterator) qalgorithms.h:317
#8 0x42a5de in void qDeleteAll<QList<QShortcut*> >(QList<QShortcut*> const&) qalgorithms.h:325
#9 0x42a5de in tst_QShortcut::clearAllShortcuts() tst_qshortcut.cpp:1136
Fix by replacing QVector::replaceAll() with the erase-remove idiom,
which does not require the cast, because it can perform mixed-type
lookups.
Change-Id: I4251c1895fa4398023f489dbfd7108d90c1a6c94
Reviewed-by: Giuseppe D'Angelo <[email protected]>- Loading branch information