| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This relies heavily on the documented fact that we only support trusted
QML/JS content, meaning most files are only significant, not critical.
This also extends to the handling of qmlc files (as in
compilationunitmapper), as we store them in a user owned, non-shared
cache directory – so any vulnerability there would already mean that an
attacker has write-priviledges on user data.
An exception is ArrayBuffer, which can be used with arbitrary user data,
and should create a valid QBA.
Fixes: QTBUG-136970
Pick-to: 6.10 6.9 6.8
QUIP: 23
Change-Id: I22033fe6ab4acf8362a8183e25b92331d45cb32c
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
`Scope` provides a mean of performing uninitialized scoped allocations
on the JS stack.
This can generally be unsafe as this form of allocation temporarily
leaves an element representing garbage memory on the JS stack, which
could be accessed by other parts of the program.
Indeed, a set of bugs related to this kind of behavior was recently
solved.
Hence, to reduce the surface of those kind of bugs, the usages of
uninitialized scoped allocations were reduced to a minimum.
The solution to the recent set of bugs related to uninitialized scoped
allocations introduced a series of `construct` methods that ensure that
the uninitialized allocation and the initialization of the allocated
elements are performed as a single step of computation, reducing the
surface for incorrect usages of those kind of allocations.
The solution was expanded by the introduction of new `construct` methods
that cover initialization from other types and some different means of
initialization that were used around the code-base to work with
uninitialized scoped allocations.
Similarly, the various allocation methods in `Scope` were subsumed by
the new `construct` methods, with the only remaining means of allocation
being the uninitialized one that is used as a building block for the
`construct` methods.
In particular, `Scope` provided three forms of allocation under the
various `alloc` methods.
The aforementioned uninitialized allocation and an allocation that
performed initialization to either the Undefined or the Empty value.
The latter two forms of allocation were converted to forms of
`construct`.
Since they directly map to the same concept of allocation plus
initialization, the conversion avoids having two names for the same
concept.
More specifically, the form of allocation that initialized to the
Undefined value was converted to the new `constructUndefined` which
keeps the same behavior.
The different naming from the basic `construct` methods is justified by
the different interface, which doesn't require choosing a initial value,
and the different implementation which is built on the more general
`construct` methods rather than the lower level allocation routines.
The form of allocation that initialized to the Empty value was removed
as it was found to be unused in the code-base.
The converted allocation methods generally provides the same interface
and behavior with the exception of always requiring the user to specify
the amount of allocate objects.
This is a change compared to the previous interface which allowed a
zero-argument version that allocated a single element.
The writer of the patch considered the additional terseness
inconsequential compared to the required additional code so that the
possibility was not preserved.
The code related to the converted allocation forms was removed as a
consequence of the conversion.
The remaining uninitialized allocation form was made private, to avoid
general usage outside of `Scope`, and favoring usages of the substitute
`construct` methods.
A comment that was related to usages of uninitialized scoped allocations
was moved to the lower level `jsAlloca`, which forms the basis for those
allocations and creates the abovementioned issues, where it was expanded
upon.
Usages of the non-uninitialized allocation forms around the code-base
were modified to use the new `constructUndefined` method.
Most usages of the uninitialized allocation form were modified to use
the new `construct` methods that were added to replace them.
Exceptions were made for those cases where the initialization routine is
either very complex or depends on details that shouldn't belong to
`Scope` such that they cannot be trivially encapsulated in a `construct`
method.
Instead, the relevant function or object was friended by `Scope` to
allow accesses to the now private form of allocation.
Those usages were previously checked and are supposed to be safe but
should be scrutinized if they are modified or the code around them is
modified.
One of the friended functions, `callDatafromJs`, previously offered a
default argument that was not made use of in the code-base.
The default value for the argument was removed to simplify friending the
function, considering the difficulty the language has with friended
function with default arguments and considering that it would have
required the default value to be moved out of the function definition
into a forward declaration in the unrelated header that defines `Scope`.
It is expected that the changes will reduce the surface of usage of
uninitialized scoped allocations in favor of a slightly safer approach,
make the issue that those usages can produce more apparent and generally
centralize the usages as much as possible to make them easier to
evaluate and keep track of.
Change-Id: I351329f2c139201e0728791df6da297698170f55
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
Reviewed-by: Sami Shalayel <sami.shalayel@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
This extracts the check from Function.prototype.apply into a shared
function, and uses it in Reflect.apply, which has the same issue.
Pick-to: 6.4 6.2 5.15
Task-number: QTBUG-107619
Change-Id: I899464c86554f9bbb5270a95bbe3fe27531e9a27
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Drop unnecessary includes detected by clangd-iwyu.
Add new includes due to the transitive includes. Also, some of the
includes were detected as unused even if they were actually in use.
In those cases, use angular brackets instead of "" which deceives
the tool not to complain.
Affected subfolders: JsRuntime, Qml
Fixes: QTBUG-106473
Change-Id: I483da15d42a8e3ce6cd3b654909665fff3075d6b
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Replace the current license disclaimer in files by
a SPDX-License-Identifier.
Files that have to be modified by hand are modified.
License files are organized under LICENSES directory.
Pick-to: 6.4
Task-number: QTBUG-67283
Change-Id: I63563bbeb6f60f89d2c99660400dca7fab78a294
Reviewed-by: Shawn Rutledge <shawn.rutledge@qt.io>
|
| |
|
|
|
|
|
| |
It is shorter and encapsulates the exception handling a bit.
Change-Id: I8e2dc0eb3b930e222b8cb4852b73d99ca18a0379
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
|
| |
|
|
|
|
|
|
| |
If the call resulted in an exception the return value is undefined.
Task-number: QTBUG-81581
Change-Id: Ibfdd5e1229cf5437f270232d3b1a91308adeec72
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The declarations and usage of runtime functions have seen a number of
changes:
- we don't use the array of method pointers anymore because we don't use
cross-platform AOT JITting
- the check if a method can throw a JS exception was invalid, and was
not used anymore
- value-pointer vs. const-value-ref was inconsistent
This patch cleans that up. By fixing the exception checking, we can now
use it in the baseline JIT to automatically insert those checks. To make
that work correctly, all runtime methods are in a struct, which gets
annotated to indicate if that method throws. (The old way of checking
which type of engine was used is fragile: some non-throwing methods
do not take an engine parameter at all, and those got flagged as
throwing). By using a struct, we can also get rid of a bunch of
interesting macros.
The flags in the struct (as mentioned above) can later be extended to
capture more information, e.g. if a method will change the context.
Change-Id: I1e0b9ba62a0bf538eb728b4378e2678136e29a64
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Get rid of Primitive and move the corresponding methods
directly into Value. Mark many methods in Value as
constexpr and turn Value into a POD type again.
Keep Primitive as a pure alias to Value for source
compatibility of other modules that might be using it.
Change-Id: Icb47458947dd3482c8852e95782123ea4346f5ec
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
| |
|
|
|
| |
Change-Id: If4af20d25781c663f55cf9d6107a660f6540869d
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Accessing uninitialized imports through the module namespace object
should throw a reference error. Unfortunately we can't do this check on
the caller side of the namespace object get, as we have no idea that
we're talking to one. Therefore we must throw in the vtable methods.
When checking via Reflect.has(), the properties should be reported as
existing. This means providing a virtual hasProperty() in the module as
well as changing Reflect::method_has to use the vtable method instead of
doing a get (which would throw).
Change-Id: Ic0ec51de3832c6a67044fc8f689ac534f349c1b6
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
This adds the last missing piece of functionality for
Proxy objects.
Also fix a bug where we ignored the newTarget in
Reflect.construct.
Change-Id: I2443470f2ca13fb6223768c3bf6bdc3766bb4fc3
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
| |
|
|
|
|
|
| |
This function should not only return the names but also keys (symbols).
Change-Id: I431e4aa8fa31ac6c16a415f00fb9f98405632562
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Get rid of makeIdentifier(), as toPropertyKey() will take
care of it.
Rename identifier() to propertyKey() and check that the
key is valid.
Remove String/StringOrSymbol::asArrayIndex(), we don't need it
anymore.
Change-Id: I3c490fabc1475c9ea288b49b1638b6fa1bc237b7
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
| |
|
|
|
|
|
|
| |
Change all uses of Identifier to use the new PropertyKey class
and get rid of Identifier.
Change-Id: Ib7e83b06a3c923235e145b6e083fe980dc240452
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
This will replace Identifier over the next few commits.
The advantage of PropertyKey is that it can be stored on
the JS stack, so that a GC run won't accidentally clean
up the string/symbol referenced by the key.
Change-Id: Ib4daa4616bcfa537e6d371ef7c7740bc7727a50d
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
| |
|
|
|
|
|
|
| |
This finalizes the refactoring of Object's vtable API. Also added
the receiver argument to the method as required by the ES7 spec.
Change-Id: I36f9989211c47458788fe9f7e929862bcfe7b845
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
Pass an Identifier through those virtual methods to unify
the string and integer based versions.
Also add the receiver that's required in ES7
Change-Id: I4e7f01b4c97cc80bcb3c485f6343f28213dc9e6b
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make it a vtable method as required by the ES7 spec.
Change all calls sites to call through the virtual
function.
Adjust ArgumentsObject and give it it's own
defineOwnProperty implementation instead of hacking
it into the base implementation.
Move the array object specific handling into a
reimplementation.
Change-Id: I48c960c4c69f99b178628c94b4808be2bab0dccc
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cleanup get/setPrototypeOf and fix some smaller incompatibilities
in the default implementation for Object.
Add the methods to the vtable and reimplement them according to
spec for ProxyObjects.
Clean up the Object.prototype.get/setPrototypeOf/__proto__ methods
and fix a smaller bug in the Reflect API for those methods.
Change-Id: I6e438753332ec4db963d6cdcf86f340ff212777a
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
| |
|
|
|
| |
Change-Id: I03aaacc260bdb46eb09c597598a45fbb25d6d7b6
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
|
|
Implemented all methods in Reflect, only some smaller
bugs left in there.
Change-Id: I53d2304d0e59566aec64e200cd995e02afcfc33e
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
