Crash fix in QMetaType::typeFlags.

The function is public, so it should validate input instead of crashing

Change-Id: Id67463b0b61ab74a76c1ede7f052bdbed37822b6
Reviewed-by: Stephen Kelly <stephen.kelly@kdab.com>

diff --git a/src/corelib/kernel/qmetatype.cpp b/src/corelib/kernel/qmetatype.cpp
index 0be813f..5032cf9 100644 (file)
--- a/src/corelib/kernel/qmetatype.cpp
+++ b/src/corelib/kernel/qmetatype.cpp
@@ -1616,7 +1616,7 @@ private:
     static quint32 customTypeFlags(const int type)
     {
         const QVector<QCustomTypeInfo> * const ct = customTypes();
-        if (Q_UNLIKELY(!ct))
+        if (Q_UNLIKELY(!ct || type < QMetaType::User))
             return 0;
         QReadLocker locker(customTypesLock());
         if (Q_UNLIKELY(ct->count() <= type - QMetaType::User))

diff --git a/tests/auto/corelib/kernel/qmetatype/tst_qmetatype.cpp b/tests/auto/corelib/kernel/qmetatype/tst_qmetatype.cpp
index 3543988..3c21a50 100644 (file)
--- a/tests/auto/corelib/kernel/qmetatype/tst_qmetatype.cpp
+++ b/tests/auto/corelib/kernel/qmetatype/tst_qmetatype.cpp
@@ -743,6 +743,12 @@ QT_FOR_EACH_STATIC_CORE_POINTER(ADD_METATYPE_TEST_ROW)
     QTest::newRow("QPair<P,C>") << ::qMetaTypeId<QPair<P,C> >() << false << true  << false;
     QTest::newRow("QPair<P,M>") << ::qMetaTypeId<QPair<P,M> >() << true  << true  << false;
     QTest::newRow("QPair<P,P>") << ::qMetaTypeId<QPair<P,P> >() << true  << false << false;
+
+    // invalid ids.
+    QTest::newRow("-1") << -1 << false << false << false;
+    QTest::newRow("-124125534") << -124125534 << false << false << false;
+    QTest::newRow("124125534") << 124125534 << false << false << false;
+
 }
 
 void tst_QMetaType::flags()