[Development] Making QObject::dumpObjectTree() and QObject::dumpObjectInfo() invokable

Mitch Curtis mitch.curtis at qt.io
Wed Mar 7 07:19:31 CET 2018


> -----Original Message-----
> From: Development [mailto:development-bounces+mitch.curtis=qt.io at qt-
> project.org] On Behalf Of Kevin Kofler
> Sent: Tuesday, 6 March 2018 3:06 PM
> To: development at qt-project.org
> Subject: Re: [Development] Making QObject::dumpObjectTree() and
> QObject::dumpObjectInfo() invokable
> 
> Mitch Curtis wrote:
> > https://codereview.qt-project.org/#/c/221758/ makes
> > QObject::dumpObjectTree() and QObject::dumpObjectInfo() invokable so
> > that they can be used from QML.
> 
> Would this have any security impact? I'm thinking of issues like ASLR bypass
> or other information leakage, if these end up being invokable from untrusted
> scripts. Or is all the information contained there already available to QML?

I was hoping someone else would answer this because I have no idea what ASLR bypass is, but I can say that the information is already available to QML, at the very least by exposing it from C++, if that's what you mean.

>         Kevin Kofler
> 
> _______________________________________________
> Development mailing list
> Development at qt-project.org
> http://lists.qt-project.org/mailman/listinfo/development



More information about the Development mailing list