diff options
author | Ulf Hermann <ulf.hermann@qt.io> | 2022-08-23 10:42:35 +0200 |
---|---|---|
committer | Ulf Hermann <ulf.hermann@qt.io> | 2022-09-01 09:46:03 +0200 |
commit | fa94a35ee718e2a83440b66a6dd57e53a0aee500 (patch) | |
tree | d4b6923253b800f4dccd190c411f45e6f09bcfd2 /src | |
parent | 6fa4d45b0d321d5d2c935ed000467b167d0c1b27 (diff) |
QmlCompiler: Prevent lookup of value type where we need an object type
With a particular nefarious combination of Q_GADGET and inheritance from
QObject you can make QmlCompiler believe a type is a value type even
though it is actually an object type. We never want to touch such a
thing.
There was a safe guard against this when looking up the type from the
scope, but by putting it in a type namespace you could circumvent it.
Refactor the code to apply to both cases the same way.
Fixes: QTBUG-104556
Fixes: QTBUG-105608
Change-Id: I8a690e2b6f78fcaba0911a93504cde0d2c7dde0d
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
(cherry picked from commit 0a8fe228f6bb65afe08f1bc203653266fa204ba5)
Diffstat (limited to 'src')
-rw-r--r-- | src/qmlcompiler/qqmljstyperesolver.cpp | 137 | ||||
-rw-r--r-- | src/qmlcompiler/qqmljstyperesolver_p.h | 5 |
2 files changed, 69 insertions, 73 deletions
diff --git a/src/qmlcompiler/qqmljstyperesolver.cpp b/src/qmlcompiler/qqmljstyperesolver.cpp index 6a0839e9e0..a65b7d0dc0 100644 --- a/src/qmlcompiler/qqmljstyperesolver.cpp +++ b/src/qmlcompiler/qqmljstyperesolver.cpp @@ -396,6 +396,64 @@ QQmlJSRegisterContent QQmlJSTypeResolver::transformed( return {}; } +QQmlJSRegisterContent QQmlJSTypeResolver::referenceTypeForName( + const QString &name, const QQmlJSScope::ConstPtr &scopeType, + bool hasObjectModulePrefix) const +{ + QQmlJSScope::ConstPtr type = typeForName(name); + if (!type) + return QQmlJSRegisterContent(); + + if (type->isSingleton()) + return QQmlJSRegisterContent::create(storedType(type), type, + QQmlJSRegisterContent::Singleton, scopeType); + + if (type->isScript()) + return QQmlJSRegisterContent::create(storedType(type), type, + QQmlJSRegisterContent::Script, scopeType); + + if (const auto attached = type->attachedType()) { + if (!genericType(attached)) { + m_logger->log(u"Cannot resolve generic base of attached %1"_s.arg( + attached->internalName()), + Log_Compiler, attached->sourceLocation()); + return {}; + } else if (type->accessSemantics() != QQmlJSScope::AccessSemantics::Reference) { + m_logger->log(u"Cannot retrieve attached object for non-reference type %1"_s.arg( + type->internalName()), + Log_Compiler, type->sourceLocation()); + return {}; + } else { + // We don't know yet whether we need the attached or the plain object. In direct + // mode, we will figure this out using the scope type and access any enums of the + // plain type directly. In indirect mode, we can use enum lookups. + return QQmlJSRegisterContent::create( + storedType(attached), attached, + hasObjectModulePrefix + ? QQmlJSRegisterContent::ObjectAttached + : QQmlJSRegisterContent::ScopeAttached, type); + } + } + + switch (type->accessSemantics()) { + case QQmlJSScope::AccessSemantics::None: + case QQmlJSScope::AccessSemantics::Reference: + // A plain reference to a non-singleton, non-attached type. + // We may still need the plain type reference for enum lookups, + // Store it as QMetaObject. + // This only works with namespaces and object types. + return QQmlJSRegisterContent::create(metaObjectType(), metaObjectType(), + QQmlJSRegisterContent::MetaType, type); + case QQmlJSScope::AccessSemantics::Sequence: + case QQmlJSScope::AccessSemantics::Value: + // This is not actually a type reference. You cannot get the metaobject + // of a value type in QML and sequences don't even have metaobjects. + break; + } + + return QQmlJSRegisterContent(); +} + QQmlJSRegisterContent QQmlJSTypeResolver::original(const QQmlJSRegisterContent &type) const { return transformed(type, &QQmlJSTypeResolver::originalType); @@ -812,51 +870,9 @@ QQmlJSRegisterContent QQmlJSTypeResolver::scopedType(const