Fix lookups of properties in QML singletons

An unqualified name that points to a QML singleton will evaluate to a QQmlTypeWrapper JS object. A member lookup in such an object is not guaranteed to always produce the same property. The property cache check may protect us from that, but we must still retrieve the QObject singleton for every lookup. Task-number: QTBUG-75896 Change-Id: Ibd9bac6e5c2047f838758811790b299ace636446 Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
author: Simon Hausmann <simon.hausmann@qt.io> 2019-05-20 16:09:13 +0200
committer: Simon Hausmann <simon.hausmann@qt.io> 2019-05-21 12:42:45 +0200
commit: 2f4479857d2b68f8cd3267b2f2b3c652ada431ed (patch)
tree: 588c84d73801025dcc878bc5b51e04a66f1d1c19 /src/qml/jsruntime
parent: c61a75cd6a4a9cd7b3594b205fcac8fc1208d493 (diff)
4 files changed, 2 insertions, 6 deletions
diff --git a/src/qml/jsruntime/qv4lookup_p.h b/src/qml/jsruntime/qv4lookup_p.h
index 03dc5f6d3c..4fd5e133f7 100644
--- a/src/qml/jsruntime/qv4lookup_p.h
+++ b/src/qml/jsruntime/qv4lookup_p.h
@@ -120,7 +120,7 @@ struct Lookup {
         } indexedLookup;
         struct {
             Heap::InternalClass *ic;
-            Heap::QObjectWrapper *staticQObject;
+            Heap::InternalClass *qmlTypeIc; // only used when lookup goes through QQmlTypeWrapper
             QQmlPropertyCache *propertyCache;
             QQmlPropertyData *propertyData;
         } qobjectLookup;
diff --git a/src/qml/jsruntime/qv4qmlcontext.cpp b/src/qml/jsruntime/qv4qmlcontext.cpp
index 0c5226d46c..6aa0130188 100644
--- a/src/qml/jsruntime/qv4qmlcontext.cpp
+++ b/src/qml/jsruntime/qv4qmlcontext.cpp
@@ -293,7 +293,6 @@ ReturnedValue QQmlContextWrapper::getPropertyAndBase(const QQmlContextWrapper *r
                         ScopedValue val(scope, base ? *base : Value::fromReturnedValue(QV4::QObjectWrapper::wrap(v4, scopeObject)));
                         const QObjectWrapper *That = static_cast<const QObjectWrapper *>(val->objectValue());
                         lookup->qobjectLookup.ic = That->internalClass();
-                        lookup->qobjectLookup.staticQObject = nullptr;
                         lookup->qobjectLookup.propertyCache = ddata->propertyCache;
                         lookup->qobjectLookup.propertyCache->addref();
                         lookup->qobjectLookup.propertyData = propertyData;
@@ -326,7 +325,6 @@ ReturnedValue QQmlContextWrapper::getPropertyAndBase(const QQmlContextWrapper *r
                             ScopedValue val(scope, base ? *base : Value::fromReturnedValue(QV4::QObjectWrapper::wrap(v4, context->contextObject)));
                             const QObjectWrapper *That = static_cast<const QObjectWrapper *>(val->objectValue());
                             lookup->qobjectLookup.ic = That->internalClass();
-                            lookup->qobjectLookup.staticQObject = nullptr;
                             lookup->qobjectLookup.propertyCache = ddata->propertyCache;
                             lookup->qobjectLookup.propertyCache->addref();
                             lookup->qobjectLookup.propertyData = propertyData;
diff --git a/src/qml/jsruntime/qv4qobjectwrapper.cpp b/src/qml/jsruntime/qv4qobjectwrapper.cpp
index 6fed538fa8..63b6435112 100644
--- a/src/qml/jsruntime/qv4qobjectwrapper.cpp
+++ b/src/qml/jsruntime/qv4qobjectwrapper.cpp
@@ -870,7 +870,6 @@ ReturnedValue QObjectWrapper::virtualResolveLookupGetter(const Object *object, E
     }
 
     lookup->qobjectLookup.ic = This->internalClass();
-    lookup->qobjectLookup.staticQObject = nullptr;
     lookup->qobjectLookup.propertyCache = ddata->propertyCache;
     lookup->qobjectLookup.propertyCache->addref();
     lookup->qobjectLookup.propertyData = property;
diff --git a/src/qml/jsruntime/qv4qobjectwrapper_p.h b/src/qml/jsruntime/qv4qobjectwrapper_p.h
index 2558ede401..5543c4d5a6 100644
--- a/src/qml/jsruntime/qv4qobjectwrapper_p.h
+++ b/src/qml/jsruntime/qv4qobjectwrapper_p.h
@@ -233,8 +233,7 @@ inline ReturnedValue QObjectWrapper::lookupGetterImpl(Lookup *lookup, ExecutionE
     if (!o || o->internalClass != lookup->qobjectLookup.ic)
         return revertLookup();
 
-    const Heap::QObjectWrapper *This = lookup->qobjectLookup.staticQObject ? lookup->qobjectLookup.staticQObject :
-                                                                             static_cast<const Heap::QObjectWrapper *>(o);
+    const Heap::QObjectWrapper *This = static_cast<const Heap::QObjectWrapper *>(o);
     QObject *qobj = This->object();
     if (QQmlData::wasDeleted(qobj))
         return QV4::Encode::undefined();
author	Simon Hausmann <simon.hausmann@qt.io>	2019-05-20 16:09:13 +0200
committer	Simon Hausmann <simon.hausmann@qt.io>	2019-05-21 12:42:45 +0200
commit	2f4479857d2b68f8cd3267b2f2b3c652ada431ed (patch)
tree	588c84d73801025dcc878bc5b51e04a66f1d1c19 /src/qml/jsruntime
parent	c61a75cd6a4a9cd7b3594b205fcac8fc1208d493 (diff)