| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
startSystemMove() and startSystemResize() are callable from QML but
were undocumented.
This change adds \qmlmethod documentation under the Window type.
Pick-to: 6.8 6.9 6.10
Fixes: QTBUG-126558
Change-Id: Ib34a25fa3f9e12cc6fab85732c852a81448dcc4b
Reviewed-by: Tor Arne Vestbø <[email protected]>
Reviewed-by: Safiyyah Moosa <[email protected]>
|
| |
|
|
|
|
| |
Pick-to: 6.10 6.9 6.8 6.5
Change-Id: I6dfa9c0abf4bef736c39caee578b630efdea748d
Reviewed-by: Timur Pocheptsov <[email protected]>
|
| |
|
|
|
| |
Change-Id: I8e98b349b18e18d6b0ced0446c2478ea8d37c5bc
Reviewed-by: Qt Submodule Update Bot <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
when building without exceptions, yoga will std::terminate, but it fails
to include the required header.
Pick-to: 6.10 6.10.0
Change-Id: Ia808898d07d08b9d81184696068bbda65ba330d2
Reviewed-by: Santhosh Kumar <[email protected]>
|
| |
|
|
|
|
|
|
| |
QUIP: 23
Task-number: QTBUG-136184
Pick-to: 6.10 6.8
Change-Id: I1667422991e98c7f3c0c72654dc7b4df2c23361b
Reviewed-by: Oliver Eftevaag <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to determine whether an ID is visible from a referrer we need
not only determine the component boundaries of the referrer, but also
those of the candidate elements with the respective ID. Rewrite the
logic to have QQmlJSScopesById handle this. It has to iterate the
respective elements anyway and can therefore easily check if one of them
is assigned to an unknown property. It now provides low-level methods
that output all possible candidates for an ID, while also stating the
confidence associated with them. The plain id() and scope() methods only
return results we are actually certain about.
In places where we generate warnings or can allow for some fuzzy
results, we use the low-level methods, since those generally produce
more informative results.
The QML DOM was passing the JavaScript global object as referrer to the
scope() method before. This happened to work but was, of course, wrong.
Make sure that ID elements in the DOM receive a proper QML scope to
avoid that.
Pick-to: 6.10 6.9 6.8
Task-number: QTBUG-140041
Change-Id: I41cf8603ae6a5d5461d3c12d74521e68b5e28ea4
Reviewed-by: Sami Shalayel <[email protected]>
Reviewed-by: Olivier De Cannière <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
Don't search C++ headers on fallback code model: the url is empty so it
seems we end up searching the current working directory(?) of qmlls for
C++ headers. This might have caused some flakyness in
tst_qmlls_qqmlcodemodel where some unrelated tests timeout because of
this useless search.
Change-Id: I0a5c9071cdd5a2f06f5ef8b392b2091b357e4887
Reviewed-by: Ulf Hermann <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
Mark all files as significant.
Pick-to: 6.10 6.9 6.8
Task-number: QTBUG-136187
Change-Id: I655241e8fd460f423c230b3ae2979246f4ffc841
Reviewed-by: Ulf Hermann <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mark all files as significant.
Use reason:trusted-sources on files that spawn QProcess or parse data:
* qdochtmlparser.cpp parses content obtained from the QHelpEngine,
which is a trusted source
* qqmlcodemodel is used to spawn QProcesses that runs CMake (which is
a trusted source) with arguments from
QQmlLSUtils::cmakeBuildCommand(const QString &path) (which is also a
trusted source) or trusted hard-coded arguments.
Pick-to: 6.10 6.9 6.8
Fixes: QTBUG-136201
Change-Id: I3f2ff1dfc208224baff6fe88b337fe24c44b599a
Reviewed-by: Ulf Hermann <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The TestResult type has never been documented, but the source code
contains QDoc documentation comments for a number of its properties.
Add a \qmltype topic for the type and mark it \internal, to remove
QDoc warnings such as
quicktestresult.cpp:184: (qdoc) warning: No output generated for QML
property 'TestResult::testCaseName' because 'TestResult' is
undocumented
Change-Id: I4021c482f145e591c2c8434ff016d547fc465ad9
Reviewed-by: Andreas Eliasson <[email protected]>
Reviewed-by: Mitch Curtis <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix linking issues in qqmlsortfilterproxymodel.cpp:
qqmlsortfilterproxymodel.cpp:86: (qdoc) warning: Can't link to
'SortFilterProxyModel::setPrimarySorter(sorter)'
qqmlsortfilterproxymodel.cpp:343: (qdoc) warning: Can't link to
'recursiveFilteringEnabled'
Add an \internal class topic for private class QQmlSortFilterProxyModel.
This removes warnings such as:
qqmlsortfilterproxymodel.cpp:287: (qdoc) warning: No output generated
for 'QQmlSortFilterProxyModel::~QQmlSortFilterProxyModel()'
because 'QQmlSortFilterProxyModel' is undocumented
Pick-to: 6.10
Change-Id: I6ea3a6be606a5fdff18750beab28cdb16dba9755
Reviewed-by: Mate Barany <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes build error from testing for an unknown feature flag, i.e.
tst_qmltyperegistrar.cpp:1439:6: error: division by zero in preprocessor
expression
As it's a private feature, include a private header.
Pick-to: 6.10
Change-Id: I6112d73ebb738a555c05211d8f6c29a053de7b39
Reviewed-by: Fabian Kosmale <[email protected]>
Reviewed-by: Mårten Nordheim <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
Avoid using split().size() and a QString and directly use count(). Avoid
unnecessary copies of bPath on the stack by using a reference, and only
stringappend "_deps" to the current build folder once. Also use
QDirListing instead of creating a QDir to avoid creating an extra
temporary list.
Change-Id: Ie3bb05d8c70a0aa8380001ea76f77faa114aba18
Reviewed-by: Fabian Kosmale <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Component.onCompleted: {
if(true) /* true */ {
// the true clause
} else {
// the else clause
}
}
was formatted to :
Component.onCompleted: {
if (true /* true */)
// the true clause
{} else
// the else clause
{}
}
Add a new parameter to outWithComments that allows to change the
indentation. The use cases are:
```
{
// 1) some comment attached to '{'
...
// 2) some comment attached to '}'
}
```
For 1), IncreaseIndentation prints '{' and then increase the
indentation before printing any post comment.
For 2), DecreaseIndentation prints the pre comments, decrease the
indentation and then proceed with '}' and potential post comments.
This allows to print the comments attached to `{}` tokens with the
correct indentation.
Also adapt a test to the new comment behavior on blocks.
Pick-to: 6.10
Task-number: QTCREATORBUG-33333
Task-number: QTBUG-123386
Change-Id: If8dd483a520c3bd25e161f3cec05530c1460bb80
Initial-patch-by: Xavier BESSON <[email protected]>
Reviewed-by: Olivier De Cannière <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The parser for QML allows the specification of type hints on a series of
callable elements; such as functions defined as part of a QML type.
It is possible, for example, to provide an hint for the return type of a
function expression, anonymous or not, such as:
```
import QtQml
QtObject {
property var: function (lhs: int, rhs: int)): int { return lhs + rhs; }
}
```
While this parses correctly, the return type annotation is currently
discarded as part of the parsing process, such that in turn it is
invisible to the engine when managing the function.
Hence, ensure that the return type annotation for function expressions
is preserved during the parsing process so that it can later be visible
to the engine.
In particular, the AST node that represents this kind of element can
already store a type annotation that refers to its return type and later
down the line, the code generation phase is already able to take into
account the annotation when it builds its representation of the function.
Nonetheless, that storage is currently purposefully not used in the
cases we are interested into, albeit it is in other cases that might be
considered more common.
This is most probably, albeit nowhere near certainly, due to simple
historical reasons and partial implementations related to type hints.
Thus, ensure that the return type annotation is correctly preserved and
stored for `FunctionExpression` rules during the parsing process, such
that it can later be recognized and used by the engine.
A few test cases related to the return type annotation were added.
Pick-to: 6.10
Task-number: QTBUG-137944
Change-Id: I6133bb286a916d0687ff5d5542b9aa769cfd493b
Reviewed-by: Ulf Hermann <[email protected]>
Reviewed-by: Sami Shalayel <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
No security critical issues identified for the qt labs platform.
QUIP: 23
Task-number: QTBUG-136184
Pick-to: 6.10 6.9 6.8
Change-Id: If2d0e6991463ed9994fba8adbc3eef848984ab45
Reviewed-by: MohammadHossein Qanbari <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current documentation for the qmlformat tool uses two separate
tables to list the available command line options and the available
settings file variables.
Some of the content is duplicated between the two tables, as the
settings file variables always have an equivalent command line option to
configure the same behavior.
Despite the duplication, the two tables aren't entirely in sync and
don't necessarily provide the same amount of information.
For example, the command line options table misses some of the default
value for certain configurable behaviors or, similarly, certain
descriptions might be more thorough in one table rather than the other.
Since both tables generally should present the same information for
those features that can be configured both from a command line option
and from a settings file variable, as they present two different but
supposedly equivalent interfaces to the same feature, the tables are now
unified into one, so as to ensure that the description and default value
for the relevant elements can more easily remain in sync, further
reducing the unnecessary duplication between the tables.
In particular, the command line options table was expanded with an
additional column, `Setting Name`, that is set to "N/A" when the
command line option has no equivalent settings file variable and
contains the relevant variable name, taken from the other table, when it
does.
The default values for the relevant element were moved from the
settings file table to the now unified table where necessary.
Since the command line options use flags for boolean variables, where a
behavior is implicitly disabled unless the flag itself is present as
part of the invocation, the meaning of "a default value of false" could
be confusing, possibly suggesting that the user could pass a "false" or
"true" value to the flag to set the behavior.
To avoid this confusion, the "Default Value" column was modified to be a
"Default State/Value" column, and the cell for rows that are affected by
the above issues were modified to be defined as "disabled/false",
hopefully making it more explicit that there is a difference between the
state-based command line usage and the value-based settings file usage.
The description for elements of the above kind was extended to be more
specific about the difference in usage with regards to a command line
invocation and a settings file customization.
The descriptions for the relevant element were brought over from the
settings file table where they either provided additional information or
provided stronger layout for the presented information.
The original settings file table was removed as its information is now
embedded in the unified table.
A "\target qmlformat-settings" command that pointed to the now removed
settings file table was removed as it was unused in the project,
with the consideration that the unified table already provides a
"\target" that can be linked to if necessary.
The title of the section presenting the table was modified to "Options
and settings" to explicit the presence of the new unified information.
A phrase referring to the command line options table as presenting the
available command line options was modified to explicit the presence, in
the now unified table, of both command line options and settings file
variables.
Fixes: QTBUG-139125
Change-Id: Iedcc9ee0a1b3a70417db10736cef4a2955b43750
Reviewed-by: Paul Wicking <[email protected]>
Reviewed-by: Sami Shalayel <[email protected]>
|
| |
|
|
|
|
| |
Change-Id: I84881eca74ebd0876deafedc7498dc3cafdc6474
Reviewed-by: Anton Kudryavtsev <[email protected]>
Reviewed-by: Eskil Abrahamsen Blomfeldt <[email protected]>
|
| |
|
|
|
| |
Change-Id: Ifa3c7a1aa81aec501b5a3ef5801d49242f78f55b
Reviewed-by: Qt Submodule Update Bot <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If the binding throws an exception, the binding wrapper internally
returns false. This should result in the value being ignored, but wasn't
for QObjectCompatProperty targets. That was fixed with
440a63a33e7176167d91244467fa380bae684173. However the test assumed that
the binding would instead evaluate the error to an empty string. Adjust
the condition to properly handle that.
Change-Id: I6ff38c913866edbc9632bb854db00c29af036c82
Reviewed-by: Olivier De Cannière <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If the binding throws an exception, the binding wrapper internally
returns false. This should result in the value being discarded. We had a
long standing bug in qtbase that caused the value to still be accepted
in certain cases. Commit 440a63a33e7176167d91244467fa380bae684173 fixed
that.
Fixes: QTBUG-140161
Change-Id: Ib36a32909dc3d487bea887cb7f89d7fcfeca2031
Reviewed-by: Fabian Kosmale <[email protected]>
|
| |
|
|
|
| |
Change-Id: I82c6c648fce819e62adf13b39b80a65211795a4f
Reviewed-by: Sami Shalayel <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
The type of ValueFilter::value property been used with a variant type,
but the documentation incorrectly mentions it as string type. This patch
updates the correct type of this property.
Fixes: QTBUG-140143
Pick-to: 6.10
Change-Id: I15141d256657f33e9e6c06cc3819f300bb9ab11c
Reviewed-by: Mitch Curtis <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
We shouldn't include qtqml-config_p.h manually since it's not
header-guarded. And especially we shouldn't include it twice. Also,
sort and split the includes.
In order to resolve QT_CONFIG, we include qtqmlglobal_p.h or
qtqmlglobal.h.
Change-Id: I933d8eff8581e91859a8a178bf92caeec2959215
Reviewed-by: Olivier De Cannière <[email protected]>
Reviewed-by: Sami Shalayel <[email protected]>
|
| |
|
|
|
|
|
| |
Remove some code-duplication.
Change-Id: Id04e81211fa9c65dde2ba41bbda02411933463d8
Reviewed-by: Olivier De Cannière <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
This patch aims to extract the logic of transforming QV4::CompiledData::Property into QQmlPropertyData. Currently it's arguably a responsibility of QQmlPropertyCacheCreator because it is responsible for the resolution of property type, which is central to the creation of QQmlPropertyData.
Such refactoring allows more detailed and robust testing of irProperty -> QQmlPropertyData, which is handy in the context of QTBUG-98320 to make sure that property attributes are propagated correctly to the QQmlPropertyData (and later to the cache).
Change-Id: Iffdfd22f515016c61c087414f0c4530e43556091
Task-number: QTBUG-98320
Reviewed-by: Ulf Hermann <[email protected]>
|
| |
|
|
|
|
|
|
| |
Expected type is more expressive and suitable for the current usecases
than std::variant.
Change-Id: Ib07885ce6f32036f4719432c0e4b5a1c7294f2b2
Reviewed-by: Fabian Kosmale <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch aims to improve readability and maintainability of the logic
for deriving property type and flags before adding it to cache.
Now resolution of the type happens in one place and derivation of flags
in another one. This not only improves separation of concerns, but
also makes the dependency between attributes and type more
explicit and hopefully easier to follow.
Task-number: QTBUG-98320
Change-Id: I64424e959ee11aa5c9a90c8e9fd2ca1347715342
Reviewed-by: Fabian Kosmale <[email protected]>
Reviewed-by: Ulf Hermann <[email protected]>
Reviewed-by: Sami Shalayel <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The files (folders) already processed are listed in each issue in epic
QTBUG-134547
These files were processed half a year ago. In order to make it clear
that all of these files are already processed, mark them with an
explicit default security header.
For the record, this was generated with this script:
find -E . -regex ".*\.(cpp|h|hpp|mm|qml|js)$" | xargs python3 ~/bin/add-cra-header.py
in the folders listed in each subtask of QTBUG-134547
(add-cra-header.py only exist at my desktop, but it simply adds the
default security header if it doesn't already have any existing security
header)
QUIP: 23
Fixes: QTBUG-134547
Pick-to: 6.10 6.9 6.8
Change-Id: Ieb8c78ea6561fdbdd27c7b13185ece853eedf80f
Reviewed-by: Oliver Eftevaag <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
No critical security levels found.
QUIP: 23
Fixes: QTBUG-136206
Pick-to: 6.10 6.9 6.8
Change-Id: I1a29dab77678a45cd5fe7391124791cbf6aa6ca8
Reviewed-by: Mitch Curtis <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The FolderListModel operates with QFileInfo and QUrl interfaces to
provide file information in the provided path. The path used needs to be
validated by the application developer for any illegitimate access.
QUIP: 23
Task-number: QTBUG-136184
Pick-to: 6.10 6.9 6.8
Change-Id: I50a4737aa9193a5b9996a37cd865c49de7b84121
Reviewed-by: Oliver Eftevaag <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When selecting which files to automatically bundle in an Android
package, we look at the dependencies of the app and try to infer
which libraries are needed.
For plugins, which specific ones will be loaded is determined at
runtime, so we include any category of plugin that is used by
one or more of the application's dependencies. This is done by
setting the PLUGIN_TYPES of the module. If the application
depends on this module, it will then include all plugins of said
type. For instance, Qt Gui includes all "imageformats".
For vectorimageformats, we had put this dependency on the
VectorImage import, but since this is loaded at runtime, the
deployment tool was not able to determine the dependency on it.
