diff options
author | Robin Burchell <robin.burchell@crimson.no> | 2017-04-13 13:46:20 +0200 |
---|---|---|
committer | Robin Burchell <robin.burchell@crimson.no> | 2017-04-13 18:33:44 +0000 |
commit | 568005a5d3ecd78608d619cc9dc6063276baa316 (patch) | |
tree | f38696990a6a861173429e416b91e4a8b0f9ab09 /src/qml/types | |
parent | 9c1c471e54bb12e8740b76d1c048f2f916a6ab59 (diff) |
QQmlConnections: Don't crash (or read past bounds) if a silly prop name is given
Change-Id: I156d27b21159f019a969a33e553e63fac9a3d193
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
Diffstat (limited to 'src/qml/types')
-rw-r--r-- | src/qml/types/qqmlconnections.cpp | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/src/qml/types/qqmlconnections.cpp b/src/qml/types/qqmlconnections.cpp index 870aeaa6e2..66bc772279 100644 --- a/src/qml/types/qqmlconnections.cpp +++ b/src/qml/types/qqmlconnections.cpp @@ -235,14 +235,13 @@ void QQmlConnectionsParser::verifyBindings(const QV4::CompiledData::Unit *qmlUni { for (int ii = 0; ii < props.count(); ++ii) { const QV4::CompiledData::Binding *binding = props.at(ii); - QString propName = qmlUnit->stringAt(binding->propertyNameIndex); + const QString &propName = qmlUnit->stringAt(binding->propertyNameIndex); - if (!propName.startsWith(QLatin1String("on")) || !propName.at(2).isUpper()) { + if (!propName.startsWith(QLatin1String("on")) || (propName.length() < 3 || !propName.at(2).isUpper())) { error(props.at(ii), QQmlConnections::tr("Cannot assign to non-existent property \"%1\"").arg(propName)); return; } - if (binding->type >= QV4::CompiledData::Binding::Type_Object) { const QV4::CompiledData::Object *target = qmlUnit->objectAt(binding->value.objectIndex); if (!qmlUnit->stringAt(target->inheritedTypeNameIndex).isEmpty()) |