From eb1025d7808f04e3f114b08c86a5e680b2d18010 Mon Sep 17 00:00:00 2001 From: Albert Astals Cid <albert.astals.cid@kdab.com> Date: Fri, 21 May 2021 13:30:41 +0200 Subject: [PATCH 01/19] Give a warning when StyledText encounters a non supported entity Pick-to: 6.1 5.15 Change-Id: Iea8bdf25542cd404ee71141467ac1f1398a7d0df Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io> (cherry picked from commit 8cd43e370040e23fcbd03ad64969e683055bd7d0) --- src/quick/util/qquickstyledtext.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/quick/util/qquickstyledtext.cpp b/src/quick/util/qquickstyledtext.cpp index 660852ba83..d531fc9205 100644 --- a/src/quick/util/qquickstyledtext.cpp +++ b/src/quick/util/qquickstyledtext.cpp @@ -46,6 +46,8 @@ #include "qquickstyledtext_p.h" #include <QQmlContext> +Q_LOGGING_CATEGORY(lcStyledText, "qt.quick.styledtext") + /* QQuickStyledText supports few tags: @@ -566,6 +568,8 @@ void QQuickStyledTextPrivate::parseEntity(const QChar *&ch, const QString &textI textOut += QChar(34); else if (entity == QLatin1String("nbsp")) textOut += QChar(QChar::Nbsp); + else + qCWarning(lcStyledText) << "StyledText doesn't support entity" << entity; return; } else if (*ch == QLatin1Char(' ')) { QStringRef entity(&textIn, entityStart - 1, entityLength + 1); -- 2.36.0 From ba07a40a2afacfb57ddb8f7cb4cc90a39560f17d Mon Sep 17 00:00:00 2001 From: Antonio Rojas <arojas@archlinux.org> Date: Sun, 23 May 2021 14:32:46 +0200 Subject: [PATCH 02/19] Add missing limits include to fix build with GCC 11 This is not required for Qt 6, since it is indirectly pulled via qanystrigview.h, but it is for Qt 5 (where qanystrigview does not exist) and, in any case, it is good to declare all used headers and not rely on them being implicitly pulled. Pick-to: 6.1 5.15 Change-Id: I97606ea493e723006759608b7d4c4f00632f340c Reviewed-by: Albert Astals Cid <albert.astals.cid@kdab.com> (cherry picked from commit 367293b18ab0d0a0432c1c8ce445fee052e5eee5) --- src/qmldebug/qqmlprofilerevent_p.h | 1 + 1 file changed, 1 insertion(+) diff --git a/src/qmldebug/qqmlprofilerevent_p.h b/src/qmldebug/qqmlprofilerevent_p.h index a7e37d1964..01b2f58f16 100644 --- a/src/qmldebug/qqmlprofilerevent_p.h +++ b/src/qmldebug/qqmlprofilerevent_p.h @@ -48,6 +48,7 @@ #include <QtCore/qmetatype.h> #include <initializer_list> +#include <limits> #include <type_traits> // -- 2.36.0 From eb9ebe3815ac100d4ab3b3a708f691a1dde270bf Mon Sep 17 00:00:00 2001 From: Albert Astals Cid <albert.astals.cid@kdab.com> Date: Fri, 21 May 2021 13:17:15 +0200 Subject: [PATCH 03/19] Document that StyledText also supports and " Change-Id: I1715f8ae8ec8d0fbaf6dbe2b8663cc169da663cd Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io> (cherry picked from commit 5848c081c094a66e024493fc1e5c2569e06f73b6) --- src/quick/items/qquicktext.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/quick/items/qquicktext.cpp b/src/quick/items/qquicktext.cpp index 6230186933..c1571fc6f5 100644 --- a/src/quick/items/qquicktext.cpp +++ b/src/quick/items/qquicktext.cpp @@ -2168,7 +2168,7 @@ void QQuickText::resetMaximumLineCount() <img src="" align="top,middle,bottom" width="" height=""> - inline images <ol type="">, <ul type=""> and <li> - ordered and unordered lists <pre></pre> - preformatted - > < & + > < & " \endcode \c Text.StyledText parser is strict, requiring tags to be correctly nested. -- 2.36.0 From 0aea240ef6d78989ef16ea1d41e161c641c2667c Mon Sep 17 00:00:00 2001 From: Albert Astals Cid <albert.astals.cid@kdab.com> Date: Fri, 21 May 2021 13:42:35 +0200 Subject: [PATCH 04/19] Support ' in styled text Pick-to: 6.1 5.15 Change-Id: I4a8db963e52a7899ab1796f9a560e8029cc1c929 Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io> Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io> (cherry picked from commit 96b528efcba1226d2980828d1255160bdceae4cf) --- src/quick/items/qquicktext.cpp | 2 +- src/quick/util/qquickstyledtext.cpp | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/quick/items/qquicktext.cpp b/src/quick/items/qquicktext.cpp index c1571fc6f5..e823ca1095 100644 --- a/src/quick/items/qquicktext.cpp +++ b/src/quick/items/qquicktext.cpp @@ -2168,7 +2168,7 @@ void QQuickText::resetMaximumLineCount() <img