Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: P1: Critical
Fix Version/s: 6.8.0 Beta3, 6.8, 6.9.0 FF
Affects Version/s: 6.8
Component/s: QML: Tooling
Labels:
None

Commits:
51de3b680 (dev), 21230d602 (6.8)

Description

Given some QML file such as:

import QtQuick

Item {}

Loading that file with `QQmlComponent` and then calling `createWithInitialProperties` and passing a string that contains a dot, for example:

component.createWithInitialProperties({{".", 10}});

component.createWithInitialProperties({{"foo.bar", 10}});

Will crash the application with an out of bound access.

This an example trace from the attached project:

#0  0x00007ffff664981c in QV4::Heap::Pointer<QV4::Heap::InternalClass*, 0ul>::get (this=0x0) at /home/luca/Documents/qt5/qtdeclarative/src/qml/memory/qv4heap_p.h:45
#1  0x00007ffff6648d32 in QV4::Heap::Pointer<QV4::Heap::InternalClass*, 0ul>::operator-> (this=0x0) at /home/luca/Documents/qt5/qtdeclarative/src/qml/memory/qv4heap_p.h:36
#2  0x00007ffff6647be2 in QV4::Heap::Object::vtable (this=0x0) at /home/luca/Documents/qt5/qtdeclarative/src/qml/jsruntime/qv4object_p.h:41
#3  0x00007ffff664fa3e in QV4::Object::vtable (this=0x7fffea3bc4e8) at /home/luca/Documents/qt5/qtdeclarative/src/qml/jsruntime/qv4object_p.h:132
#4  0x00007ffff666e318 in QV4::Object::put (this=0x7fffea3bc4e8, name=0x7fffea3bc4f0, v=..., receiver=0x7fffea3bc4e8) at /home/luca/Documents/qt5/qtdeclarative/src/qml/jsruntime/qv4object_p.h:281
#5  0x00007ffff68d270a in QQmlComponentPrivate::setInitialProperty (this=0x5555555a45d0, base=0x5555555aa0b0, name=..., value=...) at /home/luca/Documents/qt5/qtdeclarative/src/qml/qml/qqmlcomponent.cpp:386
#6  0x00007ffff68d71db in QQmlComponent::setInitialProperties (this=0x7fffffffdec0, component=0x5555555aa0b0, properties=...) at /home/luca/Documents/qt5/qtdeclarative/src/qml/qml/qqmlcomponent.cpp:1481
#7  0x00007ffff68d478f in QQmlComponentPrivate::createWithProperties (this=0x5555555a45d0, parent=0x0, properties=..., context=0x0, behavior=QQmlComponentPrivate::CreateDefault) at /home/luca/Documents/qt5/qtdeclarative/src/qml/qml/qqmlcomponent.cpp:957
#8  0x00007ffff68d4617 in QQmlComponent::createWithInitialProperties (this=0x7fffffffdec0, initialProperties=..., context=0x0) at /home/luca/Documents/qt5/qtdeclarative/src/qml/qml/qqmlcomponent.cpp:930
#9  0x00005555555567a3 in main (argc=1, argv=0x7fffffffe0b8) at /home/luca/Documents/crash_on_dot/main.cpp:15

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

crash_on_dot.tar.gz
0.7 kB
29 Mar '24 13:56

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

For Gerrit Dashboard: QTBUG-123861
#	Subject	Branch	Project	Status	CR	V
577340,9	QQmlComponent: Reject nested properties in setInitialProperties	dev	qt/qtdeclarative	Status: MERGED	+2	+1
578378,2	QQmlComponent: Reject nested properties in setInitialProperties	6.8	qt/qtdeclarative	Status: MERGED	+2	0

Activity

People

Assignee:: Olivier De Cannière

Reporter:: Luca Di Sera

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 29 Mar '24 13:57

Updated:: 24 Jul '24 03:42

Resolved:: 23 Jul '24 19:15

Gerrit Reviews

There are no open Gerrit changes

Show There are 2 closed Gerrit changes

Hide There are 2 closed Gerrit changes

QQmlComponent: Reject nested properties in setInitialProperties: Gerrit Review:

QQmlComponent: Reject nested properties in setInitialProperties: Gerrit Review: