summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRobin Burchell <robin.burchell@crimson.no>2018-04-09 15:41:02 +0200
committerMichael Brasser <michael.brasser@live.com>2018-04-30 15:16:18 +0000
commitf9686bc68696ad1e99a0587f15d05300d003d990 (patch)
treea9924bb8ade0ce8c858c4bb5474cb4adbf60ad4b
parent01df9e5f46fd05a80f8f6fcaa91204e6184ded6f (diff)
QQuickItem: Guard against null deref in transformations
Change-Id: Ieb14322c104d816842e04e521b556bfc11855f1c Task-number: QTBUG-67024 Reviewed-by: Robin Burchell <robin.burchell@crimson.no> Reviewed-by: Michael Brasser <michael.brasser@live.com>
-rw-r--r--src/quick/items/qquickitem.cpp6
-rw-r--r--tests/auto/quick/qquickitem2/data/mapCoordinates.qml17
-rw-r--r--tests/auto/quick/qquickitem2/tst_qquickitem.cpp10
3 files changed, 33 insertions, 0 deletions
diff --git a/src/quick/items/qquickitem.cpp b/src/quick/items/qquickitem.cpp
index 3a0aea517c..3d650bf223 100644
--- a/src/quick/items/qquickitem.cpp
+++ b/src/quick/items/qquickitem.cpp
@@ -3134,6 +3134,9 @@ void QQuickItemPrivate::itemToParentTransform(QTransform &t) const
*/
QTransform QQuickItemPrivate::windowToGlobalTransform() const
{
+ if (Q_UNLIKELY(window == nullptr))
+ return QTransform();
+
QPoint quickWidgetOffset;
QWindow *renderWindow = QQuickRenderControl::renderWindowFor(window, &quickWidgetOffset);
QPointF pos = (renderWindow ? renderWindow : window)->mapToGlobal(quickWidgetOffset);
@@ -3145,6 +3148,9 @@ QTransform QQuickItemPrivate::windowToGlobalTransform() const
*/
QTransform QQuickItemPrivate::globalToWindowTransform() const
{
+ if (Q_UNLIKELY(window == nullptr))
+ return QTransform();
+
QPoint quickWidgetOffset;
QWindow *renderWindow = QQuickRenderControl::renderWindowFor(window, &quickWidgetOffset);
QPointF pos = (renderWindow ? renderWindow : window)->mapToGlobal(quickWidgetOffset);
diff --git a/tests/auto/quick/qquickitem2/data/mapCoordinates.qml b/tests/auto/quick/qquickitem2/data/mapCoordinates.qml
index b410b445c5..596dedab90 100644
--- a/tests/auto/quick/qquickitem2/data/mapCoordinates.qml
+++ b/tests/auto/quick/qquickitem2/data/mapCoordinates.qml
@@ -39,6 +39,11 @@ Item {
Item { id: itemB; objectName: "itemB"; x: 100; y: 100 }
}
+ Component {
+ id: itemComponent
+ Item { x: 150; y: 150 }
+ }
+
function mapAToB(x, y) {
var pos = itemA.mapToItem(itemB, x, y)
return Qt.point(pos.x, pos.y)
@@ -69,6 +74,18 @@ Item {
return Qt.point(pos.x, pos.y)
}
+ function mapOrphanToGlobal(x, y) {
+ var obj = itemComponent.createObject(null);
+ var pos = obj.mapToGlobal(x, y)
+ return Qt.point(pos.x, pos.y)
+ }
+
+ function mapOrphanFromGlobal(x, y) {
+ var obj = itemComponent.createObject(null);
+ var pos = obj.mapFromGlobal(x, y)
+ return Qt.point(pos.x, pos.y)
+ }
+
function checkMapAToInvalid(x, y) {
try {
itemA.mapToItem(1122, x, y)
diff --git a/tests/auto/quick/qquickitem2/tst_qquickitem.cpp b/tests/auto/quick/qquickitem2/tst_qquickitem.cpp
index 0f4850d4a7..f0f5873ace 100644
--- a/tests/auto/quick/qquickitem2/tst_qquickitem.cpp
+++ b/tests/auto/quick/qquickitem2/tst_qquickitem.cpp
@@ -2364,6 +2364,16 @@ void tst_QQuickItem::mapCoordinates()
Q_RETURN_ARG(QVariant, result), Q_ARG(QVariant, x), Q_ARG(QVariant, y)));
QCOMPARE(result.value<QPointF>(), qobject_cast<QQuickItem*>(a)->mapFromGlobal(QPointF(x, y)));
+ // for orphans we are primarily testing that we don't crash.
+ // when orphaned the final position is the original position of the item translated by x,y
+ QVERIFY(QMetaObject::invokeMethod(root, "mapOrphanToGlobal",
+ Q_RETURN_ARG(QVariant, result), Q_ARG(QVariant, x), Q_ARG(QVariant, y)));
+ QCOMPARE(result.value<QPointF>(), QPointF(150,150) + QPointF(x, y));
+
+ QVERIFY(QMetaObject::invokeMethod(root, "mapOrphanFromGlobal",
+ Q_RETURN_ARG(QVariant, result), Q_ARG(QVariant, x), Q_ARG(QVariant, y)));
+ QCOMPARE(result.value<QPointF>(), -QPointF(150,150) + QPointF(x, y));
+
QString warning1 = testFileUrl("mapCoordinates.qml").toString() + ":35:5: QML Item: mapToItem() given argument \"1122\" which is neither null nor an Item";
QString warning2 = testFileUrl("mapCoordinates.qml").toString() + ":35:5: QML Item: mapFromItem() given argument \"1122\" which is neither null nor an Item";