qiurui
/
qtdeclarative
mirror of https://github.com/qt/qtdeclarative.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix crashes in QQmlXMLHttpRequest 

ExecutionEngine::callingQmlContext() in some cases returns a null pointer.
According to ISO/IEC 14882 §9.3.1/1 "If a nonstatic member function of a
class X is called for an object that is not of type X, or of a type
derived from X, the behavior is undefined". Thus, invoking a
QQmlContextData::resolvedUrl() member function on a null instance results
in undefined behavior, and leads to a crash in some cases.

ExecutionEngine::qmlEngine() in some cases returns a null pointer. The
QQmlEnginePrivate::get() method must return a pointer to a QQmlEngine
private internal class. Call QQmlEnginePrivate::get() with passed null
pointer leads to application crash. If the QQmlEngine pointer is null,
the QQmlEnginePrivate pointer should also be null. Thus, if the pointer
to QQmlEngine is null pointer, the null pointer to the private class
should be passed to the QQmlEnginePrivate::warning().

Task-number: QTBUG-75983
Change-Id: Iad240bb6db0be58e9087b7a86f8d400b07623865
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
This commit is contained in:
Pavel Tumakaev 2019-05-22 17:32:25 +03:00
parent 9dcec8f016
commit 141ffbe37e
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/qml/qml/qqmlxmlhttprequest.cpp
View File

@ -1574,7 +1574,8 @@ void QQmlXMLHttpRequest::dispatchCallbackNow(Object *thisObj, bool done, bool er
if (scope.engine->hasException) {
QQmlError error = scope.engine->catchExceptionAsQmlError();
QQmlEnginePrivate::warning(QQmlEnginePrivate::get(scope.engine->qmlEngine()), error);
QQmlEnginePrivate *qmlEnginePrivate = scope.engine->qmlEngine() ? QQmlEnginePrivate::get(scope.engine->qmlEngine()) : nullptr;
QQmlEnginePrivate::warning(qmlEnginePrivate, error);
}
};
@ -1765,8 +1766,13 @@ ReturnedValue QQmlXMLHttpRequestCtor::method_open(const FunctionObject *b, const
// Argument 1 - URL
QUrl url = QUrl(argv[1].toQStringNoThrow());
if (url.isRelative())
url = scope.engine->callingQmlContext()->resolvedUrl(url);
if (url.isRelative()) {
QQmlContextData *qmlContextData = scope.engine->callingQmlContext();
if (qmlContextData)
url = qmlContextData->resolvedUrl(url);
else
url = scope.engine->resolvedUrl(url.url());
}
bool async = true;
// Argument 2 - async (optional)