From 799237eaae7d9843e5e34d587bce2b7f077fecdc Mon Sep 17 00:00:00 2001
From: Marc Mutz <marc.mutz@qt.io>
Date: Sun, 30 Mar 2025 19:36:21 +0200
Subject: [PATCH] tst_QTextEdit: fix UB (invalid downcast) in various functions

The test uses the old-but-invalid trick of inheriting from a class X
to gain access to its private or protected parts, but then just
casting an object of dynamic type X to the newly derived class. This
is invalid, because the object is not actually of the newly-derived
type.

Says UBSan (excerpt):

  tst_qtextedit.cpp:2273:5: runtime error: downcast of address 0x60400013c190 which does not point to an object of type 'PublicTextEdit'
  0x60400013c190: note: object is of type 'QTextEdit'
   00 00 00 00  70 bc 57 df b1 7f 00 00  80 66 30 00 90 61 00 00  70 be 57 df b1 7f 00 00  00 00 be be
                ^~~~~~~~~~~~~~~~~~~~~~~
                vptr for 'QTextEdit'

To fix, make QTextEdit befriend tst_QTextEdit. This is how we do it
elsewhere, too. Then remove the now-unused PublicTextEdit helper.

Amends the start of the public history, and, in one function,
56f0ebfe860e440dcbba8997f44836debc901119 (which is only in Qt 6.4+, so
the cherry-pick to 5.15 will have to drop the part in pasteFromMarkdown().

Pick-to: 6.8 6.5 5.15
Change-Id: I967238d84cae0f6dd8f05d0afb7a318292d96415
Reviewed-by: Axel Spoerl <axel.spoerl@qt.io>
(cherry picked from commit 73fc32af1410b54fc38d7450fad04bb9dabec077)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
---
 src/widgets/widgets/qtextedit.h                     |  3 +++
 .../widgets/widgets/qtextedit/tst_qtextedit.cpp     | 13 +++----------
 2 files changed, 6 insertions(+), 10 deletions(-)

diff --git a/src/widgets/widgets/qtextedit.h b/src/widgets/widgets/qtextedit.h
index 421eb9136b6..0d27598fbb2 100644
--- a/src/widgets/widgets/qtextedit.h
+++ b/src/widgets/widgets/qtextedit.h
@@ -13,6 +13,8 @@
 
 QT_REQUIRE_CONFIG(textedit);
 
+class tst_QTextEdit;
+
 QT_BEGIN_NAMESPACE
 
 class QStyleSheet;
@@ -283,6 +285,7 @@ private:
     friend class QTextEditControl;
     friend class QTextDocument;
     friend class QWidgetTextControl;
+    friend class ::tst_QTextEdit;
 };
 
 Q_DECLARE_OPERATORS_FOR_FLAGS(QTextEdit::AutoFormatting)
diff --git a/tests/auto/widgets/widgets/qtextedit/tst_qtextedit.cpp b/tests/auto/widgets/widgets/qtextedit/tst_qtextedit.cpp
index 70d25f2e57c..36dadf5f213 100644
--- a/tests/auto/widgets/widgets/qtextedit/tst_qtextedit.cpp
+++ b/tests/auto/widgets/widgets/qtextedit/tst_qtextedit.cpp
@@ -2256,13 +2256,6 @@ void tst_QTextEdit::setDocumentPreservesPalette()
 }
 #endif
 
-class PublicTextEdit : public QTextEdit
-{
-public:
-    void publicInsertFromMimeData(const QMimeData *source)
-    { insertFromMimeData(source); }
-};
-
 void tst_QTextEdit::pasteFromQt3RichText()
 {
     QByteArray richtext("<!--StartFragment--><p>  QTextEdit is an  ");
@@ -2270,7 +2263,7 @@ void tst_QTextEdit::pasteFromQt3RichText()
     QMimeData mimeData;
     mimeData.setData("application/x-qrichtext", richtext);
 
-    static_cast<PublicTextEdit *>(ed)->publicInsertFromMimeData(&mimeData);
+    ed->insertFromMimeData(&mimeData);
 
     QCOMPARE(ed->toPlainText(), QString::fromLatin1("  QTextEdit is an  "));
     ed->clear();
@@ -2278,7 +2271,7 @@ void tst_QTextEdit::pasteFromQt3RichText()
     richtext = "<!--StartFragment-->  QTextEdit is an  ";
     mimeData.setData("application/x-qrichtext", richtext);
 
-    static_cast<PublicTextEdit *>(ed)->publicInsertFromMimeData(&mimeData);
+    ed->insertFromMimeData(&mimeData);
 
     QCOMPARE(ed->toPlainText(), QString::fromLatin1("  QTextEdit is an  "));
 }
@@ -2290,7 +2283,7 @@ void tst_QTextEdit::pasteFromMarkdown()
     QMimeData mimeData;
     mimeData.setData("text/markdown", richtext);
 
-    static_cast<PublicTextEdit *>(ed)->publicInsertFromMimeData(&mimeData);
+    ed->insertFromMimeData(&mimeData);
 
     QCOMPARE(ed->toPlainText(), "This text is rich");
 #if QT_CONFIG(textmarkdownwriter)