From 5b96f81fa3c31ea911a08bb28275272b0770a745 Mon Sep 17 00:00:00 2001
From: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
Date: Fri, 14 Jun 2019 14:29:13 +0200
Subject: QQuickRectangle: do not pass invalid presets onto QGradient
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

QGradient isn't meant to have a wide contract and filter out
garbage. Since we're parsing ints / strings as gradients, do
the validation at this level.

Change-Id: I271b5ed1b908d698a2d2c871abf5e61d1e565451
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io>
---
 src/quick/items/qquickrectangle.cpp | 26 ++++++++++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

(limited to 'src/quick/items/qquickrectangle.cpp')

diff --git a/src/quick/items/qquickrectangle.cpp b/src/quick/items/qquickrectangle.cpp
index 5e217dcd0c..f3cefc7463 100644
--- a/src/quick/items/qquickrectangle.cpp
+++ b/src/quick/items/qquickrectangle.cpp
@@ -451,8 +451,30 @@ void QQuickRectangle::setGradient(const QJSValue &gradient)
             d->gradient = QJSValue();
         }
     } else if (gradient.isNumber() || gradient.isString()) {
-        QGradient preset(gradient.toVariant().value<QGradient::Preset>());
-        if (preset.type() != QGradient::NoGradient) {
+        static const QMetaEnum gradientPresetMetaEnum = QMetaEnum::fromType<QGradient::Preset>();
+        Q_ASSERT(gradientPresetMetaEnum.isValid());
+
+        QGradient result;
+
+        // This code could simply use gradient.toVariant().convert<QGradient::Preset>(),
+        // but QTBUG-76377 prevents us from doing error checks. So we need to
+        // do them manually. Also, NumPresets cannot be used.
+
+        if (gradient.isNumber()) {
+            const auto preset = QGradient::Preset(gradient.toInt());
+            if (preset != QGradient::NumPresets && gradientPresetMetaEnum.valueToKey(preset))
+                result = QGradient(preset);
+        } else if (gradient.isString()) {
+            const auto presetName = gradient.toString();
+            if (presetName != QLatin1String("NumPresets")) {
+                bool ok;
+                const auto presetInt = gradientPresetMetaEnum.keyToValue(qPrintable(presetName), &ok);
+                if (ok)
+                    result = QGradient(QGradient::Preset(presetInt));
+            }
+        }
+
+        if (result.type() != QGradient::NoGradient) {
             d->gradient = gradient;
         } else {
             qmlWarning(this) << "No such gradient preset '" << gradient.toString() << "'";
-- 
cgit v1.2.3