From d8555a9706b07186ebc30eeddc10ab3672958b60 Mon Sep 17 00:00:00 2001 From: Ulf Hermann Date: Fri, 8 Dec 2023 11:44:30 +0100 Subject: QML: Don't crash when calling coerceAndCall() with null thisObject MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Pick-to: 6.5 Fixes: QTBUG-119395 Change-Id: I5877beef9a53d358a6f58f9ce5029688bd9dcedb Reviewed-by: Olivier De Cannière Reviewed-by: Fabian Kosmale (cherry picked from commit 87d27d06543b442f1ab1c29c22a1ad4f2432034e) Reviewed-by: Qt Cherry-pick Bot --- src/qml/jsruntime/qv4jscall_p.h | 7 +++++-- tests/auto/qml/qmlcppcodegen/data/CMakeLists.txt | 1 + .../auto/qml/qmlcppcodegen/data/reduceWithNullThis.qml | 18 ++++++++++++++++++ tests/auto/qml/qmlcppcodegen/tst_qmlcppcodegen.cpp | 13 +++++++++++++ 4 files changed, 37 insertions(+), 2 deletions(-) create mode 100644 tests/auto/qml/qmlcppcodegen/data/reduceWithNullThis.qml diff --git a/src/qml/jsruntime/qv4jscall_p.h b/src/qml/jsruntime/qv4jscall_p.h index a84689f5e1..f9c07e0260 100644 --- a/src/qml/jsruntime/qv4jscall_p.h +++ b/src/qml/jsruntime/qv4jscall_p.h @@ -128,10 +128,13 @@ ReturnedValue convertAndCall( values[0] = nullptr; } - if (const QV4::QObjectWrapper *cppThisObject = thisObject->as()) + if (const QV4::QObjectWrapper *cppThisObject = thisObject + ? thisObject->as() + : nullptr) { call(cppThisObject->object(), values, types, argc); - else + } else { call(nullptr, values, types, argc); + } ReturnedValue result; if (values[0]) { diff --git a/tests/auto/qml/qmlcppcodegen/data/CMakeLists.txt b/tests/auto/qml/qmlcppcodegen/data/CMakeLists.txt index a4aa6e12ff..8c28f578ea 100644 --- a/tests/auto/qml/qmlcppcodegen/data/CMakeLists.txt +++ b/tests/auto/qml/qmlcppcodegen/data/CMakeLists.txt @@ -194,6 +194,7 @@ set(qml_files popContextAfterRet.qml prefixedMetaType.qml pressAndHoldButton.qml + reduceWithNullThis.qml readEnumFromInstance.qml registerPropagation.qml registerelimination.qml diff --git a/tests/auto/qml/qmlcppcodegen/data/reduceWithNullThis.qml b/tests/auto/qml/qmlcppcodegen/data/reduceWithNullThis.qml new file mode 100644 index 0000000000..c6fda8c739 --- /dev/null +++ b/tests/auto/qml/qmlcppcodegen/data/reduceWithNullThis.qml @@ -0,0 +1,18 @@ +import QtQml + +QtObject { + id: mainItem + property int topPadding: 12 + property int bottomPadding: 12 + + property int preferredHeight: mainItem.children.reduce(maximumImplicitHeightReducer, 0) + topPadding + bottomPadding + function maximumImplicitHeightReducer(accumulator: real, item: Binding): real { + return Math.max(accumulator, (item.objectName + "b").length); + } + + property int preferredHeight2: mainItem.children.reduce((accumulator, item) => { + return Math.max(accumulator, (item.objectName + "b").length); + }, 0) + topPadding + bottomPadding + + property list children: [ Binding { objectName: "aaa" } ] +} diff --git a/tests/auto/qml/qmlcppcodegen/tst_qmlcppcodegen.cpp b/tests/auto/qml/qmlcppcodegen/tst_qmlcppcodegen.cpp index 9a330c4c06..3b1c5d47fe 100644 --- a/tests/auto/qml/qmlcppcodegen/tst_qmlcppcodegen.cpp +++ b/tests/auto/qml/qmlcppcodegen/tst_qmlcppcodegen.cpp @@ -159,6 +159,7 @@ private slots: void popContextAfterRet(); void prefixedType(); void propertyOfParent(); + void reduceWithNullThis(); void readEnumFromInstance(); void registerElimination(); void registerPropagation(); @@ -3370,6 +3371,18 @@ void tst_QmlCppCodegen::propertyOfParent() } } +void tst_QmlCppCodegen::reduceWithNullThis() +{ + QQmlEngine engine; + QQmlComponent component(&engine, QUrl(u"qrc:/qt/qml/TestTypes/reduceWithNullThis.qml"_s)); + QVERIFY2(component.isReady(), component.errorString().toUtf8()); + QScopedPointer object(component.create()); + QVERIFY(!object.isNull()); + + QCOMPARE(object->property("preferredHeight").toDouble(), 28.0); + QCOMPARE(object->property("preferredHeight2").toDouble(), 28.0); +} + void tst_QmlCppCodegen::readEnumFromInstance() { QQmlEngine engine; -- cgit v1.2.3