diff options
author | Pavel Tumakaev <p.tumakaev@lgepartner.com> | 2019-05-22 17:32:25 +0300 |
---|---|---|
committer | Pavel Tumakaev <p.tumakaev@lgepartner.com> | 2019-07-13 14:05:06 +0300 |
commit | 141ffbe37e9263829a156fc1f4d7b93a2bf311be (patch) | |
tree | 10c6a71c2789760c880b027beb131eb4d8687598 | |
parent | 9dcec8f016c1fdd9d0e99e0ee717523a8823bca7 (diff) |
Fix crashes in QQmlXMLHttpRequest
ExecutionEngine::callingQmlContext() in some cases returns a null pointer.
According to ISO/IEC 14882 ยง9.3.1/1 "If a nonstatic member function of a
class X is called for an object that is not of type X, or of a type
derived from X, the behavior is undefined". Thus, invoking a
QQmlContextData::resolvedUrl() member function on a null instance results
in undefined behavior, and leads to a crash in some cases.
ExecutionEngine::qmlEngine() in some cases returns a null pointer. The
QQmlEnginePrivate::get() method must return a pointer to a QQmlEngine
private internal class. Call QQmlEnginePrivate::get() with passed null
pointer leads to application crash. If the QQmlEngine pointer is null,
the QQmlEnginePrivate pointer should also be null. Thus, if the pointer
to QQmlEngine is null pointer, the null pointer to the private class
should be passed to the QQmlEnginePrivate::warning().
Task-number: QTBUG-75983
Change-Id: Iad240bb6db0be58e9087b7a86f8d400b07623865
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
-rw-r--r-- | src/qml/qml/qqmlxmlhttprequest.cpp | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/src/qml/qml/qqmlxmlhttprequest.cpp b/src/qml/qml/qqmlxmlhttprequest.cpp index 9f629f974d..9877cc027f 100644 --- a/src/qml/qml/qqmlxmlhttprequest.cpp +++ b/src/qml/qml/qqmlxmlhttprequest.cpp @@ -1574,7 +1574,8 @@ void QQmlXMLHttpRequest::dispatchCallbackNow(Object *thisObj, bool done, bool er if (scope.engine->hasException) { QQmlError error = scope.engine->catchExceptionAsQmlError(); - QQmlEnginePrivate::warning(QQmlEnginePrivate::get(scope.engine->qmlEngine()), error); + QQmlEnginePrivate *qmlEnginePrivate = scope.engine->qmlEngine() ? QQmlEnginePrivate::get(scope.engine->qmlEngine()) : nullptr; + QQmlEnginePrivate::warning(qmlEnginePrivate, error); } }; @@ -1765,8 +1766,13 @@ ReturnedValue QQmlXMLHttpRequestCtor::method_open(const FunctionObject *b, const // Argument 1 - URL QUrl url = QUrl(argv[1].toQStringNoThrow()); - if (url.isRelative()) - url = scope.engine->callingQmlContext()->resolvedUrl(url); + if (url.isRelative()) { + QQmlContextData *qmlContextData = scope.engine->callingQmlContext(); + if (qmlContextData) + url = qmlContextData->resolvedUrl(url); + else + url = scope.engine->resolvedUrl(url.url()); + } bool async = true; // Argument 2 - async (optional) |