src="" align="top,middle,bottom" width="" height=""> - inline images <ol type="">, <ul type=""> and <li> - ordered and unordered lists <pre></pre> - preformatted - > < & " + > < & " ' \endcode \c Text.StyledText parser is strict, requiring tags to be correctly nested. diff --git a/src/quick/util/qquickstyledtext.cpp b/src/quick/util/qquickstyledtext.cpp index d531fc9205..a25af90414 100644 --- a/src/quick/util/qquickstyledtext.cpp +++ b/src/quick/util/qquickstyledtext.cpp @@ -564,6 +564,8 @@ void QQuickStyledTextPrivate::parseEntity(const QChar *&ch, const QString &textI textOut += QChar(60); else if (entity == QLatin1String("amp")) textOut += QChar(38); + else if (entity == QLatin1String("apos")) + textOut += QChar(39); else if (entity == QLatin1String("quot")) textOut += QChar(34); else if (entity == QLatin1String("nbsp")) -- 2.36.0 From bdf7658d89e1df55ded318432d4412dbf1d5d0f9 Mon Sep 17 00:00:00 2001 From: Albert Astals Cid <albert.astals.cid@kdab.com> Date: Thu, 17 Jun 2021 16:32:28 +0200 Subject: [PATCH 05/19] Remove unused QPointer<QQuickPointerMask> Change-Id: I009fa6bbd8599dc3bb2e810176fe20e70ed50851 Reviewed-by: Shawn Rutledge <shawn.rutledge@qt.io> (cherry picked from commit ac03b4b8ee9cc8d4522e0c8cf1018ff086f80c1b) --- src/quick/items/qquickmousearea_p_p.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/quick/items/qquickmousearea_p_p.h b/src/quick/items/qquickmousearea_p_p.h index fba383e268..0d63618622 100644 --- a/src/quick/items/qquickmousearea_p_p.h +++ b/src/quick/items/qquickmousearea_p_p.h @@ -61,7 +61,6 @@ QT_BEGIN_NAMESPACE class QQuickMouseEvent; class QQuickMouseArea; -class QQuickPointerMask; class QQuickMouseAreaPrivate : public QQuickItemPrivate { Q_DECLARE_PUBLIC(QQuickMouseArea) @@ -100,7 +99,6 @@ public: #if QT_CONFIG(quick_draganddrop) QQuickDrag *drag; #endif - QPointer<QQuickPointerMask> mask; QPointF startScene; QPointF targetStartPos; QPointF lastPos; -- 2.36.0 From 8da88589929a1d82103c8bbfa80210f3c1af3714 Mon Sep 17 00:00:00 2001 From: Dmitry Shachnev <mitya57@gmail.com> Date: Wed, 18 Aug 2021 22:50:29 +0300 Subject: [PATCH 06/19] Include <limits> in Yarr.h to fix build with GCC 11 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - <limits.h> (aka <climits>) is needed for UINT_MAX macro constant. - <limits> is needed for std::numeric_limits. Without this fix, qtdeclarative failed to build on some platforms: In file included from jsruntime/qv4regexp_p.h:62, from jsruntime/qv4regexp.cpp:40: ../3rdparty/masm/yarr/Yarr.h:46:44: error: ‘numeric_limits’ is not a member of ‘std’ 46 | static const unsigned offsetNoMatch = std::numeric_limits<unsigned>::max(); | ^~~~~~~~~~~~~~ Pick-to: 5.15 6.2 Change-Id: I7cc9f7bc6624a52c8659f09034ab16064da5fd2f Reviewed-by: Albert Astals Cid <albert.astals.cid@kdab.com> Reviewed-by: Ulf Hermann <ulf.hermann@qt.io> (cherry picked from commit db58b8518e157b765bf2e01e6382a9eed4751f27) --- src/3rdparty/masm/yarr/Yarr.h | 1 + 1 file changed, 1 insertion(+) diff --git a/src/3rdparty/masm/yarr/Yarr.h b/src/3rdparty/masm/yarr/Yarr.h index ccf78f9880..2955ea7e72 100644 --- a/src/3rdparty/masm/yarr/Yarr.h +++ b/src/3rdparty/masm/yarr/Yarr.h @@ -28,6 +28,7 @@ #pragma once #include <limits.h> +#include <limits> #include "YarrErrorCode.h" namespace JSC { namespace Yarr { -- 2.36.0 From 103503f1cae9e928a4fa8b5e7e1f7af34f1add4d Mon Sep 17 00:00:00 2001 From: Aleix Pol <aleixpol@kde.org> Date: Tue, 21 Sep 2021 00:10:26 +0200 Subject: [PATCH 07/19] QQuickLoader: Do not incubate if the source arrives after setActive(false) Otherwise we end up in the crazy place of active being false but item being non-null and forces us to workaround within the apps. Change-Id: I88c27c4b00ccec8b8e0c05a8e10b44fcabfc2e30 Reviewed-by: Ulf Hermann <ulf.hermann@qt.io> (cherry picked from commit e78c068700fa74ab3aca6a23ab2450563b1c3a5c) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> --- src/quick/items/qquickloader.cpp | 3 +++ .../data/loader-async-race-rect.qml | 10 ++++++++++ .../qquickloader/data/loader-async-race.qml | 14 ++++++++++++++ .../quick/qquickloader/tst_qquickloader.cpp | 19 +++++++++++++++++++ 4 files changed, 46 insertions(+) create mode 100644 tests/auto/quick/qquickloader/data/loader-async-race-rect.qml create mode 100644 tests/auto/quick/qquickloader/data/loader-async-race.qml diff --git a/src/quick/items/qquickloader.cpp b/src/quick/items/qquickloader.cpp index cb4f79a3c2..7fbe66fdda 100644 --- a/src/quick/items/qquickloader.cpp +++ b/src/quick/items/qquickloader.cpp @@ -737,6 +737,9 @@ void QQuickLoaderPrivate::_q_sourceLoaded() return; } + if (!active) + return; + QQmlContext *creationContext = component->creationContext(); if (!creationContext) creationContext = qmlContext(q); itemContext = new QQmlContext(creationContext); diff --git a/tests/auto/quick/qquickloader/data/loader-async-race-rect.qml b/tests/auto/quick/qquickloader/data/loader-async-race-rect.qml new file mode 100644 index 0000000000..a56dcea5ad --- /dev/null +++ b/tests/auto/quick/qquickloader/data/loader-async-race-rect.qml @@ -0,0 +1,10 @@ +import QtQuick 2.15 + +Rectangle { + anchors.fill: parent + color: "blue" + Item { + Item { + } + } +} diff --git a/tests/auto/quick/qquickloader/data/loader-async-race.qml b/tests/auto/quick/qquickloader/data/loader-async-race.qml new file mode 100644 index 0000000000..8ba625c5c1 --- /dev/null +++ b/tests/auto/quick/qquickloader/data/loader-async-race.qml @@ -0,0 +1,14 @@ +import QtQuick 2.15 + +Item { + id: root + Component.onCompleted: { + myloader.active = false + } + Loader { + id: myloader + anchors.fill: parent + asynchronous: true + source: "loader-async-race-rect.qml" + } +} diff --git a/tests/auto/quick/qquickloader/tst_qquickloader.cpp b/tests/auto/quick/qquickloader/tst_qquickloader.cpp index 0f6c811adb..dddacbaa0b 100644 --- a/tests/auto/quick/qquickloader/tst_qquickloader.cpp +++ b/tests/auto/quick/qquickloader/tst_qquickloader.cpp @@ -132,6 +132,7 @@ private slots: void statusChangeOnlyEmittedOnce(); void setSourceAndCheckStatus(); + void asyncLoaderRace(); }; Q_DECLARE_METATYPE(QList<QQmlError>) @@ -1496,6 +1497,24 @@ void tst_QQuickLoader::setSourceAndCheckStatus() QCOMPARE(loader->status(), QQuickLoader::Null); } +void tst_QQuickLoader::asyncLoaderRace() +{ + QQmlApplicationEngine engine; + auto url = testFileUrl("loader-async-race.qml"); + engine.load(url); + auto root = engine.rootObjects().at(0); + QVERIFY(root); + + QQuickLoader *loader = root->findChild<QQuickLoader *>(); + QCOMPARE(loader->active(), false); + QCOMPARE(loader->status(), QQuickLoader::Null); + QCOMPARE(loader->item(), nullptr); + + QSignalSpy spy(loader, &QQuickLoader::itemChanged); + QVERIFY(!spy.wait(100)); + QCOMPARE(loader->item(), nullptr); +} + QTEST_MAIN(tst_QQuickLoader) #include "tst_qquickloader.moc" -- 2.36.0 From 0fdd8a998075a8b52954724743d3a04c105c6ce2 Mon Sep 17 00:00:00 2001 From: Aleix Pol <aleixpol@kde.org> Date: Thu, 23 Sep 2021 03:43:04 +0200 Subject: [PATCH 08/19] QQmlDelegateModel: Refresh the view when a column is added at 0 It can happen that a model reports n>0 rows but columns=0 (See QConcatenateTablesProxyModel). In those cases we would render glitchy items until the elements are marked as dirty. Change-Id: I615c9cacbb1b6f9dee3898b03476605e5ac39d0a Reviewed-by: Ulf Hermann <ulf.hermann@qt.io> (cherry picked from commit ec9251efb918f37971aeefa1f687d137d037ff12) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> Signed-off-by: Aleix Pol <aleixpol@kde.org> --- src/qmlmodels/qqmldelegatemodel.cpp | 44 +++++++++++++++++++ src/qmlmodels/qqmldelegatemodel_p.h | 3 ++ .../data/redrawUponColumnChange.qml | 11 +++++ .../tst_qqmldelegatemodel.cpp | 27 ++++++++++++ 4 files changed, 85 insertions(+) create mode 100644 tests/auto/qml/qqmldelegatemodel/data/redrawUponColumnChange.qml diff --git a/src/qmlmodels/qqmldelegatemodel.cpp b/src/qmlmodels/qqmldelegatemodel.cpp index 26ded63c41..53e511303e 100644 --- a/src/qmlmodels/qqmldelegatemodel.cpp +++ b/src/qmlmodels/qqmldelegatemodel.cpp @@ -389,6 +389,12 @@ void