Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: P1: Critical
Fix Version/s: 6.5, 6.6.1, 6.7.0 FF
Affects Version/s: 6.6.0
Component/s: QML: Declarative and Javascript Engine
Labels:
None

Commits:
ba6ddfab5 (dev), b76cb7cb6 (6.6)

Description

QQmlScriptString::operator==(const QQmlScriptString &) crashes if other is invalid, i.e. has a null d-pointer. It has a guard against its own d being null, but not against the other.d being null:

bool QQmlScriptString::operator==(const QQmlScriptString &other) const
{
    if (d == other.d)
        return true;
    if (!d)
        return false;

    // boom if other.d == nullptr
    if (d->isNumberLiteral || other.d->isNumberLiteral)
        return d->isNumberLiteral && other.d->isNumberLiteral && d->numberValue == other.d->numberValue;

    ...

This effectively breaks all QQmlScriptString comparisons.

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

For Gerrit Dashboard: QTBUG-118591
#	Subject	Branch	Project	Status	CR	V
514458,5	QQmlScriptString: Guard operator== against nullptr	dev	qt/qtdeclarative	Status: MERGED	+2	0
515113,2	QQmlScriptString: Guard operator== against nullptr	6.6	qt/qtdeclarative	Status: MERGED	+2	0

Activity

People

Assignee:: Fabian Kosmale

Reporter:: Arno Rehn

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 27 Oct '23 11:57

Updated:: 02 Nov '23 15:55

Resolved:: 31 Oct '23 17:44

Gerrit Reviews

There are no open Gerrit changes

Show There are 2 closed Gerrit changes

Hide There are 2 closed Gerrit changes

QQmlScriptString: Guard operator== against nullptr: Gerrit Review:

QQmlScriptString: Guard operator== against nullptr: Gerrit Review: