Merge branch 'f27' into f26
This commit is contained in:
commit
471be0d95f
|
@ -0,0 +1,96 @@
|
|||
From bbf3c4715a1569b26a3aa029046e26989efd6edc Mon Sep 17 00:00:00 2001
|
||||
From: Mitch Curtis <mitch.curtis@qt.io>
|
||||
Date: Wed, 10 Jan 2018 15:42:01 +0100
|
||||
Subject: [PATCH 14/92] Fix crash when accessing a deleted object
|
||||
|
||||
In QObjectWrapper::query(), return QV4::Attr_Invalid if the object was
|
||||
deleted.
|
||||
|
||||
Task-number: QTBUG-44153
|
||||
Change-Id: I53e8be6196489c323b190dbfa20d2dda2a54315e
|
||||
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
||||
---
|
||||
src/qml/jsruntime/qv4qobjectwrapper.cpp | 4 ++++
|
||||
.../qml/qqmllanguage/data/accessDeletedObject.qml | 12 +++++++++++
|
||||
tests/auto/qml/qqmllanguage/tst_qqmllanguage.cpp | 24 ++++++++++++++++++++++
|
||||
3 files changed, 40 insertions(+)
|
||||
create mode 100644 tests/auto/qml/qqmllanguage/data/accessDeletedObject.qml
|
||||
|
||||
diff --git a/src/qml/jsruntime/qv4qobjectwrapper.cpp b/src/qml/jsruntime/qv4qobjectwrapper.cpp
|
||||
index 326381f38..89c10e099 100644
|
||||
--- a/src/qml/jsruntime/qv4qobjectwrapper.cpp
|
||||
+++ b/src/qml/jsruntime/qv4qobjectwrapper.cpp
|
||||
@@ -651,6 +651,10 @@ void QObjectWrapper::put(Managed *m, String *name, const Value &value)
|
||||
PropertyAttributes QObjectWrapper::query(const Managed *m, String *name)
|
||||
{
|
||||
const QObjectWrapper *that = static_cast<const QObjectWrapper*>(m);
|
||||
+ const QObject *thatObject = that->d()->object();
|
||||
+ if (QQmlData::wasDeleted(thatObject))
|
||||
+ return QV4::Object::query(m, name);
|
||||
+
|
||||
ExecutionEngine *engine = that->engine();
|
||||
QQmlContextData *qmlContext = engine->callingQmlContext();
|
||||
QQmlPropertyData local;
|
||||
diff --git a/tests/auto/qml/qqmllanguage/data/accessDeletedObject.qml b/tests/auto/qml/qqmllanguage/data/accessDeletedObject.qml
|
||||
new file mode 100644
|
||||
index 000000000..e5151096e
|
||||
--- /dev/null
|
||||
+++ b/tests/auto/qml/qqmllanguage/data/accessDeletedObject.qml
|
||||
@@ -0,0 +1,12 @@
|
||||
+import QtQuick 2.0
|
||||
+
|
||||
+Item {
|
||||
+ id: root
|
||||
+
|
||||
+ Component.onCompleted: {
|
||||
+ var createdObject = objectCreator.create()
|
||||
+ createdObject.del()
|
||||
+ // Shouldn't crash.
|
||||
+ var test = "index" in createdObject
|
||||
+ }
|
||||
+}
|
||||
diff --git a/tests/auto/qml/qqmllanguage/tst_qqmllanguage.cpp b/tests/auto/qml/qqmllanguage/tst_qqmllanguage.cpp
|
||||
index b1a17afd2..1af57f924 100644
|
||||
--- a/tests/auto/qml/qqmllanguage/tst_qqmllanguage.cpp
|
||||
+++ b/tests/auto/qml/qqmllanguage/tst_qqmllanguage.cpp
|
||||
@@ -269,6 +269,8 @@ private slots:
|
||||
|
||||
void concurrentLoadQmlDir();
|
||||
|
||||
+ void accessDeletedObject();
|
||||
+
|
||||
private:
|
||||
QQmlEngine engine;
|
||||
QStringList defaultImportPathList;
|
||||
@@ -4571,6 +4573,28 @@ void tst_qqmllanguage::concurrentLoadQmlDir()
|
||||
engine.setImportPathList(defaultImportPathList);
|
||||
}
|
||||
|
||||
+// Test that deleting an object and then accessing it doesn't crash.
