Check parameter types when invoking C++ functions from QML

We now check if the given parameters can be converted to the expected arguments of the function being invoked and throw a type error if not. Previously we would still invoke the method with random parameters. [ChangeLog][QtQml][Important Behavior Changes] The parameters passed to C++ functions from QML are now checked for compatibility with the expected arguments. If they cannot be converted, a type error is thrown in JavaScript and the function is not invoked. Fixes: QTBUG-73405 Change-Id: If16089510d314bb7cdb7d4db86478114c61281a8 Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
author: Ulf Hermann <ulf.hermann@qt.io> 2019-02-14 15:48:56 +0100
committer: Simon Hausmann <simon.hausmann@qt.io> 2019-02-17 08:10:17 +0000
commit: 94d30df911dccd830a18d7c2e75397505ef9a600 (patch)
tree: e9890f9cb006fdc38bbed9fe94d553868d905166 /src
parent: d96a700cc3611480ff76023287cb06f455a37b02 (diff)
1 files changed, 31 insertions, 9 deletions
diff --git a/src/qml/jsruntime/qv4qobjectwrapper.cpp b/src/qml/jsruntime/qv4qobjectwrapper.cpp
index 9344a231ff..6617dd5e89 100644
--- a/src/qml/jsruntime/qv4qobjectwrapper.cpp
+++ b/src/qml/jsruntime/qv4qobjectwrapper.cpp
@@ -1144,7 +1144,7 @@ struct CallArgument {
     inline void *dataPtr();
 
     inline void initAsType(int type);
-    inline void fromValue(int type, ExecutionEngine *, const QV4::Value &);
+    inline bool fromValue(int type, ExecutionEngine *, const QV4::Value &);
     inline ReturnedValue toValue(ExecutionEngine *);
 
 private:
@@ -1204,8 +1204,12 @@ static QV4::ReturnedValue CallMethod(const QQmlObjectOrGadget &object, int index
         // Convert all arguments.
         QVarLengthArray<CallArgument, 9> args(argCount + 1);
         args[0].initAsType(returnType);
-        for (int ii = 0; ii < argCount; ++ii)
-            args[ii + 1].fromValue(argTypes[ii], engine, callArgs->args[ii]);
+        for (int ii = 0; ii < argCount; ++ii) {
+            if (!args[ii + 1].fromValue(argTypes[ii], engine, callArgs->args[ii])) {
+                return engine->throwTypeError(QString::fromLatin1("Could not convert argument %1.")
+                                                      .arg(ii));
+            }
+        }
         QVarLengthArray<void *, 9> argData(args.count());
         for (int ii = 0; ii < args.count(); ++ii)
             argData[ii] = args[ii].dataPtr();
@@ -1672,7 +1676,7 @@ void CallArgument::fromContainerValue(const QV4::Object *object, int callType, M
 }
 #endif
 
-void CallArgument::fromValue(int callType, QV4::ExecutionEngine *engine, const QV4::Value &value)
+bool CallArgument::fromValue(int callType, QV4::ExecutionEngine *engine, const QV4::Value &value)
 {
     if (type != 0) {
         cleanup();
@@ -1708,11 +1712,13 @@ void CallArgument::fromValue(int callType, QV4::ExecutionEngine *engine, const Q
         type = callType;
     } else if (callType == QMetaType::QObjectStar) {
         qobjectPtr = nullptr;
+        type = callType;
         if (const QV4::QObjectWrapper *qobjectWrapper = value.as<QV4::QObjectWrapper>())
             qobjectPtr = qobjectWrapper->object();
         else if (const QV4::QQmlTypeWrapper *qmlTypeWrapper = value.as<QV4::QQmlTypeWrapper>())
             queryEngine = qmlTypeWrapper->isSingleton();
-        type = callType;
+        else if (!value.isNull() && !value.isUndefined()) // null and undefined are nullptr
+            return false;
     } else if (callType == qMetaTypeId<QVariant>()) {
         qvariantPtr = new (&allocData) QVariant(scope.engine->toVariant(value, -1));
         type = callType;
@@ -1734,6 +1740,8 @@ void CallArgument::fromValue(int callType, QV4::ExecutionEngine *engine, const Q
             QObject *o = nullptr;
             if (const QV4::QObjectWrapper *qobjectWrapper = value.as<QV4::QObjectWrapper>())
                 o = qobjectWrapper->object();
+            else if (!value.isNull() && !value.isUndefined())
+                return false;
             qlistPtr->append(o);
         }
         type = callType;
@@ -1782,6 +1790,15 @@ void CallArgument::fromValue(int callType, QV4::ExecutionEngine *engine, const Q
             fromContainerValue<std::vector<QModelIndex>>(object, callType, &CallArgument::stdVectorQModelIndexPtr, queryEngine);
         }
 #endif
+    } else if (QMetaType::typeFlags(callType)
+               & (QMetaType::PointerToQObject | QMetaType::PointerToGadget)) {
+        // You can assign null or undefined to any pointer. The result is a nullptr.
+        if (value.isNull() || value.isUndefined()) {
+            qvariantPtr = new (&allocData) QVariant(callType, nullptr);
+            type = callType;
+        } else {
+            queryEngine = true;
+        }
     } else {
         queryEngine = true;
     }
@@ -1803,15 +1820,20 @@ void CallArgument::fromValue(int callType, QV4::ExecutionEngine *engine, const Q
             if (!mo.isNull()) {
                 QObject *obj = ep->toQObject(v);
 
-                if (obj != nullptr && !QQmlMetaObject::canConvert(obj, mo))
-                    obj = nullptr;
+                if (obj != nullptr && !QQmlMetaObject::canConvert(obj, mo)) {
+                    *qvariantPtr = QVariant(callType, nullptr);
+                    return false;
+                }
 
                 *qvariantPtr = QVariant(callType, &obj);
-            } else {
-                *qvariantPtr = QVariant(callType, (void *)nullptr);
+                return true;
             }
+
+            *qvariantPtr = QVariant(callType, (void *)nullptr);
+            return false;
         }
     }
+    return true;
 }
 
 QV4::ReturnedValue CallArgument::toValue(QV4::ExecutionEngine *engine)
author	Ulf Hermann <ulf.hermann@qt.io>	2019-02-14 15:48:56 +0100
committer	Simon Hausmann <simon.hausmann@qt.io>	2019-02-17 08:10:17 +0000
commit	94d30df911dccd830a18d7c2e75397505ef9a600 (patch)
tree	e9890f9cb006fdc38bbed9fe94d553868d905166 /src
parent	d96a700cc3611480ff76023287cb06f455a37b02 (diff)