We instead make it a dependency of Qt Quick instead. VectorImage
is technically a part of Qt Quick and any app depending on it
may want to load vector image formats.
Task-number: QTBUG-140187
Pick-to: 6.10
Change-Id: I2ab42a6c23710a97936ae39ace47b19411e2c6a8
Reviewed-by: Eirik Aavitsland <[email protected]>
Reviewed-by: Alexey Edelev <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The generated code may (and will) depend on QtQuick.Shapes, but
this cannot be determined by the Android deploy tool without some
help. This adds a dependency on that module so that you don't have
to manually add it to your own QML code.
Pick-to: 6.10
Task-number: QTBUG-140187
Change-Id: Id888407345d3c1932d3200d540aa7d2b56ef228f
Reviewed-by: Eirik Aavitsland <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a CMake target `dump_qml_context_properties` to run
qmlcontextpropertydump with the correct options. qmlcontextpropertdump
creates a file called .qt/contextPropertyDump.ini that qmllint
reads to warn about potential context property usages. Also add
a `clean_qml_context_properties` target that allows to remove the
context property dump file.
Add a CMake option QT_QMLLINT_CONTEXT_PROPERTY_DUMP that allows to run
qmlcontextpropertydump as part of the lint targets.
Task-number: QTBUG-128232
Change-Id: I2b167a018df82140e7b36fcdb75ca4cbc050d7fa
Reviewed-by: Fabian Kosmale <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
There is no security critic code in qmldom. Everything remains
at the default "signicant" security level. Exception is one file
containing only headers marked "insignificant".
QUIP: 23
Fixes: QTBUG-136197
Pick-to: 6.10 6.9 6.8
Change-Id: Ied3f8f9299b8c429e903922b815ee5db8f2d1a9e
Reviewed-by: Ulf Hermann <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
There is no security critic code in qmlformat. Everything remains
at the default "signicant" security level.
QUIP: 23
Fixes: QTBUG-136198
Pick-to: 6.10 6.9 6.8
Change-Id: Iac1c84748bc98a9c921fc8ae895a2dcd53d01270
Reviewed-by: Ulf Hermann <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
No data parsing or critical situation is found.
QUIP: 23
Fixes: QTBUG-136181
Pick-to: 6.10 6.9 6.8
Change-Id: I8fe748a6cd82d4e6f762dcda8e16967282a8403f
Reviewed-by: Jan Arve Sæther <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We assume that QML or JS code comes from a trusted source. Therefore,
most files are deemed to be significant even if they parse data. This
includes the source code itself but also the associated metadata or
cache files.
However, the QML compiler also generates C++ code. Extra care needs to
be taken with the generator as a vulnerability there could propagate and
have a disproportionate effect on the program's security. It is marked
as critical.
QUIP: 23
Fixes: QTBUG-136195
Pick-to: 6.10 6.9 6.8
Change-Id: I70630361ec8e9cb3969f78a3fdf36a41334a33b3
Reviewed-by: Ulf Hermann <[email protected]>
|
| |
|
|
|
|
|
| |
Task-number: QTBUG-98718
Pick-to: 6.8 6.9 6.10
Change-Id: Idfedb0e9cb97833c7e144de7593cabf73522f88e
Reviewed-by: Santhosh Kumar <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
[ChangeLog][QtQuick.Shapes.DesignHelpers] Added EllipseShape.
Fixes: QDS-14729
Fixes: QDS-15302
Change-Id: I0df4d6da0eb3a7cab210210fa3c695f0fe29a412
Reviewed-by: Jan Arve Sæther <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
As we assume that all QML comes from trusted sources, everything remains
at the default "signicant" security level. The exception are the module
headers which only include other headers and add a few defines.
QUIP: 23
Fixes: QTBUG-136203
Pick-to: 6.10 6.9 6.8
Change-Id: Ib1a2abbb94dbb25420f03e01a2b444f89517a902
Reviewed-by: Ulf Hermann <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
The header is only used to add meta-data to source files.
Pick-to: 6.10 6.9 6.8
Fixes: QTBUG-136199
Change-Id: Ib2a5c55b68613b9d2c3d7bd619841358201b9341
Reviewed-by: Ulf Hermann <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
Everything gets default significance. Note: there's a QML custom parser
in usage, but that's not "real" parsing, and we document that QML
documents have to be from a trusted source.
