Skip to content

convertFromVariant can crash when in an invalid object #26

Open
@fuzzybinary

Description

@fuzzybinary

Found this when working with the indexing operator in Array. The old code for Array's indexed setter and indexed getter was this:

Variant operator [](int index) {
  final self = Variant(this);
  final ret = gde.variantGetIndexed(self, index);
  return convertFromVariant(ret, null) as Variant;
}

void operator []=(int index, Variant value) {
  final self = Variant(this);
  final variantValue = Variant(value);
  gde.variantSetIndexed(self, index, value);
}

Besides being inefficient, this was causing a crash because (I think) the engine was either mangling some pointers or the token was invalid when trying to convert to an Object.

I've taken the following steps to mitigate:

  • Modified the index getter / setter in the code generation to avoid the extra Variant conversion when the return type is Variant.
  • Avoid a null token when converting a variant to an Object by always passing in the TypeInfo for GodotObject
  • Throw an exception if you try to construct a Variant with a Variant.

However, we should take further steps to ensure this isn't a bigger problem.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions