Fix crashes when invoking QML JS methods from C++

Make sure to size the QVarLengthArray properly to avoid out-of-bounds
access.

Change-Id: Id075730ffa2e366a729b401b8563ad7fd59597de
Reviewed-by: Lars Knoll <lars.knoll@digia.com>

diff --git a/src/qml/qml/qqmlvmemetaobject.cpp b/src/qml/qml/qqmlvmemetaobject.cpp
index 838950c..d40eeff 100644 (file)
--- a/src/qml/qml/qqmlvmemetaobject.cpp
+++ b/src/qml/qml/qqmlvmemetaobject.cpp
@@ -927,7 +927,7 @@ int QQmlVMEMetaObject::metaCall(QMetaObject::Call c, int _id, void **a)
 
                 QQmlVMEMetaData::MethodData *data = metaData->methodData() + id;
 
-                QVarLengthArray<QV4::Value, 9> args;
+                QVarLengthArray<QV4::Value, 9> args(data->parameterCount);
 
                 for (int ii = 0; ii < data->parameterCount; ++ii)
                     args[ii] = ep->v8engine()->fromVariant(*(QVariant *)a[ii + 1]);