Pick-to: 6.10 6.9 6.8
Fixes: QTBUG-136202
Change-Id: Ifbc5a2a33cc527c14dc5aa328da8f634f63df5f8
Reviewed-by: Ulf Hermann <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Mark the global heades as insignificant, they don't contain any logic.
- Mark qv4serialize as critical: String data that might get passed to a
worker script might come from an untrusted context, and thus the
serialization process needs some basic care.
- Evertything else gets the default significant marker to indicate that
it has been reviewed.
Pick-to: 6.10 6.9 6.8
Fixes: QTBUG-136209
Change-Id: Ib820d551f687cbd41f0306d39552e55e8642a2b3
Reviewed-by: Ulf Hermann <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mark the lexing / parsing code as security critical, because they are
data parsers. While _running_ QML code needs to assume trusted input, we
probably should not have this restriction on the parser, so that tools
like qmllint, qmlls and qdoc can safely pass any file to the parser,
without having to worry about security implications.
The criticality extends to qqmljskeywords_p.h, as we do custom bounds
checking in the functions defined there.
qqmljsastfwd_p is marked as insignificant, as it only contains fowrard
declarations and no logic at all.
The other marked files have the default level (significant).
QUIP: 23
Task-number: QTBUG-136966
Pick-to: 6.10 6.9 6.8
Change-Id: I1e44f346d91d6d66c8e9632f0dec4a11fffc935a
Reviewed-by: Ulf Hermann <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This relies heavily on the documented fact that we only support trusted
QML/JS content, meaning most files are only significant, not critical.
This also extends to the handling of qmlc files (as in
compilationunitmapper), as we store them in a user owned, non-shared
cache directory – so any vulnerability there would already mean that an
attacker has write-priviledges on user data.
An exception is ArrayBuffer, which can be used with arbitrary user data,
and should create a valid QBA.
Fixes: QTBUG-136970
Pick-to: 6.10 6.9 6.8
QUIP: 23
Change-Id: I22033fe6ab4acf8362a8183e25b92331d45cb32c
Reviewed-by: Ulf Hermann <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
qtbase commit 92a65fdac69d7773b114584f1637946622cf4f72 changed what
happened when deleting a QWindow with child windows: they are now
deleted earlier, from ~QWindow rather than from ~QObject.
As a consequence, if the deletion of the child window triggers any
signal (such as QSGRenderContext::invalidated), the parent window
now receives it (while before, the code in ~QObject would disconnect
the parent window from all senders).
Fixed by explicit disconnects, using a std::array of
QMetaObject::Connections, like in QSortFilterProxyModel for instance.
Task-number: QTBUG-140170
Pick-to: 6.10 6.10.0
Change-Id: Id2c402d3121c8a3e6962cfed0afe1e90f5f14b3f
Reviewed-by: Marc Mutz <[email protected]>
Reviewed-by: Tor Arne Vestbø <[email protected]>
|
| |
|
|
|
|
|
|
| |
QUIP: 23
Task-number: QTBUG-136184
Pick-to: 6.10 6.9 6.8
Change-Id: I2867ec1ba4faa7c03e95735504b3052fea132ff3
Reviewed-by: MohammadHossein Qanbari <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The QUnifiedTimer generally outlives the QML animation timer and needs
to be notified about that latter's deletion. Otherwise it will hold a
dangling pointer.
Pick-to: 6.10 6.9 6.8
Fixes: QTBUG-136629
Change-Id: I52b7f2f3ae716128e4acac628ea29477fc17b677
Reviewed-by: Sami Shalayel <[email protected]>
Reviewed-by: Fabian Kosmale <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the module name, it seems that the author didn't realize the
mismatched case probably due to his case-insensitive file system. Also
add an artificial warning (assigning to inexisting property `invalid`)
to better distinguish the cases of "qmlls has no lint warnings to show
about the module import" and "qmlls crashed and thats why no lint
warnings are to be seen".
Task-number: QTBUG-119163
Change-Id: I32735dfa08417ca1dba11f4a4899a040907c4999
Reviewed-by: Ulf Hermann <[email protected]>
|
