From b9ff90423879c9b27d049b47b1b19a6695878ccd Mon Sep 17 00:00:00 2001 From: Lars Knoll Date: Tue, 24 Nov 2015 10:59:09 +0100 Subject: Properly check the arguments of mapFrom/ToItem Check that we have the right type and number of arguments and throw a type error if they don't match. Change-Id: I23d37074bf0a6f88e656897862eedc8f7c9f9f8f Task-number: QTBUG-41686 Reviewed-by: Simon Hausmann --- src/quick/items/qquickitem.cpp | 58 ++++++++++++++++++++++++++++++++---------- 1 file changed, 45 insertions(+), 13 deletions(-) (limited to 'src/quick') diff --git a/src/quick/items/qquickitem.cpp b/src/quick/items/qquickitem.cpp index fd1b74d32d..224decefec 100644 --- a/src/quick/items/qquickitem.cpp +++ b/src/quick/items/qquickitem.cpp @@ -4278,8 +4278,10 @@ void QQuickItem::polish() */ void QQuickItem::mapFromItem(QQmlV4Function *args) const { - if (args->length() == 0) + if (args->length() != 3 && args->length() != 5) { + args->v4engine()->throwTypeError(); return; + } QV4::ExecutionEngine *v4 = args->v4engine(); QV4::Scope scope(v4); @@ -4295,19 +4297,33 @@ void QQuickItem::mapFromItem(QQmlV4Function *args) const if (!itemObj && !item->isNull()) { qmlInfo(this) << "mapFromItem() given argument \"" << item->toQStringNoThrow() << "\" which is neither null nor an Item"; + args->v4engine()->throwTypeError(); return; } - QV4::ScopedValue v(scope); + QV4::ScopedValue vx(scope, (*args)[1]); + QV4::ScopedValue vy(scope, (*args)[2]); + + if (!vx->isNumber() || !vy->isNumber()) { + args->v4engine()->throwTypeError(); + return; + } - qreal x = (args->length() > 1) ? (v = (*args)[1])->asDouble() : 0; - qreal y = (args->length() > 2) ? (v = (*args)[2])->asDouble() : 0; + qreal x = vx->asDouble(); + qreal y = vy->asDouble(); QVariant result; if (args->length() > 3) { - qreal w = (v = (*args)[3])->asDouble(); - qreal h = (args->length() > 4) ? (v = (*args)[4])->asDouble() : 0; + QV4::ScopedValue vw(scope, (*args)[3]); + QV4::ScopedValue vh(scope, (*args)[4]); + if (!vw->isNumber() || !vh->isNumber()) { + args->v4engine()->throwTypeError(); + return; + } + qreal w = vw->asDouble(); + qreal h = vh->asDouble(); + result = mapRectFromItem(itemObj, QRectF(x, y, w, h)); } else { result = mapFromItem(itemObj, QPointF(x, y)); @@ -4350,8 +4366,10 @@ QTransform QQuickItem::itemTransform(QQuickItem *other, bool *ok) const */ void QQuickItem::mapToItem(QQmlV4Function *args) const { - if (args->length() == 0) + if (args->length() != 3 && args->length() != 5) { + args->v4engine()->throwTypeError(); return; + } QV4::ExecutionEngine *v4 = args->v4engine(); QV4::Scope scope(v4); @@ -4367,18 +4385,32 @@ void QQuickItem::mapToItem(QQmlV4Function *args) const if (!itemObj && !item->isNull()) { qmlInfo(this) << "mapToItem() given argument \"" << item->toQStringNoThrow() << "\" which is neither null nor an Item"; + args->v4engine()->throwTypeError(); return; } - QV4::ScopedValue v(scope); - QVariant result; + QV4::ScopedValue vx(scope, (*args)[1]); + QV4::ScopedValue vy(scope, (*args)[2]); + + if (!vx->isNumber() || !vy->isNumber()) { + args->v4engine()->throwTypeError(); + return; + } - qreal x = (args->length() > 1) ? (v = (*args)[1])->asDouble() : 0; - qreal y = (args->length() > 2) ? (v = (*args)[2])->asDouble() : 0; + qreal x = vx->asDouble(); + qreal y = vy->asDouble(); + + QVariant result; if (args->length() > 3) { - qreal w = (v = (*args)[3])->asDouble(); - qreal h = (args->length() > 4) ? (v = (*args)[4])->asDouble() : 0; + QV4::ScopedValue vw(scope, (*args)[3]); + QV4::ScopedValue vh(scope, (*args)[4]); + if (!vw->isNumber() || !vh->isNumber()) { + args->v4engine()->throwTypeError(); + return; + } + qreal w = vw->asDouble(); + qreal h = vh->asDouble(); result = mapRectToItem(itemObj, QRectF(x, y, w, h)); } else { -- cgit v1.2.3