QQmlDelegateModelPrivate::connectToAbstractItemModel() q, QQmlDelegateModel, SLOT(_q_rowsRemoved(QModelIndex,int,int))); qmlobject_connect(aim, QAbstractItemModel, SIGNAL(rowsAboutToBeRemoved(QModelIndex,int,int)), q, QQmlDelegateModel, SLOT(_q_rowsAboutToBeRemoved(QModelIndex,int,int))); + qmlobject_connect(aim, QAbstractItemModel, SIGNAL(columnsInserted(QModelIndex,int,int)), + q, QQmlDelegateModel, SLOT(_q_columnsInserted(QModelIndex,int,int))); + qmlobject_connect(aim, QAbstractItemModel, SIGNAL(columnsRemoved(QModelIndex,int,int)), + q, QQmlDelegateModel, SLOT(_q_columnsRemoved(QModelIndex,int,int))); + qmlobject_connect(aim, QAbstractItemModel, SIGNAL(columnsMoved(QModelIndex,int,int,QModelIndex,int)), + q, QQmlDelegateModel, SLOT(_q_columnsMoved(QModelIndex,int,int,QModelIndex,int))); qmlobject_connect(aim, QAbstractItemModel, SIGNAL(dataChanged(QModelIndex,QModelIndex,QVector<int>)), q, QQmlDelegateModel, SLOT(_q_dataChanged(QModelIndex,QModelIndex,QVector<int>))); qmlobject_connect(aim, QAbstractItemModel, SIGNAL(rowsMoved(QModelIndex,int,int,QModelIndex,int)), @@ -413,6 +419,12 @@ void QQmlDelegateModelPrivate::disconnectFromAbstractItemModel() q, SLOT(_q_rowsAboutToBeRemoved(QModelIndex,int,int))); QObject::disconnect(aim, SIGNAL(rowsRemoved(QModelIndex,int,int)), q, SLOT(_q_rowsRemoved(QModelIndex,int,int))); + QObject::disconnect(aim, SIGNAL(columnsInserted(QModelIndex,int,int)), q, + SLOT(_q_columnsInserted(QModelIndex,int,int))); + QObject::disconnect(aim, SIGNAL(columnsRemoved(QModelIndex,int,int)), q, + SLOT(_q_columnsRemoved(QModelIndex,int,int))); + QObject::disconnect(aim, SIGNAL(columnsMoved(QModelIndex,int,int,QModelIndex,int)), q, + SLOT(_q_columnsMoved(QModelIndex,int,int,QModelIndex,int))); QObject::disconnect(aim, SIGNAL(dataChanged(QModelIndex,QModelIndex,QVector<int>)), q, SLOT(_q_dataChanged(QModelIndex,QModelIndex,QVector<int>))); QObject::disconnect(aim, SIGNAL(rowsMoved(QModelIndex,int,int,QModelIndex,int)), @@ -1958,6 +1970,38 @@ void QQmlDelegateModel::_q_rowsMoved( } } +void QQmlDelegateModel::_q_columnsInserted(const QModelIndex &parent, int begin, int end) +{ + Q_D(QQmlDelegateModel); + Q_UNUSED(end); + if (parent == d->m_adaptorModel.rootIndex && begin == 0) { + // mark all items as changed + _q_itemsChanged(0, d->m_count, QVector<int>()); + } +} + +void QQmlDelegateModel::_q_columnsRemoved(const QModelIndex &parent, int begin, int end) +{ + Q_D(QQmlDelegateModel); + Q_UNUSED(end); + if (parent == d->m_adaptorModel.rootIndex && begin == 0) { + // mark all items as changed + _q_itemsChanged(0, d->m_count, QVector<int>()); + } +} + +void QQmlDelegateModel::_q_columnsMoved(const QModelIndex &parent, int start, int end, + const QModelIndex &destination, int column) +{ + Q_D(QQmlDelegateModel); + Q_UNUSED(end); + if ((parent == d->m_adaptorModel.rootIndex && start == 0) + || (destination == d->m_adaptorModel.rootIndex && column == 0)) { + // mark all items as changed + _q_itemsChanged(0, d->m_count, QVector<int>()); + } +} + void QQmlDelegateModel::_q_dataChanged(const QModelIndex &begin, const QModelIndex &end, const QVector<int> &roles) { Q_D(QQmlDelegateModel); diff --git a/src/qmlmodels/qqmldelegatemodel_p.h b/src/qmlmodels/qqmldelegatemodel_p.h index 8aab4badca..d140bfbaaf 100644 --- a/src/qmlmodels/qqmldelegatemodel_p.h +++ b/src/qmlmodels/qqmldelegatemodel_p.h @@ -152,6 +152,9 @@ private Q_SLOTS: void _q_itemsMoved(int from, int to, int count); void _q_modelReset(); void _q_rowsInserted(const QModelIndex &,int,int); + void _q_columnsInserted(const QModelIndex &, int, int); + void _q_columnsRemoved(const QModelIndex &, int, int); + void _q_columnsMoved(const QModelIndex &, int, int, const QModelIndex &, int); void _q_rowsAboutToBeRemoved(const QModelIndex &parent, int begin, int end); void _q_rowsRemoved(const QModelIndex &,int,int); void _q_rowsMoved(const QModelIndex &, int, int, const QModelIndex &, int); diff --git a/tests/auto/qml/qqmldelegatemodel/data/redrawUponColumnChange.qml b/tests/auto/qml/qqmldelegatemodel/data/redrawUponColumnChange.qml new file mode 100644 index 0000000000..206133bb39 --- /dev/null +++ b/tests/auto/qml/qqmldelegatemodel/data/redrawUponColumnChange.qml @@ -0,0 +1,11 @@ +import QtQuick 2.8 + +ListView { + id: root + width: 200 + height: 200 + + delegate: Text { + text: display + } +} diff --git a/tests/auto/qml/qqmldelegatemodel/tst_qqmldelegatemodel.cpp b/tests/auto/qml/qqmldelegatemodel/tst_qqmldelegatemodel.cpp index 71550a50f3..4c1eae7ac7 100644 --- a/tests/auto/qml/qqmldelegatemodel/tst_qqmldelegatemodel.cpp +++ b/tests/auto/qml/qqmldelegatemodel/tst_qqmldelegatemodel.cpp @@ -27,6 +27,8 @@ ****************************************************************************/ #include <QtTest/qtest.h> +#include <QtCore/QConcatenateTablesProxyModel> +#include <QtGui/QStandardItemModel> #include <QtQml/qqmlcomponent.h> #include <QtQmlModels/private/qqmldelegatemodel_p.h> #include <QtQuick/qquickview.h> @@ -45,6 +47,7 @@ private slots: void valueWithoutCallingObjectFirst_data(); void valueWithoutCallingObjectFirst(); void filterOnGroup_removeWhenCompleted(); + void redrawUponColumnChange(); }; class AbstractItemModel : public QAbstractItemModel @@ -149,6 +152,30 @@ void tst_QQmlDelegateModel::filterOnGroup_removeWhenCompleted() QTest::qWaitFor([=]{ return model->count() == 2; } ); } +void tst_QQmlDelegateModel::redrawUponColumnChange() +{ + QStandardItemModel m1; + m1.appendRow({ + new QStandardItem("Banana"), + new QStandardItem("Coconut"), + }); + + QQuickView view(testFileUrl("redrawUponColumnChange.qml")); + QCOMPARE(view.status(), QQuickView::Ready); + view.show(); + QQuickItem *root = view.rootObject(); + root->setProperty("model", QVariant::fromValue<QObject *>(&m1)); + + QObject *item = root->property("currentItem").value<QObject *>(); + QVERIFY(item); + QCOMPARE(item->property("text").toString(), "Banana"); + + QVERIFY(root); + m1.removeColumn(0); + + QCOMPARE(item->property("text").toString(), "Coconut"); +} + QTEST_MAIN(tst_QQmlDelegateModel) #include "tst_qqmldelegatemodel.moc" -- 2.36.0 From f2d1bfa96bedb09c27f52a802b03cbefb17a0257 Mon Sep 17 00:00:00 2001 From: Vlad Zahorodnii <vlad.zahorodnii@kde.org> Date: Sun, 10 Oct 2021 21:04:21 +0300 Subject: [PATCH 09/19] Fix sweep step for tainted QObject JavaScript wrappers Currently, whenever the garbage collector runs, it will destroy all valid tainted wrappers. Only null or undefined wrappers will be preserved in the m_multiplyWrappedQObjects map. It seems like "!" was overlooked in 3b5d37ce3841c4bfdf1c629d33f0e33b881b47fb. Prior to that change, it was "!it.value()->markBit()", so calling erase() in the then branch did make sense. But with "!it.value().isNullOrUndefined()", erase() will be called for every valid wrapper, which is the opposite what we want. Pick-to: 5.15 6.2 Change-Id: I2bf2630f538af8cbd4bfffcff29d67be6c278265 Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io> (cherry picked from commit e6b2f88d892dcf396580a61662f569bf69d6d9d1) --- src/qml/memory/qv4mm.cpp | 2 +- tests/auto/qml/qjsengine/tst_qjsengine.cpp | 39 ++++++++++++++++++++++ tests/auto/qml/qv4mm/tst_qv4mm.cpp | 6 ++-- 3 files changed, 43 insertions(+), 4 deletions(-) diff --git a/src/qml/memory/qv4mm.cpp b/src/qml/memory/qv4mm.cpp index 06caf04e5a..da149a67c4 100644 --- a/src/qml/memory/qv4mm.cpp +++ b/src/qml/memory/qv4mm.cpp @@ -981,7 +981,7 @@ void MemoryManager::sweep(bool lastSweep, ClassDestroyStatsCallback classCountPt if (MultiplyWrappedQObjectMap *multiplyWrappedQObjects = engine->m_multiplyWrappedQObjects) { for (MultiplyWrappedQObjectMap::Iterator it = multiplyWrappedQObjects->begin(); it != multiplyWrappedQObjects->end();) { - if (!it.value().isNullOrUndefined()) + if (it.value().isNullOrUndefined()) it = multiplyWrappedQObjects->erase(it); else ++it; diff --git a/tests/auto/qml/qjsengine/tst_qjsengine.cpp b/tests/auto/qml/qjsengine/tst_qjsengine.cpp index 3b7d74df63..b75bf820d5 100644 --- a/tests/auto/qml/qjsengine/tst_qjsengine.cpp +++ b/tests/auto/qml/qjsengine/tst_qjsengine.cpp @@ -102,6 +102,7 @@ private slots: void valueConversion_RegularExpression(); void castWithMultipleInheritance(); void collectGarbage(); + void collectGarbageNestedWrappersTwoEngines(); void gcWithNestedDataStructure(); void stacktrace(); void numberParsing_data(); @@ -1809,6 +1810,44 @@ void tst_QJSEngine::collectGarbage() QVERIFY(ptr.isNull()); } +class TestObjectContainer : public QObject +{ + Q_OBJECT + Q_PROPERTY(QObject *dummy MEMBER m_dummy CONSTANT) + +public: + TestObjectContainer() : m_dummy(new QObject(this)) {} + +private: + QObject *m_dummy; +}; + +void tst_QJSEngine::collectGarbageNestedWrappersTwoEngines() +{ + QJSEngine engine1; + QJSEngine engine2; + + TestObjectContainer