qt/qtdeclarative.git, branch 6.9 Qt Declarative (Quick 2) Increase robustness of <img> tag in Text component 2025-11-20T07:12:11+00:00 Eskil Abrahamsen Blomfeldt eskil.abrahamsen-blomfeldt@qt.io 2025-10-29T08:43:40+00:00 855f02c96d3c089ea7c0010ebbe4b29fab9cc1ba For Text.StyledText, there was no protection against <img> tags with very large widths or heights. This could cause an application to spend a very long time processing a layout and sometimes crash if the size was too large. We reuse the internal coord limit in QPainter as our maximum size here, similar to what we do in Qt Svg for instance. For Text.RichText, there were no issues in release builds, but in debug builds, you could trigger an overflow assert when rounding the number if it exceeded INT_MAX. For this, we simply cap the width and height at INT_MAX. Fixes: QTBUG-141515 Change-Id: I4bcba16158f5f495a0de38963316effc4c46aae1 Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io> (cherry picked from commit 4aaf9bf21f7cc69d73066785e254b664fcc82025) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> (cherry picked from commit 907c7ceb7b27586039262567273efd5ec79e6202) Reviewed-by: Antti Kokko <antti.kokko@qt.io> 
For Text.StyledText, there was no protection against <img> tags
with very large widths or heights. This could cause an application
to spend a very long time processing a layout and sometimes crash
if the size was too large.

We reuse the internal coord limit in QPainter as our maximum size
here, similar to what we do in Qt Svg for instance.

For Text.RichText, there were no issues in release builds, but in
debug builds, you could trigger an overflow assert when rounding
the number if it exceeded INT_MAX. For this, we simply cap the
width and height at INT_MAX.

Fixes: QTBUG-141515
Change-Id: I4bcba16158f5f495a0de38963316effc4c46aae1
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
(cherry picked from commit 4aaf9bf21f7cc69d73066785e254b664fcc82025)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 907c7ceb7b27586039262567273efd5ec79e6202)
Reviewed-by: Antti Kokko <antti.kokko@qt.io>
Rich text: Limit size of text object 2025-11-19T06:04:50+00:00 Eskil Abrahamsen Blomfeldt eskil.abrahamsen-blomfeldt@qt.io 2025-10-31T08:08:51+00:00 5a263603c34387d3b93dd03985490dd3d1131644 When we draw a text object, we need to store this in RAM since the QTextObjectInterface is QPainter-based. This could lead to over-allocation if the text object size was set to be very large. We use the existing image IO infrastructure for making sure allocations are within reasonable (and configurable) limits. Task-number: QTBUG-141515 Change-Id: Ieae06a9e92a7bd078d22ab2314889201c2049122 Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io> (cherry picked from commit 144ce34e846b3f732bdb003f99b1f9455425416f) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> (cherry picked from commit c3a07c99f9d2328cee4aa48a51d261d243b50d85) Reviewed-by: Akseli Salovaara <akseli.salovaara@qt.io> 
When we draw a text object, we need to store this in RAM
since the QTextObjectInterface is QPainter-based. This
could lead to over-allocation if the text object size
was set to be very large. We use the existing image IO
infrastructure for making sure allocations are within
reasonable (and configurable) limits.

Task-number: QTBUG-141515
Change-Id: Ieae06a9e92a7bd078d22ab2314889201c2049122
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
(cherry picked from commit 144ce34e846b3f732bdb003f99b1f9455425416f)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit c3a07c99f9d2328cee4aa48a51d261d243b50d85)
Reviewed-by: Akseli Salovaara <akseli.salovaara@qt.io>
Update dependencies on '6.9' in qt/qtdeclarative 2025-11-19T06:04:46+00:00 Qt Submodule Update Bot qt_submodule_update_bot@qt-project.org 2025-11-18T16:29:30+00:00 3aeacf9ba7da67be1967e91e718af845ff22edd6 Change-Id: I75698ef54d4d974dcbb92f97b0bb991e97c5866a Reviewed-by: Antti Kokko <antti.kokko@qt.io> 
Change-Id: I75698ef54d4d974dcbb92f97b0bb991e97c5866a
Reviewed-by: Antti Kokko <antti.kokko@qt.io>
Add security header for src/qmldom 2025-09-17T17:03:36+00:00 Semih Yavuz semih.yavuz@qt.io 2025-09-16T11:13:56+00:00 e07a6a03baee39bbec7a3065e626a923f1406abf There is no security critic code in qmldom. Everything remains at the default "signicant" security level. Exception is one file containing only headers marked "insignificant". QUIP: 23 Fixes: QTBUG-136197 Pick-to: 6.8 Change-Id: Ied3f8f9299b8c429e903922b815ee5db8f2d1a9e Reviewed-by: Ulf Hermann <ulf.hermann@qt.io> (cherry picked from commit 14785c28679923e82f9047331235b6181609bad1) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> (cherry picked from commit 315da2e6c219402f9d74305e314f4fcc2c4249c4) 
There is no security critic code in qmldom. Everything remains
at the default "signicant" security level. Exception is one file
containing only headers marked "insignificant".

QUIP: 23
Fixes: QTBUG-136197
Pick-to: 6.8
Change-Id: Ied3f8f9299b8c429e903922b815ee5db8f2d1a9e
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
(cherry picked from commit 14785c28679923e82f9047331235b6181609bad1)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 315da2e6c219402f9d74305e314f4fcc2c4249c4)
Add security header for src/qmlformat 2025-09-17T17:03:30+00:00 Semih Yavuz semih.yavuz@qt.io 2025-09-16T11:13:56+00:00 354f325821de619781f0e96129bb7af29d25ab66 There is no security critic code in qmlformat. Everything remains at the default "signicant" security level. QUIP: 23 Fixes: QTBUG-136198 Pick-to: 6.8 Change-Id: Iac1c84748bc98a9c921fc8ae895a2dcd53d01270 Reviewed-by: Ulf Hermann <ulf.hermann@qt.io> (cherry picked from commit b855223eda6c124a08eea50163cc475b552da7f1) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> (cherry picked from commit 1d147f41031d0fb68a4658f6a1a2be9b9c37d0c6) 
There is no security critic code in qmlformat. Everything remains
at the default "signicant" security level.

