QQmlPropertyCache: Guarantee 1:1 relationship to meta object

The QQmlPropertyCache ctor that just takes a QMetaObject is really dangerous. It misbehaves for anything but plain QObject. Remove it. Also, realize that we never want to update a property cache "recursively". That is, each property cache maps exactly one metaobject. We cannot cover multiple metaobjects with the same property cache. Finally, any property caches constructed dynamically must not be recorded in the type registry. These caches are not comparable to anything else. Introduce a special method to create them. Fixes: QTBUG-102454 Change-Id: I47a1ff0f467e9444ff9f581ffcdf0a8b5730b0b8 Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io> (cherry picked from commit f7f6e140947582026d08a68421052e6ac7b997e4) Reviewed-by: Andrei Golubev <andrei.golubev@qt.io>
author: Ulf Hermann <ulf.hermann@qt.io> 2022-04-12 10:19:47 +0200
committer: Ulf Hermann <ulf.hermann@qt.io> 2022-05-05 19:27:40 +0200
commit: b5f9790b69b979c066faca94f05b46418993e5d5 (patch)
tree: 098adae264660015890c8474923d62d403b76f27 /src/qml/qml
parent: 3b1d3f2d4105d1bdf767d0c7c33b04d67d491642 (diff)
4 files changed, 30 insertions, 22 deletions
diff --git a/src/qml/qml/qqmlmetatypedata.cpp b/src/qml/qml/qqmlmetatypedata.cpp
index 6bac4ca8c5..b2cae077cf 100644
--- a/src/qml/qml/qqmlmetatypedata.cpp
+++ b/src/qml/qml/qqmlmetatypedata.cpp
@@ -147,7 +147,7 @@ QQmlRefPointer<QQmlPropertyCache> QQmlMetaTypeData::propertyCache(const QMetaObj
     if (const QMetaObject *superMeta = metaObject->superClass())
         rv = propertyCache(superMeta, version)->copyAndAppend(metaObject, version);
     else
-        rv.adopt(new QQmlPropertyCache(metaObject));
+        rv = QQmlPropertyCache::createStandalone(metaObject);
 
     const auto *mop = reinterpret_cast<const QMetaObjectPrivate *>(metaObject->d.data);
     if (!(mop->flags & DynamicMetaObject))
diff --git a/src/qml/qml/qqmlopenmetaobject.cpp b/src/qml/qml/qqmlopenmetaobject.cpp
index 8b0e0c66d5..d40a2beaa7 100644
--- a/src/qml/qml/qqmlopenmetaobject.cpp
+++ b/src/qml/qml/qqmlopenmetaobject.cpp
@@ -40,6 +40,7 @@
 #include "qqmlopenmetaobject_p.h"
 #include <private/qqmlpropertycache_p.h>
 #include <private/qqmldata_p.h>
+#include <private/qqmlmetatype_p.h>
 #include <private/qmetaobjectbuilder_p.h>
 #include <qdebug.h>
 
@@ -423,8 +424,11 @@ void QQmlOpenMetaObject::setCached(bool c)
 
     QQmlData *qmldata = QQmlData::get(d->object, true);
     if (d->cacheProperties) {
+        // As the propertyCache is not saved in QQmlMetaType (due to it being dynamic)
+        // we cannot leak it to other places before we're done with it. Yes, it's still
+        // terrible.
         if (!d->type->d->cache)
-            d->type->d->cache = new QQmlPropertyCache(this);
+            d->type->d->cache = QQmlPropertyCache::createStandalone(this).take();
         qmldata->propertyCache = d->type->d->cache;
     } else {
         if (d->type->d->cache)
diff --git a/src/qml/qml/qqmlpropertycache.cpp b/src/qml/qml/qqmlpropertycache.cpp
index bb305549e0..69fa317495 100644
--- a/src/qml/qml/qqmlpropertycache.cpp
+++ b/src/qml/qml/qqmlpropertycache.cpp
@@ -149,14 +149,23 @@ void QQmlPropertyData::load(const QMetaMethod &m)
 }
 
