From 5f2afe18ccb0bbe258d4016ef65218cd3656cac2 Mon Sep 17 00:00:00 2001
From: Milian Wolff <milian.wolff@kdab.com>
Date: Tue, 9 Apr 2019 13:38:06 +0200
Subject: Fix QMetaObject::newInstance on non-QObject meta object

QMetaObject::newInstance returns a QObject, thus it's not possible to
create a new instance of a Q_GADGET using this function. Previously, we
returned a non-null QObject pointer for such scenarios, which then
leads to crashes when one tries to use it. Now, we check whether the
meta object inherits QObject's meta object, and error out early
otherwise.

Change-Id: I7b1fb6c8d48b3e98161894be2f281a491963345e
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
---
 src/corelib/kernel/qmetaobject.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'src/corelib/kernel/qmetaobject.cpp')

diff --git a/src/corelib/kernel/qmetaobject.cpp b/src/corelib/kernel/qmetaobject.cpp
index b8b5c0de469..666bb6eace6 100644
--- a/src/corelib/kernel/qmetaobject.cpp
+++ b/src/corelib/kernel/qmetaobject.cpp
@@ -235,6 +235,12 @@ QObject *QMetaObject::newInstance(QGenericArgument val0,
                                   QGenericArgument val8,
                                   QGenericArgument val9) const
 {
+    if (!inherits(&QObject::staticMetaObject))
+    {
+        qWarning("QMetaObject::newInstance: type %s does not inherit QObject", className());
+        return nullptr;
+    }
+
     QByteArray constructorName = className();
     {
         int idx = constructorName.lastIndexOf(':');
-- 
cgit v1.2.3