From 9f4ecf2a75e8570df6bb56549cccdc9a26888faa Mon Sep 17 00:00:00 2001 From: Ulf Hermann Date: Fri, 17 Mar 2023 11:14:47 +0100 Subject: [PATCH] QmlCompiler: Guard against ID-lookup of value types Pick-to: 6.5 6.2 Task-number: QTBUG-111986 Change-Id: I10657e4176b5f57f3552728d8b2835e74b82bb60 Reviewed-by: Qt CI Bot Reviewed-by: Fabian Kosmale --- src/qmlcompiler/qqmljstypepropagator.cpp | 19 +++++++++++++++++-- .../qml/qmllint/data/Things/plugins.qmltypes | 8 ++++++++ .../auto/qml/qmllint/data/invalidIdLookup.qml | 10 ++++++++++ tests/auto/qml/qmllint/tst_qmllint.cpp | 6 ++++++ 4 files changed, 41 insertions(+), 2 deletions(-) create mode 100644 tests/auto/qml/qmllint/data/invalidIdLookup.qml diff --git a/src/qmlcompiler/qqmljstypepropagator.cpp b/src/qmlcompiler/qqmljstypepropagator.cpp index 0ac224572e..82601b005d 100644 --- a/src/qmlcompiler/qqmljstypepropagator.cpp +++ b/src/qmlcompiler/qqmljstypepropagator.cpp @@ -595,11 +595,26 @@ void QQmlJSTypePropagator::generate_LoadQmlContextPropertyLookup(int index) if (!m_state.accumulatorOut().isValid()) { setError(u"Cannot access value for name "_s + name); handleUnqualifiedAccess(name, false); - } else if (m_typeResolver->genericType(m_state.accumulatorOut().storedType()).isNull()) { + return; + } + + const QQmlJSScope::ConstPtr outStored + = m_typeResolver->genericType(m_state.accumulatorOut().storedType()); + + if (outStored.isNull()) { // It should really be valid. // We get the generic type from aotContext->loadQmlContextPropertyIdLookup(). setError(u"Cannot determine generic type for "_s + name); - } else if (m_passManager != nullptr) { + return; + } + + if (m_state.accumulatorOut().variant() == QQmlJSRegisterContent::ObjectById + && !outStored->isReferenceType()) { + setError(u"Cannot retrieve a non-object type by ID: "_s + name); + return; + } + + if (m_passManager != nullptr) { m_passManager->analyzeRead(m_function->qmlScope, name, m_function->qmlScope, getCurrentSourceLocation()); } diff --git a/tests/auto/qml/qmllint/data/Things/plugins.qmltypes b/tests/auto/qml/qmllint/data/Things/plugins.qmltypes index 9d36d91a90..45a6af32ab 100644 --- a/tests/auto/qml/qmllint/data/Things/plugins.qmltypes +++ b/tests/auto/qml/qmllint/data/Things/plugins.qmltypes @@ -96,4 +96,12 @@ Module { Property { name: "foo"; type: "string" } hasCustomParser: true } + Component { + file: "mediaplayer-qml.h" + name: "MediaPlayerStateMachine" + accessSemantics: "value" + exports: ["Mediaplayer/MediaPlayerStateMachine 1.0"] + isCreatable: false + exportMetaObjectRevisions: [256] + } } diff --git a/tests/auto/qml/qmllint/data/invalidIdLookup.qml b/tests/auto/qml/qmllint/data/invalidIdLookup.qml new file mode 100644 index 0000000000..b351e5cfea --- /dev/null +++ b/tests/auto/qml/qmllint/data/invalidIdLookup.qml @@ -0,0 +1,10 @@ +import Things +import QtQml + +QtObject { + property MediaPlayerStateMachine m: MediaPlayerStateMachine { + id: stateMachine + } + + objectName: stateMachine.objectName +} diff --git a/tests/auto/qml/qmllint/tst_qmllint.cpp b/tests/auto/qml/qmllint/tst_qmllint.cpp index 1bbd0e0694..2f51efc593 100644 --- a/tests/auto/qml/qmllint/tst_qmllint.cpp +++ b/tests/auto/qml/qmllint/tst_qmllint.cpp @@ -1269,6 +1269,12 @@ void TestQmllint::compilerWarnings_data() "Cannot resolve property type for binding on myColor. " "You may want use ID-based grouped properties here.") } } } << true; + QTest::newRow("invalidIdLookup") + << QStringLiteral("invalidIdLookup.qml") + << Result { { { + QStringLiteral("Cannot retrieve a non-object type by ID: stateMachine") + } } } + << true; } void TestQmllint::compilerWarnings()