diff options
author | Marc Mutz <marc.mutz@kdab.com> | 2016-09-21 14:23:54 +0200 |
---|---|---|
committer | Marc Mutz <marc.mutz@kdab.com> | 2016-09-22 15:25:18 +0000 |
commit | e2e107556dfb843fa0c3dc3e52695b34fdb40ba1 (patch) | |
tree | b1f9fd262dc72c7b386c95c0dd84be905e8f2855 | |
parent | 622681eb508ddb1bd51a39b6887beddb43218504 (diff) | |
download | qtbase-e2e107556dfb843fa0c3dc3e52695b34fdb40ba1.tar.gz |
tst_QGraphicsItem: Fix UB (invalid cast/member call) in prepareGeometryChange()
Found by UBSan:
tst_qgraphicsitem.cpp:5066:29: runtime error: downcast of address 0x2afcb006c7f0 which does not point to an object of type 'GeometryChanger'
0x2afcb006c7f0: note: object is of type 'QGraphicsRectItem'
00 00 00 00 d8 64 ca 98 fc 2a 00 00 40 a9 0b b0 fc 2a 00 00 75 65 29 00 00 00 00 00 35 00 00 00
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'QGraphicsRectItem'
#0 0x4c5f1c in tst_QGraphicsItem::prepareGeometryChange() tst_qgraphicsitem.cpp:5066
Fix by actually instantiating a GeometryChanger, which incidentally is
the pattern used by paint() a few lines below, too.
While at it, allocate the item on the stack (as is done in paint())
and create a local QRectF variable to avoid repeating the same magic
numbers over and over again.
Change-Id: If5a3d56511000a17703d78d7dd1f0ea072b8bc11
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
-rw-r--r-- | tests/auto/widgets/graphicsview/qgraphicsitem/tst_qgraphicsitem.cpp | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/tests/auto/widgets/graphicsview/qgraphicsitem/tst_qgraphicsitem.cpp b/tests/auto/widgets/graphicsview/qgraphicsitem/tst_qgraphicsitem.cpp index 835aeaa4df..8ee9ffe294 100644 --- a/tests/auto/widgets/graphicsview/qgraphicsitem/tst_qgraphicsitem.cpp +++ b/tests/auto/widgets/graphicsview/qgraphicsitem/tst_qgraphicsitem.cpp @@ -5065,9 +5065,10 @@ void tst_QGraphicsItem::sceneEventFilter() delete ti; } -class GeometryChanger : public QGraphicsItem +class GeometryChanger : public QGraphicsRectItem { public: + explicit GeometryChanger(QRectF r) : QGraphicsRectItem(r) {} void changeGeometry() { prepareGeometryChange(); } }; @@ -5076,10 +5077,12 @@ void tst_QGraphicsItem::prepareGeometryChange() { { QGraphicsScene scene; - QGraphicsItem *item = scene.addRect(QRectF(0, 0, 100, 100)); - QVERIFY(scene.items(QRectF(0, 0, 100, 100)).contains(item)); - ((GeometryChanger *)item)->changeGeometry(); - QVERIFY(scene.items(QRectF(0, 0, 100, 100)).contains(item)); + const QRectF rect(0, 0, 100, 100); + GeometryChanger item(rect); + scene.addItem(&item); + QVERIFY(scene.items(rect).contains(&item)); + item.changeGeometry(); + QVERIFY(scene.items(rect).contains(&item)); } } |