From 4d61d4fe67f6c8c2db5796ffa15f0d264900a5c5 Mon Sep 17 00:00:00 2001
From: ksuprynowicz <ksuprynowicz@post.pl>
Date: Thu, 11 Aug 2022 00:34:55 +0200
Subject: [PATCH] Disallowed incorrect Vec3 to float cast in script engine

---
 .../src/qtscript/ScriptEngineQtScript_cast.cpp    | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/libraries/script-engine/src/qtscript/ScriptEngineQtScript_cast.cpp b/libraries/script-engine/src/qtscript/ScriptEngineQtScript_cast.cpp
index 7b799d168f..dabe49d66c 100644
--- a/libraries/script-engine/src/qtscript/ScriptEngineQtScript_cast.cpp
+++ b/libraries/script-engine/src/qtscript/ScriptEngineQtScript_cast.cpp
@@ -4,6 +4,7 @@
 //
 //  Created by Heather Anderson 12/9/2021
 //  Copyright 2021 Vircadia contributors.
+//  Copyright 2022 Overte e.V.
 //
 //  Distributed under the Apache License, Version 2.0.
 //  See the accompanying file LICENSE or http://www.apache.org/licenses/LICENSE-2.0.html
@@ -278,17 +279,26 @@ bool ScriptEngineQtScript::castValueToVariant(const QScriptValue& val, QVariant&
                 break;
             case QMetaType::UInt:
             case QMetaType::ULong:
+                if ( val.isArray() || val.isObject() ){
+                    return false;
+                }
                 dest = QVariant::fromValue(val.toUInt32());
                 break;
             case QMetaType::Int:
             case QMetaType::Long:
             case QMetaType::Short:
+                if ( val.isArray() || val.isObject() ){
+                    return false;
+                }
                 dest = QVariant::fromValue(val.toInt32());
                 break;
             case QMetaType::Double:
             case QMetaType::Float:
             case QMetaType::ULongLong:
             case QMetaType::LongLong:
+                if ( val.isArray() || val.isObject() ){
+                    return false;
+                }
                 dest = QVariant::fromValue(val.toNumber());
                 break;
             case QMetaType::QString:
@@ -296,6 +306,9 @@ bool ScriptEngineQtScript::castValueToVariant(const QScriptValue& val, QVariant&
                 dest = QVariant::fromValue(val.toString());
                 break;
             case QMetaType::UShort:
+                if ( val.isArray() || val.isObject() ){
+                    return false;
+                }
                 dest = QVariant::fromValue(val.toUInt16());
                 break;
             case QMetaType::QObjectStar:
@@ -444,4 +457,4 @@ QScriptValue ScriptEngineQtScript::castVariantToValue(const QVariant& val) {
             // just do a generic variant
             return QScriptEngine::newVariant(val);
     }
-}
\ No newline at end of file
+}