From 290251541e615358dcc7a289ff2adb30f309c132 Mon Sep 17 00:00:00 2001 From: Fabian Kosmale Date: Tue, 3 Dec 2019 16:23:24 +0100 Subject: QQuickPixmapCache: Don't dereference nullptr Consistently check that job->data is not null before derefencing it. Fixes: QTBUG-80510 Fixes: QTBUG-79937 Change-Id: I894503ddd2254814463073cc12f8365641efc689 Reviewed-by: Ulf Hermann Reviewed-by: Shawn Rutledge --- src/quick/util/qquickpixmapcache.cpp | 8 +++++--- .../qquickpixmapcache/data/asynchronousNoCache.qml | 17 +++++++++++++++++ .../quick/qquickpixmapcache/tst_qquickpixmapcache.cpp | 9 +++++++++ 3 files changed, 31 insertions(+), 3 deletions(-) create mode 100644 tests/auto/quick/qquickpixmapcache/data/asynchronousNoCache.qml diff --git a/src/quick/util/qquickpixmapcache.cpp b/src/quick/util/qquickpixmapcache.cpp index 56ad8ebf0b..e1b30f2b2c 100644 --- a/src/quick/util/qquickpixmapcache.cpp +++ b/src/quick/util/qquickpixmapcache.cpp @@ -567,9 +567,10 @@ void QQuickPixmapReader::networkRequestDone(QNetworkReply *reply) QBuffer buff(&all); buff.open(QIODevice::ReadOnly); int frameCount; - if (!readImage(reply->url(), &buff, &image, &errorString, &readSize, &frameCount, job->requestSize, job->providerOptions, nullptr, job->data->frame)) + int const frame = job->data ? job->data->frame : 0; + if (!readImage(reply->url(), &buff, &image, &errorString, &readSize, &frameCount, job->requestSize, job->providerOptions, nullptr, frame)) error = QQuickPixmapReply::Decoding; - else + else if (job->data) job->data->frameCount = frameCount; } // send completion event to the QQuickPixmapReply @@ -882,7 +883,8 @@ void QQuickPixmapReader::processJob(QQuickPixmapReply *runningJob, const QUrl &u return; } else { int frameCount; - if (!readImage(url, &f, &image, &errorStr, &readSize, &frameCount, runningJob->requestSize, runningJob->providerOptions, nullptr, runningJob->data->frame)) { + int const frame = runningJob->data ? runningJob->data->frame : 0; + if ( !readImage(url, &f, &image, &errorStr, &readSize, &frameCount, runningJob->requestSize, runningJob->providerOptions, nullptr, frame)) { errorCode = QQuickPixmapReply::Loading; if (f.fileName() != localFile) errorStr += QString::fromLatin1(" (%1)").arg(f.fileName()); diff --git a/tests/auto/quick/qquickpixmapcache/data/asynchronousNoCache.qml b/tests/auto/quick/qquickpixmapcache/data/asynchronousNoCache.qml new file mode 100644 index 0000000000..5331be5a15 --- /dev/null +++ b/tests/auto/quick/qquickpixmapcache/data/asynchronousNoCache.qml @@ -0,0 +1,17 @@ +import QtQuick 2.12 + +Item { + visible: true + width: 640 + height: 480 + + Image{ + asynchronous: true + anchors.fill: parent + fillMode: Image.Stretch + source: "exists1.png" + cache: false + sourceSize.width: width/2 + sourceSize.height: height/2 + } +} diff --git a/tests/auto/quick/qquickpixmapcache/tst_qquickpixmapcache.cpp b/tests/auto/quick/qquickpixmapcache/tst_qquickpixmapcache.cpp index bffaaf7c6e..1e2e0a6078 100644 --- a/tests/auto/quick/qquickpixmapcache/tst_qquickpixmapcache.cpp +++ b/tests/auto/quick/qquickpixmapcache/tst_qquickpixmapcache.cpp @@ -30,6 +30,7 @@ #include #include #include +#include #include #include "../../shared/util.h" #include "testhttpserver.h" @@ -62,6 +63,7 @@ private slots: #endif void lockingCrash(); void uncached(); + void asynchronousNoCache(); #if PIXMAP_DATA_LEAK_TEST void dataLeak(); #endif @@ -473,6 +475,13 @@ void tst_qquickpixmapcache::uncached() } } +void tst_qquickpixmapcache::asynchronousNoCache() +{ + QQmlEngine engine; + QQmlComponent component(&engine, testFileUrl("asynchronousNoCache.qml")); + QScopedPointer root {component.create()}; // should not crash +} + #if PIXMAP_DATA_LEAK_TEST // This test should not be enabled by default as it -- cgit v1.2.3