QQmlVMEMetaObjectEndpoint: ensure property cache before accessing it

Otherwise the property cache might be null and lead to segmentation faults, e.g. when declaring aliases in qml. Fixes: QTBUG-106256 Change-Id: I568c973e1ba00531fbe22a41e2c6c3c09dfc2f02 Pick-to: 6.2 6.3 6.4 5.15 Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
2022-09-06 16:01:28 +02:00 · 2022-09-06 16:01:28 +02:00 · e0a00a6919
parent 5e8b762756
commit e0a00a6919
5 changed files with 50 additions and 4 deletions
--- a/src/qml/qml/qqmlvmemetaobject.cpp
+++ b/src/qml/qml/qqmlvmemetaobject.cpp
@ -203,13 +203,10 @@ void QQmlVMEMetaObjectEndpoint::tryConnect()
            if (!target)
                return;

-            QQmlData *targetDData = QQmlData::get(target, /*create*/false);
-            if (!targetDData)
-                return;
            QQmlPropertyIndex encodedIndex = QQmlPropertyIndex::fromEncoded(aliasData->encodedMetaPropertyIndex);
            int coreIndex = encodedIndex.coreIndex();
            int valueTypeIndex = encodedIndex.valueTypeIndex();
-            const QQmlPropertyData *pd = targetDData->propertyCache->property(coreIndex);
+            const QQmlPropertyData *pd = QQmlData::ensurePropertyCache(target)->property(coreIndex);
            if (pd && valueTypeIndex != -1 && !QQmlMetaType::valueType(pd->propType())) {
                // deep alias
                const QQmlPropertyCache::ConstPtr newPropertyCache
--- a/tests/auto/qml/qqmllanguage/data/ComponentType.qml
+++ b/tests/auto/qml/qqmllanguage/data/ComponentType.qml
@ -0,0 +1,8 @@
+import QtQml
+
+Component {
+    id: componentRoot
+    QtObject {
+        objectName: "enclosed"
+    }
+}
--- a/tests/auto/qml/qqmllanguage/data/bindingAliasToComponentUrl.qml
+++ b/tests/auto/qml/qqmllanguage/data/bindingAliasToComponentUrl.qml
@ -0,0 +1,10 @@
+import QtQuick
+Item {
+    id: root
+    Component {
+        id: accessibleNormal
+        Item {}
+    }
+    property alias accessibleNormalUrl: accessibleNormal.url
+    property url urlClone: root.accessibleNormalUrl // crashes qml utility
+}
--- a/tests/auto/qml/qqmllanguage/data/bindingAliasToComponentUrl2.qml
+++ b/tests/auto/qml/qqmllanguage/data/bindingAliasToComponentUrl2.qml
@ -0,0 +1,11 @@
+import QtQuick
+Item {
+    id: root
+    Component {
+        id: accessibleNormal
+        ComponentType {
+            id: inaccessibleNormal
+        }
+    }
+    property alias accessibleNormalProgress: accessibleNormal.progress
+}
--- a/tests/auto/qml/qqmllanguage/tst_qqmllanguage.cpp
+++ b/tests/auto/qml/qqmllanguage/tst_qqmllanguage.cpp
@ -393,6 +393,7 @@ private slots:
    void v4SequenceMethodsWithParams_data();
    void v4SequenceMethodsWithParams();
    void jsFunctionOverridesImport();
+    void bindingAliasToComponentUrl();

 private:
    QQmlEngine engine;
@ -7605,6 +7606,25 @@ void tst_qqmllanguage::jsFunctionOverridesImport()
    QCOMPARE(object->objectName(), u"foo"_s);
 }

+void tst_qqmllanguage::bindingAliasToComponentUrl()
+{
+    QQmlEngine engine;
+    {
+        QQmlComponent component(&engine, testFileUrl("bindingAliasToComponentUrl.qml"));
+        QVERIFY2(component.isReady(), qPrintable(component.errorString()));
+        QScopedPointer<QObject> object(component.create());
+        QVERIFY(object);
+        QCOMPARE(object->property("accessibleNormalUrl"), object->property("urlClone"));
+    }
+    {
+        QQmlComponent component(&engine, testFileUrl("bindingAliasToComponentUrl2.qml"));
+        QVERIFY2(component.isReady(), qPrintable(component.errorString()));
+        QScopedPointer<QObject> object(component.create());
+        QVERIFY(object);
+        QCOMPARE(object->property("accessibleNormalProgress"), QVariant(1.0));
+    }
+}
+
 QTEST_MAIN(tst_qqmllanguage)

 #include "tst_qqmllanguage.moc"