QQmlJSScope::ConstPtr } } - if (QQmlJSScope::ConstPtr type = typeForName(name)) { - if (type->isSingleton()) - return QQmlJSRegisterContent::create(storedType(type), type, - QQmlJSRegisterContent::Singleton); - - if (type->isScript()) - return QQmlJSRegisterContent::create(storedType(type), type, - QQmlJSRegisterContent::Script); - - if (const auto attached = type->attachedType()) { - if (!genericType(attached)) { - m_logger->log(u"Cannot resolve generic base of attached %1"_s.arg( - attached->internalName()), - Log_Compiler, attached->sourceLocation()); - return {}; - } else if (type->accessSemantics() != QQmlJSScope::AccessSemantics::Reference) { - m_logger->log(u"Cannot retrieve attached object for non-reference type %1"_s.arg( - type->internalName()), - Log_Compiler, type->sourceLocation()); - return {}; - } else { - // We don't know yet whether we need the attached or the plain object. In direct - // mode, we will figure this out using the scope type and access any enums of the - // plain type directly. In indirect mode, we can use enum lookups. - return QQmlJSRegisterContent::create(storedType(attached), attached, - QQmlJSRegisterContent::ScopeAttached, type); - } - } - - switch (type->accessSemantics()) { - case QQmlJSScope::AccessSemantics::None: - case QQmlJSScope::AccessSemantics::Reference: - // A plain reference to a non-singleton, non-attached type. - // We may still need the plain type reference for enum lookups, - // Store it as QMetaObject. - // This only works with namespaces and object types. - return QQmlJSRegisterContent::create(metaObjectType(), metaObjectType(), - QQmlJSRegisterContent::MetaType, type); - case QQmlJSScope::AccessSemantics::Sequence: - case QQmlJSScope::AccessSemantics::Value: - // This is not actually a type reference. You cannot get the metaobject - // of a value type in QML and sequences don't even have metaobjects. - break; - } - } + QQmlJSRegisterContent result = referenceTypeForName(name); + if (result.isValid()) + return result; if (m_jsGlobalObject->hasProperty(name)) { return QQmlJSRegisterContent::create(jsValueType(), m_jsGlobalObject->property(name), @@ -1144,34 +1160,9 @@ QQmlJSRegisterContent QQmlJSTypeResolver::memberType(const QQmlJSRegisterContent return {}; } - if (QQmlJSScope::ConstPtr result = typeForName(name)) { - QQmlJSScope::ConstPtr attached = result->attachedType(); - if (attached && genericType(attached)) { - return QQmlJSRegisterContent::create( - storedType(attached), attached, - type.variant() == QQmlJSRegisterContent::ObjectModulePrefix - ? QQmlJSRegisterContent::ObjectAttached - : QQmlJSRegisterContent::ScopeAttached, - result); - } - - if (result->isSingleton()) { - return QQmlJSRegisterContent::create( - storedType(result), result, - QQmlJSRegisterContent::Singleton, type.scopeType()); - } - - if (result->isScript()) { - return QQmlJSRegisterContent::create( - storedType(result), result, - QQmlJSRegisterContent::Script, type.scopeType()); - } - - return QQmlJSRegisterContent::create(metaObjectType(), metaObjectType(), - QQmlJSRegisterContent::MetaType, result); - } - - return {}; + return referenceTypeForName( + name, type.scopeType(), + type.variant() == QQmlJSRegisterContent::ObjectModulePrefix); } if (type.isConversion()) { const auto result = memberType(type.conversionResult(), name); diff --git a/src/qmlcompiler/qqmljstyperesolver_p.h b/src/qmlcompiler/qqmljstyperesolver_p.h index e05f5b3757..f7775d496a 100644 --- a/src/qmlcompiler/qqmljstyperesolver_p.h +++ b/src/qmlcompiler/qqmljstyperesolver_p.h @@ -167,6 +167,11 @@ protected: const QQmlJSRegisterContent &origin, QQmlJSScope::ConstPtr (QQmlJSTypeResolver::*op)(const QQmlJSScope::ConstPtr &) const) const; + QQmlJSRegisterContent referenceTypeForName( + const QString &name, + const QQmlJSScope::ConstPtr &scopeType = QQmlJSScope::ConstPtr(), + bool hasObjectModuelPrefix = false) const; + QQmlJSScope::ConstPtr m_voidType; QQmlJSScope::ConstPtr m_emptyListType; QQmlJSScope::ConstPtr m_nullType; |