From 60176efa7843fda048b2eb5d347fab0dd991e26d Mon Sep 17 00:00:00 2001 From: Simon Hausmann Date: Wed, 23 May 2018 12:55:11 +0200 Subject: Fix crash when incubating objects with non-existent initial properties When incubation is triggered from C++ and reaches the state of setting the initial properties (as supplied to incubateObject), we'd set engine->currentStackFrame to a CppStackFrame that provides access to the correct QML context. As we're not called from the interpreter, the v4Function pointer would be a null pointer. If during the initial property setting an exception is thrown (due to non-existent property access) and a back-trace is created, we'd end up dereferencing v4Function. Change-Id: I7f6b0ba7893bfb4186f55d4c213b4bb602d29aa0 Task-number: QTBUG-68416 Reviewed-by: Lars Knoll --- .../qml/qqmlcomponent/data/InitialPropertyTest.qml | 4 ++++ .../qqmlcomponent/data/nonExistentInitialProperty.qml | 9 +++++++++ tests/auto/qml/qqmlcomponent/tst_qqmlcomponent.cpp | 18 ++++++++++++++++++ 3 files changed, 31 insertions(+) create mode 100644 tests/auto/qml/qqmlcomponent/data/InitialPropertyTest.qml create mode 100644 tests/auto/qml/qqmlcomponent/data/nonExistentInitialProperty.qml (limited to 'tests/auto/qml/qqmlcomponent') diff --git a/tests/auto/qml/qqmlcomponent/data/InitialPropertyTest.qml b/tests/auto/qml/qqmlcomponent/data/InitialPropertyTest.qml new file mode 100644 index 0000000000..7de276f2d8 --- /dev/null +++ b/tests/auto/qml/qqmlcomponent/data/InitialPropertyTest.qml @@ -0,0 +1,4 @@ +import QtQml 2.0 +QtObject { + property bool ok: false +} diff --git a/tests/auto/qml/qqmlcomponent/data/nonExistentInitialProperty.qml b/tests/auto/qml/qqmlcomponent/data/nonExistentInitialProperty.qml new file mode 100644 index 0000000000..ef89e46088 --- /dev/null +++ b/tests/auto/qml/qqmlcomponent/data/nonExistentInitialProperty.qml @@ -0,0 +1,9 @@ +import QtQml 2.0 +QtObject { + property Component factory: Qt.createComponent(Qt.resolvedUrl("InitialPropertyTest.qml"), Component.PreferSynchronous) + property var incubator + function startIncubation() + { + incubator = factory.incubateObject(null, { ok: true, nonExistent: 42 }, Qt.Asynchronous) + } +} diff --git a/tests/auto/qml/qqmlcomponent/tst_qqmlcomponent.cpp b/tests/auto/qml/qqmlcomponent/tst_qqmlcomponent.cpp index 6a0dc28ca4..3a70890362 100644 --- a/tests/auto/qml/qqmlcomponent/tst_qqmlcomponent.cpp +++ b/tests/auto/qml/qqmlcomponent/tst_qqmlcomponent.cpp @@ -117,6 +117,7 @@ private slots: void recursion(); void recursionContinuation(); void callingContextForInitialProperties(); + void setNonExistentInitialProperty(); void relativeUrl_data(); void relativeUrl(); @@ -583,6 +584,23 @@ void tst_qqmlcomponent::callingContextForInitialProperties() QVERIFY(checker->scopeObject->metaObject()->indexOfProperty("incubatedObject") != -1); } +void tst_qqmlcomponent::setNonExistentInitialProperty() +{ + QQmlIncubationController controller; + QQmlEngine engine; + engine.setIncubationController(&controller); + QQmlComponent component(&engine, testFileUrl("nonExistentInitialProperty.qml")); + QScopedPointer obj(component.create()); + QVERIFY(!obj.isNull()); + QMetaObject::invokeMethod(obj.data(), "startIncubation"); + QJSValue incubatorStatus = obj->property("incubator").value(); + incubatorStatus.property("forceCompletion").callWithInstance(incubatorStatus); + QJSValue objectWrapper = incubatorStatus.property("object"); + QVERIFY(objectWrapper.isQObject()); + QPointer object(objectWrapper.toQObject()); + QVERIFY(object->property("ok").toBool()); +} + void tst_qqmlcomponent::relativeUrl_data() { QTest::addColumn("url"); -- cgit v1.2.3