 /*!
-Creates a new QQmlPropertyCache of \a metaObject.
+    Creates a standalone QQmlPropertyCache of \a metaObject. It is separate from the usual
+    QQmlPropertyCache hierarchy. Its parent is not equal to any other QQmlPropertyCache
+    created from QObject::staticMetaObject, for example.
 */
-QQmlPropertyCache::QQmlPropertyCache(const QMetaObject *metaObject, QTypeRevision metaObjectRevision)
-    : _metaObject(metaObject)
+QQmlRefPointer<QQmlPropertyCache> QQmlPropertyCache::createStandalone(
+        const QMetaObject *metaObject, QTypeRevision metaObjectRevision)
 {
     Q_ASSERT(metaObject);
 
-    update(metaObject);
+    QQmlRefPointer<QQmlPropertyCache> result;
+    if (const QMetaObject *super = metaObject->superClass()) {
+        result = createStandalone(
+                    super, metaObjectRevision)->copyAndAppend(metaObject, metaObjectRevision);
+    } else {
+        result.adopt(new QQmlPropertyCache(metaObject));
+        result->update(metaObject);
+    }
 
     if (metaObjectRevision.isValid() && metaObjectRevision != QTypeRevision::zero()) {
         // Set the revision of the meta object that this cache describes to be
@@ -164,9 +173,13 @@ QQmlPropertyCache::QQmlPropertyCache(const QMetaObject *metaObject, QTypeRevisio
         // from a type that was created directly in C++, and not through QML. For such
         // types, the revision for each recorded QMetaObject would normally be zero, which
         // would exclude any revisioned properties.
-        for (int metaObjectOffset = 0; metaObjectOffset < allowedRevisionCache.size(); ++metaObjectOffset)
-            allowedRevisionCache[metaObjectOffset] = metaObjectRevision;
+        for (int metaObjectOffset = 0; metaObjectOffset < result->allowedRevisionCache.size();
+             ++metaObjectOffset) {
+            result->allowedRevisionCache[metaObjectOffset] = metaObjectRevision;
+        }
     }
+
+    return result;
 }
 
 QQmlPropertyCache::~QQmlPropertyCache()
@@ -573,16 +586,6 @@ void QQmlPropertyCache::append(const QMetaObject *metaObject,
     }
 }
 
-void QQmlPropertyCache::updateRecur(const QMetaObject *metaObject)
-{
-    if (!metaObject)
-        return;
-
-    updateRecur(metaObject->superClass());
-
-    append(metaObject, QTypeRevision());
-}
-
 void QQmlPropertyCache::update(const QMetaObject *metaObject)
 {
     Q_ASSERT(metaObject);
@@ -602,7 +605,8 @@ void QQmlPropertyCache::update(const QMetaObject *metaObject)
     // cached in a parent cache.
     stringCache.reserve(pc + mc + sc);
 
-    updateRecur(metaObject);
+    if (metaObject)
+        append(metaObject, QTypeRevision());
 }
 
 /*! \internal
diff --git a/src/qml/qml/qqmlpropertycache_p.h b/src/qml/qml/qqmlpropertycache_p.h
index 60f3e1fa44..7be8bb93a6 100644
--- a/src/qml/qml/qqmlpropertycache_p.h
+++ b/src/qml/qml/qqmlpropertycache_p.h
@@ -151,8 +151,10 @@ private:
 class Q_QML_PRIVATE_EXPORT QQmlPropertyCache : public QQmlRefCount
 {
 public:
+    static QQmlRefPointer<QQmlPropertyCache> createStandalone(
+            const QMetaObject *, QTypeRevision metaObjectRevision = QTypeRevision::zero());
+
     QQmlPropertyCache() = default;
-    QQmlPropertyCache(const QMetaObject *, QTypeRevision metaObjectRevision = QTypeRevision::zero());
     ~QQmlPropertyCache() override;
 
     void update(const QMetaObject *);
@@ -272,8 +274,6 @@ private:
     QQmlPropertyData *findProperty(StringCache::ConstIterator it, const QQmlVMEMetaObject *,
                                    const QQmlRefPointer<QQmlContextData> &) const;
 
-    void updateRecur(const QMetaObject *);
-
     template<typename K>
     QQmlPropertyData *findNamedProperty(const K &key) const
     {
author	Ulf Hermann <ulf.hermann@qt.io>	2022-04-12 10:19:47 +0200
committer	Ulf Hermann <ulf.hermann@qt.io>	2022-05-05 19:27:40 +0200
commit	b5f9790b69b979c066faca94f05b46418993e5d5 (patch)
tree	098adae264660015890c8474923d62d403b76f27 /src/qml/qml
parent	3b1d3f2d4105d1bdf767d0c7c33b04d67d491642 (diff)