From b5bc53a1cb26968414282245bb72460b29dd87d2 Mon Sep 17 00:00:00 2001 From: Robin Burchell Date: Mon, 9 Apr 2018 15:41:02 +0200 Subject: QQuickItem: Guard against null deref in transformations Change-Id: Ieb14322c104d816842e04e521b556bfc11855f1c Task-number: QTBUG-67024 Reviewed-by: Robin Burchell Reviewed-by: Michael Brasser (cherry picked from commit f9686bc68696ad1e99a0587f15d05300d003d990) --- src/quick/items/qquickitem.cpp | 6 ++++++ tests/auto/quick/qquickitem2/data/mapCoordinates.qml | 17 +++++++++++++++++ tests/auto/quick/qquickitem2/tst_qquickitem.cpp | 10 ++++++++++ 3 files changed, 33 insertions(+) diff --git a/src/quick/items/qquickitem.cpp b/src/quick/items/qquickitem.cpp index 8499c37010..f68ec8368d 100644 --- a/src/quick/items/qquickitem.cpp +++ b/src/quick/items/qquickitem.cpp @@ -3121,6 +3121,9 @@ void QQuickItemPrivate::itemToParentTransform(QTransform &t) const */ QTransform QQuickItemPrivate::windowToGlobalTransform() const { + if (Q_UNLIKELY(window == nullptr)) + return QTransform(); + QPoint quickWidgetOffset; QWindow *renderWindow = QQuickRenderControl::renderWindowFor(window, &quickWidgetOffset); QPointF pos = (renderWindow ? renderWindow : window)->mapToGlobal(quickWidgetOffset); @@ -3132,6 +3135,9 @@ QTransform QQuickItemPrivate::windowToGlobalTransform() const */ QTransform QQuickItemPrivate::globalToWindowTransform() const { + if (Q_UNLIKELY(window == nullptr)) + return QTransform(); + QPoint quickWidgetOffset; QWindow *renderWindow = QQuickRenderControl::renderWindowFor(window, &quickWidgetOffset); QPointF pos = (renderWindow ? renderWindow : window)->mapToGlobal(quickWidgetOffset); diff --git a/tests/auto/quick/qquickitem2/data/mapCoordinates.qml b/tests/auto/quick/qquickitem2/data/mapCoordinates.qml index b410b445c5..596dedab90 100644 --- a/tests/auto/quick/qquickitem2/data/mapCoordinates.qml +++ b/tests/auto/quick/qquickitem2/data/mapCoordinates.qml @@ -39,6 +39,11 @@ Item { Item { id: itemB; objectName: "itemB"; x: 100; y: 100 } } + Component { + id: itemComponent + Item { x: 150; y: 150 } + } + function mapAToB(x, y) { var pos = itemA.mapToItem(itemB, x, y) return Qt.point(pos.x, pos.y) @@ -69,6 +74,18 @@ Item { return Qt.point(pos.x, pos.y) } + function mapOrphanToGlobal(x, y) { + var obj = itemComponent.createObject(null); + var pos = obj.mapToGlobal(x, y) + return Qt.point(pos.x, pos.y) + } + + function mapOrphanFromGlobal(x, y) { + var obj = itemComponent.createObject(null); + var pos = obj.mapFromGlobal(x, y) + return Qt.point(pos.x, pos.y) + } + function checkMapAToInvalid(x, y) { try { itemA.mapToItem(1122, x, y) diff --git a/tests/auto/quick/qquickitem2/tst_qquickitem.cpp b/tests/auto/quick/qquickitem2/tst_qquickitem.cpp index 09e89ff85f..882b31ccc7 100644 --- a/tests/auto/quick/qquickitem2/tst_qquickitem.cpp +++ b/tests/auto/quick/qquickitem2/tst_qquickitem.cpp @@ -2364,6 +2364,16 @@ void tst_QQuickItem::mapCoordinates() Q_RETURN_ARG(QVariant, result), Q_ARG(QVariant, x), Q_ARG(QVariant, y))); QCOMPARE(result.value(), qobject_cast(a)->mapFromGlobal(QPointF(x, y))); + // for orphans we are primarily testing that we don't crash. + // when orphaned the final position is the original position of the item translated by x,y + QVERIFY(QMetaObject::invokeMethod(root, "mapOrphanToGlobal", + Q_RETURN_ARG(QVariant, result), Q_ARG(QVariant, x), Q_ARG(QVariant, y))); + QCOMPARE(result.value(), QPointF(150,150) + QPointF(x, y)); + + QVERIFY(QMetaObject::invokeMethod(root, "mapOrphanFromGlobal", + Q_RETURN_ARG(QVariant, result), Q_ARG(QVariant, x), Q_ARG(QVariant, y))); + QCOMPARE(result.value(), -QPointF(150,150) + QPointF(x, y)); + QString warning1 = testFileUrl("mapCoordinates.qml").toString() + ":35:5: QML Item: mapToItem() given argument \"1122\" which is neither null nor an Item"; QString warning2 = testFileUrl("mapCoordinates.qml").toString() + ":35:5: QML Item: mapFromItem() given argument \"1122\" which is neither null nor an Item"; -- cgit v1.2.3