diff options
authorPavel Tumakaev <>2019-05-22 17:32:25 +0300
committerPavel Tumakaev <>2019-07-13 14:05:06 +0300
commit141ffbe37e9263829a156fc1f4d7b93a2bf311be (patch)
parent9dcec8f016c1fdd9d0e99e0ee717523a8823bca7 (diff)
Fix crashes in QQmlXMLHttpRequest
ExecutionEngine::callingQmlContext() in some cases returns a null pointer. According to ISO/IEC 14882 ยง9.3.1/1 "If a nonstatic member function of a class X is called for an object that is not of type X, or of a type derived from X, the behavior is undefined". Thus, invoking a QQmlContextData::resolvedUrl() member function on a null instance results in undefined behavior, and leads to a crash in some cases. ExecutionEngine::qmlEngine() in some cases returns a null pointer. The QQmlEnginePrivate::get() method must return a pointer to a QQmlEngine private internal class. Call QQmlEnginePrivate::get() with passed null pointer leads to application crash. If the QQmlEngine pointer is null, the QQmlEnginePrivate pointer should also be null. Thus, if the pointer to QQmlEngine is null pointer, the null pointer to the private class should be passed to the QQmlEnginePrivate::warning(). Task-number: QTBUG-75983 Change-Id: Iad240bb6db0be58e9087b7a86f8d400b07623865 Reviewed-by: Ulf Hermann <>
1 files changed, 9 insertions, 3 deletions
diff --git a/src/qml/qml/qqmlxmlhttprequest.cpp b/src/qml/qml/qqmlxmlhttprequest.cpp
index 9f629f974d..9877cc027f 100644
--- a/src/qml/qml/qqmlxmlhttprequest.cpp
+++ b/src/qml/qml/qqmlxmlhttprequest.cpp
@@ -1574,7 +1574,8 @@ void QQmlXMLHttpRequest::dispatchCallbackNow(Object *thisObj, bool done, bool er
if (scope.engine->hasException) {
QQmlError error = scope.engine->catchExceptionAsQmlError();
- QQmlEnginePrivate::warning(QQmlEnginePrivate::get(scope.engine->qmlEngine()), error);
+ QQmlEnginePrivate *qmlEnginePrivate = scope.engine->qmlEngine() ? QQmlEnginePrivate::get(scope.engine->qmlEngine()) : nullptr;
+ QQmlEnginePrivate::warning(qmlEnginePrivate, error);
@@ -1765,8 +1766,13 @@ ReturnedValue QQmlXMLHttpRequestCtor::method_open(const FunctionObject *b, const
// Argument 1 - URL
QUrl url = QUrl(argv[1].toQStringNoThrow());
- if (url.isRelative())
- url = scope.engine->callingQmlContext()->resolvedUrl(url);
+ if (url.isRelative()) {
+ QQmlContextData *qmlContextData = scope.engine->callingQmlContext();
+ if (qmlContextData)
+ url = qmlContextData->resolvedUrl(url);
+ else
+ url = scope.engine->resolvedUrl(url.url());
+ }
bool async = true;
// Argument 2 - async (optional)