If QObjectPrivate::declarativeData is set, it is
in various places in Qt expected to point to a
QAbstractDeclarativeDataImpl, from which ownedByQml1
is unconditionally read.
In noDeclarativeParentChangedOnDestruction(), the
declarativeData pointer is, however, set to a local
QAbstractDeclarativeData instance, which, being an
empty class, has size 1 and alignment 1.
Depending on the compiler's idea of bit field order,
this code either read uninitialized data from the
dummy object, or else some random stack memory outside
any (valid) object.
What caught UBSan's attention, though, was the
difference in alignment between the two classes:
src/corelib/kernel/qobject.cpp:917:9: runtime error: member access within misaligned address 0x7fffc9cf706f for type 'struct QAbstractDeclarativeDataImpl', which requires 4 byte alignment
Fix by providing a properly initialized object of the
correct type.
Change-Id: Iae83a949ee5a7bc98df13e35ea614c063085fa13
Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@theqtcompany.com>
Reviewed-by: Olivier Goffart (Woboq GmbH) <ogoffart@woboq.com>
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com>
f5291bf8b4