|
||||
+// QTBUG-44153
|
||||
+class ObjectCreator : public QObject
|
||||
+{
|
||||
+ Q_OBJECT
|
||||
+public slots:
|
||||
+ QObject *create() { return (new ObjectCreator); }
|
||||
+ void del() { delete this; }
|
||||
+};
|
||||
+
|
||||
+void tst_qqmllanguage::accessDeletedObject()
|
||||
+{
|
||||
+ QQmlEngine engine;
|
||||
+
|
||||
+ engine.rootContext()->setContextProperty("objectCreator", new ObjectCreator);
|
||||
+ QQmlComponent component(&engine, testFileUrl("accessDeletedObject.qml"));
|
||||
+ VERIFY_ERRORS(0);
|
||||
+
|
||||
+ QScopedPointer<QObject> o(component.create());
|
||||
+ QVERIFY(!o.isNull());
|
||||
+}
|
||||
+
|
||||
QTEST_MAIN(tst_qqmllanguage)
|
||||
|
||||
#include "tst_qqmllanguage.moc"
|
||||
--
|
||||
2.14.3
|
||||
|
|
@ -0,0 +1,41 @@
|
|||
From 73e8321255d9f0e70529a58c10dbaf4790a9a659 Mon Sep 17 00:00:00 2001
|
||||
From: David Edmundson <davidedmundson@kde.org>
|
||||
Date: Tue, 6 Mar 2018 10:56:23 +0000
|
||||
Subject: [PATCH 28/29] Rebuild property cache in QObjectWrapper::getProperty
|
||||
if deleted
|
||||
|
||||
QQmlData is shared between engines, but the relevant QObjectWrapper is
|
||||
not.
|
||||
|
||||
Since 749a7212e903d8e8c6f256edb1836b9449cc7fe1 when a QObjectWrapper is
|
||||
deleted it resets the shared QQmlData propertyCache.
|
||||
|
||||
ab5d4c78224c9ec79165e8890e5f8b8e838e0709 fixed this situation for
|
||||
bindings, however we would still hit effectively the same crash in the
|
||||
same situation if a function is evaluated before a binding.
|
||||
|
||||
Change-Id: I20cd91cd8e31fd0176d542822c67e81a790599ba
|
||||
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
||||
---
|
||||
src/qml/jsruntime/qv4qobjectwrapper.cpp | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/src/qml/jsruntime/qv4qobjectwrapper.cpp b/src/qml/jsruntime/qv4qobjectwrapper.cpp
|
||||
index 5ebd385cf..c1bbe2a33 100644
|
||||
--- a/src/qml/jsruntime/qv4qobjectwrapper.cpp
|
||||
+++ b/src/qml/jsruntime/qv4qobjectwrapper.cpp
|
||||
@@ -335,6 +335,11 @@ ReturnedValue QObjectWrapper::getProperty(ExecutionEngine *engine, QObject *obje
|
||||
if (!ddata)
|
||||
return QV4::Encode::undefined();
|
||||
|
||||
+ if (Q_UNLIKELY(!ddata->propertyCache)) {
|
||||
+ ddata->propertyCache = QQmlEnginePrivate::get(engine)->cache(object->metaObject());
|
||||
+ ddata->propertyCache->addref();
|
||||
+ }
|
||||
+
|
||||
QQmlPropertyCache *cache = ddata->propertyCache;
|
||||
Q_ASSERT(cache);
|
||||
QQmlPropertyData *property = cache->property(propertyIndex);
|
||||
--
|
||||
2.14.3
|
||||
|
|
@ -0,0 +1,46 @@
|
|||
From 4909773f8162de49830d65e886747c11fff72934 Mon Sep 17 00:00:00 2001
|
||||
From: Lars Knoll <lars.knoll@qt.io>
|
||||
Date: Tue, 20 Mar 2018 12:46:58 +0100
|
||||
Subject: [PATCH 29/29] Fix calling Qt.binding() on bound functions
|
||||
|
||||
Calling Qt.binding() on a bound function object is a valid use
|
||||
case and used to work until Qt 5.8.
|
||||
|
||||
The problem was that we optimized the code in QQmlBinding and
|
||||
QQmlJavascriptExpression to directly work on a QV4::Function,
|
||||
so this wouldn't work anymore.
