aboutsummaryrefslogtreecommitdiffstats
path: root/tests/auto/qml/qqmllanguage/tst_qqmllanguage.cpp
diff options
context:
space:
mode:
authorUlf Hermann <ulf.hermann@qt.io>2020-03-26 12:09:45 +0100
committerUlf Hermann <ulf.hermann@qt.io>2020-03-26 13:16:45 +0100
commit7aac345415ca8970f3e5f094ec8fa1a26b36587b (patch)
treefecbcdf93de55e5c7c225874697f13fdb7af0de9 /tests/auto/qml/qqmllanguage/tst_qqmllanguage.cpp
parentaa5f4add4073a95e3222e43a7422f8421d3a1aee (diff)
tst_qqmllanguage: Avoid use after free
Apparently we're poking into the unit data during the last evaluate(). We need to keep it alive until then. Change-Id: I3a08766503a3508720b3ac154171e6fc8bd280d1 Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io> Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
Diffstat (limited to 'tests/auto/qml/qqmllanguage/tst_qqmllanguage.cpp')
-rw-r--r--tests/auto/qml/qqmllanguage/tst_qqmllanguage.cpp17
1 files changed, 12 insertions, 5 deletions
diff --git a/tests/auto/qml/qqmllanguage/tst_qqmllanguage.cpp b/tests/auto/qml/qqmllanguage/tst_qqmllanguage.cpp
index 16ea659fe9..5665775258 100644
--- a/tests/auto/qml/qqmllanguage/tst_qqmllanguage.cpp
+++ b/tests/auto/qml/qqmllanguage/tst_qqmllanguage.cpp
@@ -2463,22 +2463,29 @@ void tst_qqmllanguage::scriptStringJs()
QVERIFY(!object->scriptProperty().booleanLiteral(&ok) && !ok);
}
+struct FreeUnitData
+{
+ static void cleanup(const QV4::CompiledData::Unit *readOnlyQmlUnit)
+ {
+ if (readOnlyQmlUnit && !(readOnlyQmlUnit->flags & QV4::CompiledData::Unit::StaticData))
+ free(const_cast<QV4::CompiledData::Unit *>(readOnlyQmlUnit));
+ }
+};
+
void tst_qqmllanguage::scriptStringWithoutSourceCode()
{
QUrl url = testFileUrl("scriptString7.qml");
+ QScopedPointer<const QV4::CompiledData::Unit, FreeUnitData> readOnlyQmlUnit;
{
QQmlEnginePrivate *eng = QQmlEnginePrivate::get(&engine);
QQmlRefPointer<QQmlTypeData> td = eng->typeLoader.getType(url);
Q_ASSERT(td);
QQmlRefPointer<QV4::ExecutableCompilationUnit> compilationUnit = td->compilationUnit();
- const QV4::CompiledData::Unit *readOnlyQmlUnit = compilationUnit->unitData();
+ readOnlyQmlUnit.reset(compilationUnit->unitData());
Q_ASSERT(readOnlyQmlUnit);
QV4::CompiledData::Unit *qmlUnit = reinterpret_cast<QV4::CompiledData::Unit *>(malloc(readOnlyQmlUnit->unitSize));
- memcpy(qmlUnit, readOnlyQmlUnit, readOnlyQmlUnit->unitSize);
-
- if (!(readOnlyQmlUnit->flags & QV4::CompiledData::Unit::StaticData))
- free(const_cast<QV4::CompiledData::Unit *>(readOnlyQmlUnit));
+ memcpy(qmlUnit, readOnlyQmlUnit.data(), readOnlyQmlUnit->unitSize);
qmlUnit->flags &= ~QV4::CompiledData::Unit::StaticData;
compilationUnit->setUnitData(qmlUnit);
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-30 10:53:38 +0000