QUIP: 23
Fixes: QTBUG-136198
Pick-to: 6.8
Change-Id: Iac1c84748bc98a9c921fc8ae895a2dcd53d01270
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
(cherry picked from commit b855223eda6c124a08eea50163cc475b552da7f1)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 1d147f41031d0fb68a4658f6a1a2be9b9c37d0c6)
QtQml: Unregister QML animation timer on deletion 2025-09-17T17:03:29+00:00 Ulf Hermann ulf.hermann@qt.io 2025-09-08T11:37:06+00:00 b044144aef6ec78eb22ff124aa10f548f932e50f The QUnifiedTimer generally outlives the QML animation timer and needs to be notified about that latter's deletion. Otherwise it will hold a dangling pointer. Pick-to: 6.8 Fixes: QTBUG-136629 Change-Id: I52b7f2f3ae716128e4acac628ea29477fc17b677 Reviewed-by: Sami Shalayel <sami.shalayel@qt.io> Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io> (cherry picked from commit f94a727bd677e1869842a7edd0841aba9836a3c7) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> (cherry picked from commit 06360d905119b0f9d3f2eb979f43300940b07e95) 
The QUnifiedTimer generally outlives the QML animation timer and needs
to be notified about that latter's deletion. Otherwise it will hold a
dangling pointer.

Pick-to: 6.8
Fixes: QTBUG-136629
Change-Id: I52b7f2f3ae716128e4acac628ea29477fc17b677
Reviewed-by: Sami Shalayel <sami.shalayel@qt.io>
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
(cherry picked from commit f94a727bd677e1869842a7edd0841aba9836a3c7)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 06360d905119b0f9d3f2eb979f43300940b07e95)
Update dependencies on '6.9' in qt/qtdeclarative 2025-09-17T17:00:38+00:00 Qt Submodule Update Bot qt_submodule_update_bot@qt-project.org 2025-09-17T17:00:33+00:00 2eac2abc7ace8f23aa3bcd9c4e22a9772276bab4 Change-Id: If5889e30760426306938abb3a20378d0d714ee5d Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org> 
Change-Id: If5889e30760426306938abb3a20378d0d714ee5d
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
Update dependencies on '6.9' in qt/qtdeclarative 2025-09-16T13:31:55+00:00 Qt Submodule Update Bot qt_submodule_update_bot@qt-project.org 2025-09-16T13:31:51+00:00 deb5a7260b357652459dea2b771b91776a00a4ea Change-Id: Ife49dd0eb692e0b7fd38e2d17db83167a8066b5c Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org> 
Change-Id: Ife49dd0eb692e0b7fd38e2d17db83167a8066b5c
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
QmlCompiler: Guard against disappearing arrow functions 2025-09-16T01:49:52+00:00 Ulf Hermann ulf.hermann@qt.io 2025-09-11T07:17:18+00:00 37b529d2de0c5fc7c6ae57b92b2039a8c8635af0 You can override a QObject method with a JavaScript function and take away the JavaScript function later by swapping out objects. This should not crash. Fixes: QTBUG-140074 Change-Id: I85b17f4f619235024d0f1a27b4ff4128c7a57083 Reviewed-by: Sami Shalayel <sami.shalayel@qt.io> (cherry picked from commit 7105eb6d0d46949e235d213cfe77dda95f16c6c5) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> (cherry picked from commit d478f1112908e10780418ddefa81b5b80bfb53d7) 
You can override a QObject method with a JavaScript function and take
away the JavaScript function later by swapping out objects. This should
not crash.

Fixes: QTBUG-140074
Change-Id: I85b17f4f619235024d0f1a27b4ff4128c7a57083
Reviewed-by: Sami Shalayel <sami.shalayel@qt.io>
(cherry picked from commit 7105eb6d0d46949e235d213cfe77dda95f16c6c5)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit d478f1112908e10780418ddefa81b5b80bfb53d7)
QQ4A: Reduce amount of spam calls in tst_signallistener 2025-09-16T01:49:51+00:00 Petri Virkkunen petri.virkkunen@qt.io 2025-07-29T07:45:31+00:00 24335a40a75a17d44003791f7f914f1f5e849b32 To avoid filling the JNI global reference table limit on the CI, reduce the amount of signals emitted during the tst_signallistener spam call testcases. Fixes: QTBUG-138104 Change-Id: Iaeefcbef6447586578f2cf2cc8dbfcb7f4536818 Reviewed-by: Assam Boudjelthia <assam.boudjelthia@qt.io> (cherry picked from commit 21543ca52d4f542b82d62636812af2dae1497196) (cherry picked from commit 52f05965412a7e847b32ac773a46f20ebf5d34a1) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> 
To avoid filling the JNI global reference table limit on the CI,
reduce the amount of signals emitted during the tst_signallistener
spam call testcases.

Fixes: QTBUG-138104
Change-Id: Iaeefcbef6447586578f2cf2cc8dbfcb7f4536818
Reviewed-by: Assam Boudjelthia <assam.boudjelthia@qt.io>
(cherry picked from commit 21543ca52d4f542b82d62636812af2dae1497196)
(cherry picked from commit 52f05965412a7e847b32ac773a46f20ebf5d34a1)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>