diff options
| author | Ulf Hermann <ulf.hermann@qt.io> | 2022-08-23 10:42:35 +0200 |
|---|---|---|
| committer | Ulf Hermann <ulf.hermann@qt.io> | 2022-09-01 09:46:03 +0200 |
| commit | fa94a35ee718e2a83440b66a6dd57e53a0aee500 (patch) | |
| tree | d4b6923253b800f4dccd190c411f45e6f09bcfd2 | |
| parent | 6fa4d45b0d321d5d2c935ed000467b167d0c1b27 (diff) | |
QmlCompiler: Prevent lookup of value type where we need an object type
With a particular nefarious combination of Q_GADGET and inheritance from
QObject you can make QmlCompiler believe a type is a value type even
though it is actually an object type. We never want to touch such a
thing.
There was a safe guard against this when looking up the type from the
scope, but by putting it in a type namespace you could circumvent it.
Refactor the code to apply to both cases the same way.
Fixes: QTBUG-104556
Fixes: QTBUG-105608
Change-Id: I8a690e2b6f78fcaba0911a93504cde0d2c7dde0d
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
(cherry picked from commit 0a8fe228f6bb65afe08f1bc203653266fa204ba5)
| -rw-r--r-- | src/qmlcompiler/qqmljstyperesolver.cpp | 137 | ||||
| -rw-r--r-- | src/qmlcompiler/qqmljstyperesolver_p.h | 5 | ||||
| -rw-r--r-- | tests/auto/qml/qmlcppcodegen/data/CMakeLists.txt | 1 | ||||
| -rw-r--r-- | tests/auto/qml/qmlcppcodegen/data/failures.qml | 4 | ||||
| -rw-r--r-- | tests/auto/qml/qmlcppcodegen/data/gadgetwithenum.h | 23 |
5 files changed, 97 insertions, 73 deletions
diff --git a/src/qmlcompiler/qqmljstyperesolver.cpp b/src/qmlcompiler/qqmljstyperesolver.cpp index 6a0839e9e0..a65b7d0dc0 100644 --- a/src/qmlcompiler/qqmljstyperesolver.cpp +++ b/src/qmlcompiler/qqmljstyperesolver.cpp @@ -396,6 +396,64 @@ QQmlJSRegisterContent QQmlJSTypeResolver::transformed( return {}; } +QQmlJSRegisterContent QQmlJSTypeResolver::referenceTypeForName( + const QString &name, const QQmlJSScope::ConstPtr &scopeType, + bool hasObjectModulePrefix) const +{ + QQmlJSScope::ConstPtr type = typeForName(name); + if (!type) + return QQmlJSRegisterContent(); + + if (type->isSingleton()) + return QQmlJSRegisterContent::create(storedType(type), type, + QQmlJSRegisterContent::Singleton, scopeType); + + if (type->isScript()) + return QQmlJSRegisterContent::create(storedType(type), type, + QQmlJSRegisterContent::Script, scopeType); + + if (const auto attached = type->attachedType()) { + if (!genericType(attached)) { + m_logger->log(u"Cannot resolve generic base of attached %1"_s.arg( + attached->internalName()), + Log_Compiler, attached->sourceLocation()); + return {}; + } else if (type->accessSemantics() != QQmlJSScope::AccessSemantics::Reference) { + m_logger->log(u"Cannot retrieve attached object for non-reference type %1"_s.arg( + type->internalName()), + Log_Compiler, type->sourceLocation()); + return {}; + } else { + // We don't know yet whether we need the attached or the plain object. In direct + // mode, we will figure this out using the scope type and access any enums of the + // plain type directly. In indirect mode, we can use enum lookups. + return QQmlJSRegisterContent::create( + storedType(attached), attached, + hasObjectModulePrefix + ? QQmlJSRegisterContent::ObjectAttached + : QQmlJSRegisterContent::ScopeAttached, type); + } + } + + switch (type->accessSemantics()) { + case QQmlJSScope::AccessSemantics::None: + case QQmlJSScope::AccessSemantics::Reference: + // A plain reference to a non-singleton, non-attached type. + // We may still need the plain type reference for enum lookups, + // Store it as QMetaObject. + // This only works with namespaces and object types. + return QQmlJSRegisterContent::create(metaObjectType(), metaObjectType(), + QQmlJSRegisterContent::MetaType, type); + case QQmlJSScope::AccessSemantics::Sequence: + case QQmlJSScope::AccessSemantics::Value: + // This is not actually a type reference. You cannot get the metaobject + // of a value type in QML and sequences don't even have metaobjects. + break; + } + + return QQmlJSRegisterContent(); +} + QQmlJSRegisterContent QQmlJSTypeResolver::original(const QQmlJSRegisterContent &type) const { return transformed(type, &QQmlJSTypeResolver::originalType); @@ -812,51 +870,9 @@ QQmlJSRegisterContent QQmlJSTypeResolver::scopedType(const QQmlJSScope::ConstPtr } } - if (QQmlJSScope::ConstPtr type = typeForName(name)) { - if (type->isSingleton()) - return QQmlJSRegisterContent::create(storedType(type), type, - QQmlJSRegisterContent::Singleton); - - if (type->isScript()) - return QQmlJSRegisterContent::create(storedType(type), type, - QQmlJSRegisterContent::Script); - - if (const auto attached = type->attachedType()) { - if (!genericType(attached)) { - m_logger->log(u"Cannot resolve generic base of attached %1"_s.arg( - attached->internalName()), - Log_Compiler, attached->sourceLocation()); - return {}; - } else if (type->accessSemantics() != QQmlJSScope::AccessSemantics::Reference) { - m_logger->log(u"Cannot retrieve attached object for non-reference type %1"_s.arg( - type->internalName()), - Log_Compiler, type->sourceLocation()); - return {}; - } else { - // We don't know yet whether we need the attached or the plain object. In direct - // mode, we will figure this out using the scope type and access any enums of the - // plain type directly. In indirect mode, we can use enum lookups. - return QQmlJSRegisterContent::create(storedType(attached), attached, - QQmlJSRegisterContent::ScopeAttached, type); - } - } - - switch (type->accessSemantics()) { - case QQmlJSScope::AccessSemantics::None: - case QQmlJSScope::AccessSemantics::Reference: - // A plain reference to a non-singleton, non-attached type. - // We may still need the plain type reference for enum lookups, - // Store it as QMetaObject. - // This only works with namespaces and object types. - return QQmlJSRegisterContent::create(metaObjectType(), metaObjectType(), - QQmlJSRegisterContent::MetaType, type); - case QQmlJSScope::AccessSemantics::Sequence: - case QQmlJSScope::AccessSemantics::Value: - // This is not actually a type reference. You cannot get the metaobject - // of a value type in QML and sequences don't even have metaobjects. - break; - } - } + QQmlJSRegisterContent result = referenceTypeForName(name); + if (result.isValid()) + return result; if (m_jsGlobalObject->hasProperty(name)) { return QQmlJSRegisterContent::create(jsValueType(), m_jsGlobalObject->property(name), @@ -1144,34 +1160,9 @@ QQmlJSRegisterContent QQmlJSTypeResolver::memberType(const QQmlJSRegisterContent return {}; } - if (QQmlJSScope::ConstPtr result = typeForName(name)) { - QQmlJSScope::ConstPtr attached = result->attachedType(); - if (attached && genericType(attached)) { - return QQmlJSRegisterContent::create( - storedType(attached), attached, - type.variant() == QQmlJSRegisterContent::ObjectModulePrefix - ? QQmlJSRegisterContent::ObjectAttached - : QQmlJSRegisterContent::ScopeAttached, - result); - } - - if (result->isSingleton()) { - return QQmlJSRegisterContent::create( - storedType(result), result, - QQmlJSRegisterContent::Singleton, type.scopeType()); - } - - if (result->isScript()) { - return QQmlJSRegisterContent::create( - storedType(result), result, - QQmlJSRegisterContent::Script, type.scopeType()); - } - - return QQmlJSRegisterContent::create(metaObjectType(), metaObjectType(), - QQmlJSRegisterContent::MetaType, result); - } - - return {}; + return referenceTypeForName( + name, type.scopeType(), + type.variant() == QQmlJSRegisterContent::ObjectModulePrefix); } if (type.isConversion()) { const auto result = memberType(type.conversionResult(), name); diff --git a/src/qmlcompiler/qqmljstyperesolver_p.h b/src/qmlcompiler/qqmljstyperesolver_p.h index e05f5b3757..f7775d496a 100644 --- a/src/qmlcompiler/qqmljstyperesolver_p.h +++ b/src/qmlcompiler/qqmljstyperesolver_p.h @@ -167,6 +167,11 @@ protected: const QQmlJSRegisterContent &origin, QQmlJSScope::ConstPtr (QQmlJSTypeResolver::*op)(const QQmlJSScope::ConstPtr &) const) const; + QQmlJSRegisterContent referenceTypeForName( + const QString &name, + const QQmlJSScope::ConstPtr &scopeType = QQmlJSScope::ConstPtr(), + bool hasObjectModuelPrefix = false) const; + QQmlJSScope::ConstPtr m_voidType; QQmlJSScope::ConstPtr m_emptyListType; QQmlJSScope::ConstPtr m_nullType; diff --git a/tests/auto/qml/qmlcppcodegen/data/CMakeLists.txt b/tests/auto/qml/qmlcppcodegen/data/CMakeLists.txt index f3e608a6ae..7010500fba 100644 --- a/tests/auto/qml/qmlcppcodegen/data/CMakeLists.txt +++ b/tests/auto/qml/qmlcppcodegen/data/CMakeLists.txt @@ -3,6 +3,7 @@ set(cpp_sources birthdayparty.cpp birthdayparty.h cppbaseclass.h dynamicmeta.h + gadgetwithenum.h invisible.h objectwithmethod.h person.cpp person.h diff --git a/tests/auto/qml/qmlcppcodegen/data/failures.qml b/tests/auto/qml/qmlcppcodegen/data/failures.qml index 39268d84ce..16dd0c764a 100644 --- a/tests/auto/qml/qmlcppcodegen/data/failures.qml +++ b/tests/auto/qml/qmlcppcodegen/data/failures.qml @@ -1,5 +1,6 @@ import QtQml import TestTypes +import TestTypes as TT2 import Ambiguous 1.2 QtObject { @@ -35,4 +36,7 @@ QtObject { signal bar() // Cannot assign potential undefined onFoo: objectName = self.bar() + + property int enumFromGadget1: GadgetWithEnum.CONNECTED + 1 + property int enumFromGadget2: TT2.GadgetWithEnum.CONNECTED + 1 } diff --git a/tests/auto/qml/qmlcppcodegen/data/gadgetwithenum.h b/tests/auto/qml/qmlcppcodegen/data/gadgetwithenum.h new file mode 100644 index 0000000000..d146b9f654 --- /dev/null +++ b/tests/auto/qml/qmlcppcodegen/data/gadgetwithenum.h @@ -0,0 +1,23 @@ +// Copyright (C) 2022 The Qt Company Ltd. +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0 + +#ifndef GADGETWITHENUM_H +#define GADGETWITHENUM_H + +#include <QtCore/qobject.h> +#include <QtQmlIntegration/qqmlintegration.h> + +class GadgetWithEnum : public QObject { + Q_GADGET + QML_ELEMENT + +public: + enum State { + DISCONNECTED, + CONNECTING, + CONNECTED + }; + Q_ENUM(State) +}; + +#endif // GADGETWITHENUM_H |