godot_dart icon indicating copy to clipboard operation
godot_dart copied to clipboard
verified publisher icon fuzzybinary

`convertFromVariant` can crash when in an invalid object

Open fuzzybinary opened this issue 1 year ago • 0 comments

Found this when working with the indexing operator in Array. The old code for Array's indexed setter and indexed getter was this:

Variant operator [](int index) {
  final self = Variant(this);
  final ret = gde.variantGetIndexed(self, index);
  return convertFromVariant(ret, null) as Variant;
}

void operator []=(int index, Variant value) {
  final self = Variant(this);
  final variantValue = Variant(value);
  gde.variantSetIndexed(self, index, value);
}

Besides being inefficient, this was causing a crash because (I think) the engine was either mangling some pointers or the token was invalid when trying to convert to an Object.

I've taken the following steps to mitigate:

  • Modified the index getter / setter in the code generation to avoid the extra Variant conversion when the return type is Variant.
  • Avoid a null token when converting a variant to an Object by always passing in the TypeInfo for GodotObject
  • Throw an exception if you try to construct a Variant with a Variant.

However, we should take further steps to ensure this isn't a bigger problem.

fuzzybinary avatar Oct 31 '24 01:10 fuzzybinary