|
||||
|
||||
To fix this make sure recursive calls to Function.bind() are
|
||||
unrolled (so that the BoundFunction's target is never a bound
|
||||
function itself), then add the bound function as an optional
|
||||
member to the QQmlBinding and use it's bound arguments if
|
||||
present.
|
||||
|
||||
Task-number: QTBUG-61927
|
||||
Change-Id: I472214ddd82fc2a1212efd9b769861fc43d2ddaf
|
||||
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
||||
---
|
||||
src/qml/jsruntime/qv4qobjectwrapper.cpp | 5 ++++-
|
||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/qml/jsruntime/qv4qobjectwrapper.cpp b/src/qml/jsruntime/qv4qobjectwrapper.cpp
|
||||
index c1bbe2a33..816c259b9 100644
|
||||
--- a/src/qml/jsruntime/qv4qobjectwrapper.cpp
|
||||
+++ b/src/qml/jsruntime/qv4qobjectwrapper.cpp
|
||||
@@ -460,9 +460,12 @@ void QObjectWrapper::setProperty(ExecutionEngine *engine, QObject *object, QQmlP
|
||||
|
||||
QV4::Scoped<QQmlBindingFunction> bindingFunction(scope, (const Value &)f);
|
||||
|
||||
+ QV4::ScopedFunctionObject f(scope, bindingFunction->bindingFunction());
|
||||
QV4::ScopedContext ctx(scope, bindingFunction->scope());
|
||||
- newBinding = QQmlBinding::create(property, bindingFunction->function(), object, callingQmlContext, ctx);
|
||||
+ newBinding = QQmlBinding::create(property, f->function(), object, callingQmlContext, ctx);
|
||||
newBinding->setSourceLocation(bindingFunction->currentLocation());
|
||||
+ if (f->isBoundFunction())
|
||||
+ newBinding->setBoundFunction(static_cast<QV4::BoundFunction *>(f.getPointer()));
|
||||
newBinding->setTarget(object, *property, nullptr);
|
||||
}
|
||||
}
|
||||
--
|
||||
2.14.3
|
||||
|
|
@ -14,7 +14,7 @@
|
|||
Summary: Qt5 - QtDeclarative component
|
||||
Name: qt5-%{qt_module}
|
||||
Version: 5.9.4
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
|
||||
# See LICENSE.GPL LICENSE.LGPL LGPL_EXCEPTION.txt, for details
|
||||
License: LGPLv2 with exceptions or GPLv3 with exceptions
|
||||
|
@ -42,6 +42,14 @@ Patch100: qtdeclarative-leak.patch
|
|||
# so revert this offending commit (for now)
|
||||
Patch111: 0111-Fix-qml-cache-invalidation-when-changing-dependent-C.patch
|
||||
|
||||
# post v5.9.4 fix (5.9 branch)
|
||||
Patch114: 0014-Fix-crash-when-accessing-a-deleted-object.patch
|
||||
|
||||
# 5.11 branch fixes
|
||||
Patch128: 0028-Rebuild-property-cache-in-QObjectWrapper-getProperty.patch
|
||||
Patch129: 0029-Fix-calling-Qt.binding-on-bound-functions.patch
|
||||
|
||||
|
||||
## upstreamable patches
|
||||
# use system double-conversation
|
||||
# https://bugs.kde.org/show_bug.cgi?id=346118#c108
|
||||
|
@ -109,6 +117,9 @@ Requires: %{name}%{?_isa} = %{version}-%{release}
|
|||
|
||||
%patch111 -p1 -R -b .0111
|
||||
|
||||
%patch114 -p1 -b .0014
|
||||
%patch128 -p1 -b .0028
|
||||
%patch129 -p1 -b .0029
|
||||
|
||||
%patch201 -p0 -b .kdebug346118
|
||||
%patch202 -p1 -b .no_sse2_non_fatal
|
||||
|
@ -239,6 +250,9 @@ make check -k -C tests ||:
|
|||
|
||||
|
||||
%changelog
|
||||
* Thu Apr 19 2018 Rex Dieter <rdieter@fedoraproject.org> - 5.9.4-3
|
||||
- backport qv4qobjectwrapper fixes
|
||||
|
||||
* Tue Apr 03 2018 Rex Dieter <rdieter@fedoraproject.org> - 5.9.4-2
|
||||
- pull in candidate memleak fix (review#224684)
|
||||
|
||||
|
|
Loading…
Reference in New Issue