container; + QQmlEngine::setObjectOwnership(&container, QQmlEngine::CppOwnership); + + engine1.globalObject().setProperty("foobar", engine1.newQObject(&container)); + engine2.globalObject().setProperty("foobar", engine2.newQObject(&container)); + + engine1.evaluate("foobar.dummy.baz = 42"); + engine2.evaluate("foobar.dummy.baz = 43"); + + QCOMPARE(engine1.evaluate("foobar.dummy.baz").toInt(), 42); + QCOMPARE(engine2.evaluate("foobar.dummy.baz").toInt(), 43); + + engine1.collectGarbage(); + engine2.collectGarbage(); + + // The GC should not collect dummy object wrappers neither in engine1 nor engine2, we + // verify that by checking whether the baz property still has its previous value. + QCOMPARE(engine1.evaluate("foobar.dummy.baz").toInt(), 42); + QCOMPARE(engine2.evaluate("foobar.dummy.baz").toInt(), 43); +} + void tst_QJSEngine::gcWithNestedDataStructure() { // The GC must be able to traverse deeply nested objects, otherwise this diff --git a/tests/auto/qml/qv4mm/tst_qv4mm.cpp b/tests/auto/qml/qv4mm/tst_qv4mm.cpp index 5d635aa63b..824fd89e5b 100644 --- a/tests/auto/qml/qv4mm/tst_qv4mm.cpp +++ b/tests/auto/qml/qv4mm/tst_qv4mm.cpp @@ -76,10 +76,10 @@ void tst_qv4mm::multiWrappedQObjects() QCOMPARE(engine1.memoryManager->m_pendingFreedObjectWrapperValue.size(), 1); QCOMPARE(engine2.memoryManager->m_pendingFreedObjectWrapperValue.size(), 0); - // Moves the additional WeakValue from m_multiplyWrappedQObjects to - // m_pendingFreedObjectWrapperValue. It's still alive after all. + // The additional WeakValue from m_multiplyWrappedQObjects hasn't been moved + // to m_pendingFreedObjectWrapperValue yet. It's still alive after all. engine1.memoryManager->runGC(); - QCOMPARE(engine1.memoryManager->m_pendingFreedObjectWrapperValue.size(), 2); + QCOMPARE(engine1.memoryManager->m_pendingFreedObjectWrapperValue.size(), 1); // engine2 doesn't own the object as engine1 was the first to wrap it above. // Therefore, no effect here. -- 2.36.0 From b884339e8b6dd8dcaed9704afda2ebed4fcaf9b5 Mon Sep 17 00:00:00 2001 From: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io> Date: Tue, 12 Oct 2021 13:13:01 +0200 Subject: [PATCH 10/19] Fix distorted text with subpixel matrix translation We would pixel-align native text *before* applying the model-view matrix, which would cause GL_NEAREST artifacts to show up when the text was positioned at a subpixel offset in some cases. Instead, we pixel-align the coordinates after mapping them to the view frustum, but before applying the projection to the screen. To make it easier to modify the buffer layout for the shaders the next time, this also adds some constants for offsets. [ChangeLog][Text] Fixed an issue where text using NativeRendering would look slightly skewed if it was inside a parent that had been positioned at a subpixel offset. Pick-to: 5.15 6.2 Fixes: QTBUG-96112 Fixes: QTBUG-83626 Task-number: QTBUG-55638 Change-Id: Ifb785ad5830093df94afc75a7bc288e24ca7aa38 Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io> (cherry picked from commit b21948f5e811ce1b7abf065bc48af61a231e86f4) --- .../scenegraph/qsgdefaultglyphnode_p.cpp | 46 ++++++---- .../scenegraph/shaders_ng/24bittextmask.frag | 5 +- .../scenegraph/shaders_ng/32bitcolortext.frag | 5 +- .../scenegraph/shaders_ng/8bittextmask.frag | 3 +- .../scenegraph/shaders_ng/8bittextmask_a.frag | 3 +- .../scenegraph/shaders_ng/outlinedtext.frag | 5 +- .../scenegraph/shaders_ng/outlinedtext.vert | 9 +- .../scenegraph/shaders_ng/outlinedtext_a.frag | 5 +- .../scenegraph/shaders_ng/styledtext.frag | 3 +- .../scenegraph/shaders_ng/styledtext.vert | 7 +- .../scenegraph/shaders_ng/styledtext_a.frag | 3 +- src/quick/scenegraph/shaders_ng/textmask.frag | 3 +- src/quick/scenegraph/shaders_ng/textmask.vert | 7 +- ...text_nativerendering_subpixelpositions.qml | 91 +++++++++++++++++++ 14 files changed, 155 insertions(+), 40 deletions(-) create mode 100644 tests/manual/scenegraph_lancelot/data/text/text_nativerendering_subpixelpositions.qml diff --git a/src/quick/scenegraph/qsgdefaultglyphnode_p.cpp b/src/quick/scenegraph/qsgdefaultglyphnode_p.cpp index 3c60f830de..0fd6581dc4 100644 --- a/src/quick/scenegraph/qsgdefaultglyphnode_p.cpp +++ b/src/quick/scenegraph/qsgdefaultglyphnode_p.cpp @@ -428,6 +428,18 @@ QSGTextMaskRhiShader::QSGTextMaskRhiShader(QFontEngine::GlyphFormat glyphFormat) QStringLiteral(":/qt-project.org/scenegraph/shaders_ng/textmask.frag.qsb")); } +enum UbufOffset { + ModelViewMatrixOffset = 0, + ProjectionMatrixOffset = ModelViewMatrixOffset + 64, + ColorOffset = ProjectionMatrixOffset + 64, + TextureScaleOffset = ColorOffset + 16, + DprOffset = TextureScaleOffset + 8, + + // + 1 float padding (vec4 must be aligned to 16) + StyleColorOffset = DprOffset + 4 + 4, + ShiftOffset = StyleColorOffset + 16 +}; + bool QSGTextMaskRhiShader::updateUniformData(RenderState &state, QSGMaterial *newMaterial, QSGMaterial *oldMaterial) { @@ -443,11 +455,14 @@ bool QSGTextMaskRhiShader::updateUniformData(RenderState &state, bool changed = false; QByteArray *buf = state.uniformData(); - Q_ASSERT(buf->size() >= 92); + Q_ASSERT(buf->size() >= DprOffset + 4); if (state.isMatrixDirty()) { - const QMatrix4x4 m = state.combinedMatrix(); - memcpy(buf->data(), m.constData(), 64); + const QMatrix4x4 mv = state.modelViewMatrix(); + memcpy(buf->data() + ModelViewMatrixOffset, mv.constData(), 64); + const QMatrix4x4 p = state.projectionMatrix(); + memcpy(buf->data() + ProjectionMatrixOffset, p.constData(), 64); + changed = true; } @@ -456,13 +471,13 @@ bool QSGTextMaskRhiShader::updateUniformData(RenderState &state, if (updated || !oldMat || oldRtex != newRtex) { const QVector2D textureScale = QVector2D(1.0f / mat->rhiGlyphCache()->width(), 1.0f / mat->rhiGlyphCache()->height()); - memcpy(buf->data() + 64 + 16, &textureScale, 8); + memcpy(buf->data() + TextureScaleOffset, &textureScale, 8); changed = true; } if (!oldMat) { float dpr = state.devicePixelRatio(); - memcpy(buf->data() + 64 + 16 + 8, &dpr, 4); + memcpy(buf->data() + DprOffset, &dpr, 4); } // move texture uploads/copies onto the renderer's soon-to-be-committed list @@ -510,11 +525,11 @@ bool QSG8BitTextMaskRhiShader::updateUniformData(RenderState &state, QSGTextMaskMaterial *oldMat = static_cast<QSGTextMaskMaterial *>(oldMaterial); QByteArray *buf = state.uniformData(); - Q_ASSERT(buf->size() >= 80); + Q_ASSERT(buf->size() >= ColorOffset + 16); if (oldMat == nullptr || mat->color() != oldMat->color() || state.isOpacityDirty()) { const QVector4D color = qsg_premultiply(mat->color(), state.opacity()); - memcpy(buf->data() + 64, &color, 16); + memcpy(buf->data() + ColorOffset, &color, 16); changed = true; } @@ -553,12 +568,12 @@ bool QSG24BitTextMaskRhiShader::updateUniformData(RenderState &state, QSGTextMaskMaterial *oldMat = static_cast<QSGTextMaskMaterial *>(oldMaterial); QByteArray *buf = state.uniformData(); - Q_ASSERT(buf->size() >= 92); + Q_ASSERT(buf->size() >= ColorOffset + 16); if (oldMat == nullptr || mat->color() != oldMat->color() || state.isOpacityDirty()) { // shader takes vec4 but uses alpha only; coloring happens via the blend constant const QVector4D color = qsg_premultiply(mat->color(), state.opacity()); - memcpy(buf->data() + 64, &color, 16); + memcpy(buf->data() + ColorOffset, &color, 16); changed = true; } @@ -608,12 +623,12 @@ bool QSG32BitColorTextRhiShader::updateUniformData(RenderState &state, QSGTextMaskMaterial *oldMat = static_cast<QSGTextMaskMaterial *>(oldMaterial); QByteArray *buf = state.uniformData(); - Q_ASSERT(buf->size() >= 92); + Q_ASSERT(buf->size() >= ColorOffset + 16); if (oldMat == nullptr || mat->color() != oldMat->color() || state.isOpacityDirty()) { // shader takes vec4 but uses alpha only const QVector4D color(0, 0, 0, mat->color().w() * state.opacity()); - memcpy(buf->data() + 64, &color, 16); + memcpy(buf->data() + ColorOffset, &color, 16); changed = true; } @@ -649,20 +664,17 @@ bool QSGStyledTextRhiShader::updateUniformData(RenderState &state, QSGStyledTextMaterial *oldMat = static_cast<QSGStyledTextMaterial *>(oldMaterial); QByteArray *buf = state.uniformData(); - Q_ASSERT(buf->size() >= 120); - - // matrix..dpr + 1 float padding (vec4 must be aligned to 16) - const int startOffset = 64 + 16 + 8 + 4 + 4; + Q_ASSERT(buf->size() >= ShiftOffset + 8); if (oldMat == nullptr || mat->styleColor() != oldMat->styleColor() || state.isOpacityDirty()) { const QVector4D styleColor = qsg_premultiply(mat->styleColor(), state.opacity()); - memcpy(buf->data() + startOffset, &styleColor, 16); + memcpy(buf->data() + StyleColorOffset, &styleColor, 16); changed = true; } if (oldMat == nullptr || oldMat->styleShift() != mat->styleShift()) { const QVector2D v = mat->styleShift(); - memcpy(buf->data() + startOffset + 16, &v, 8); + memcpy(buf->data() + ShiftOffset, &v, 8); changed = true; } diff --git a/src/quick/scenegraph/shaders_ng/24bittextmask.frag b/src/quick/scenegraph/shaders_ng/24bittextmask.frag index bc3826a924..ed8da4cd30 100644 --- a/src/quick/scenegraph/shaders_ng/24bittextmask.frag +++ b/src/quick/scenegraph/shaders_ng/24bittextmask.frag @@ -6,8 +6,9 @@ layout(location = 0) out vec4 fragColor; layout(binding = 1) uniform sampler2D _qt_texture; layout(std140, binding = 0) uniform buf { - mat4 matrix; - vec4 color; // only alpha is used, but must be vec4 due to layout compat + mat4 modelViewMatrix; + mat4 projectionMatrix; + vec4 color; vec2 textureScale; float dpr; } ubuf; diff --git a/src/quick/scenegraph/shaders_ng/32bitcolortext.frag b/src/quick/scenegraph/shaders_ng/32bitcolortext.frag index 63e445f90b..4198a4d339 100644 --- a/src/quick/scenegraph/shaders_ng/32bitcolortext.frag +++ b/src/quick/scenegraph/shaders_ng/32bitcolortext.frag @@ -6,8 +6,9 @@ layout(location = 0) out vec4 fragColor; layout(binding = 1) uniform sampler2D _qt_texture; layout(std140, binding = 0) uniform buf { - mat4 matrix; - vec4 color; // only alpha is used, but must be vec4 due to layout compat + mat4 modelViewMatrix; + mat4 projectionMatrix; + vec4 color; vec2 textureScale; float dpr; } ubuf; diff --git a/src/quick/scenegraph/shaders_ng/8bittextmask.frag b/src/quick/scenegraph/shaders_ng/8bittextmask.frag index 6304e821ff..a06743876d 100644 --- a/src/quick/scenegraph/shaders_ng/8bittextmask.frag +++ b/src/quick/scenegraph/shaders_ng/8bittextmask.frag @@ -6,7 +6,8 @@ layout(location = 0) out vec4 fragColor; layout(binding = 1) uniform sampler2D _qt_texture; layout(std140, binding = 0) uniform buf { - mat4 matrix; + mat4 modelViewMatrix; + mat4 projectionMatrix; vec4 color; vec2 textureScale; float dpr; diff --git a/src/quick/scenegraph/shaders_ng/8bittextmask_a.frag b/src/quick/scenegraph/shaders_ng/8bittextmask_a.frag index 0d0fa1cd3a..f725cbc5e7 100644 --- a/src/quick/scenegraph/shaders_ng/8bittextmask_a.frag +++ b/src/quick/scenegraph/shaders_ng/8bittextmask_a.frag @@ -6,7 +6,8 @@ layout(location = 0) out vec4 fragColor; layout(binding = 1) uniform sampler2D _qt_texture; layout(std140, binding = 0) uniform buf { - mat4 matrix; + mat4 modelViewMatrix; + mat4 projectionMatrix; vec4 color; vec2 textureScale; float dpr; diff --git a/src/quick/scenegraph/shaders_ng/outlinedtext.frag b/src/quick/scenegraph/shaders_ng/outlinedtext.frag index 947d161a50..e2f82d3845 100644 --- a/src/quick/scenegraph/shaders_ng/outlinedtext.frag +++ b/src/quick/scenegraph/shaders_ng/outlinedtext.frag @@ -11,11 +11,12 @@ layout(location = 0) out vec4 fragColor; layout(binding = 1) uniform sampler2D _qt_texture; layout(std140, binding = 0) uniform buf { - // must match styledtext - mat4 matrix; + mat4 modelViewMatrix; + mat4 projectionMatrix; vec4 color; vec2 textureScale; float dpr; + // the above must stay compatible with textmask/8bittextmask vec4 styleColor; vec2 shift; } ubuf; diff --git a/src/quick/scenegraph/shaders_ng/outlinedtext.vert b/src/quick/scenegraph/shaders_ng/outlinedtext.vert index 023f9dfdc2..4068e42f28 100644 --- a/src/quick/scenegraph/shaders_ng/outlinedtext.vert +++ b/src/quick/scenegraph/shaders_ng/outlinedtext.vert @@ -10,11 +10,12 @@ layout(location = 3) out vec2 sCoordLeft; layout(location = 4) out vec2 sCoordRight; layout(std140, binding = 0) uniform buf { - // must match styledtext - mat4 matrix; + mat4 modelViewMatrix; + mat4 projectionMatrix; vec4 color; vec2 textureScale; float dpr; + // the above must stay compatible with textmask/8bittextmask vec4 styleColor; vec2 shift; } ubuf; @@ -28,6 +29,6 @@ void main() sCoordDown = (tCoord - vec2(0.0, 1.0)) * ubuf.textureScale; sCoordLeft = (tCoord - vec2(-1.0, 0.0)) * ubuf.textureScale; sCoordRight = (tCoord - vec2(1.0, 0.0)) * ubuf.textureScale; - vec3 dprSnapPos = floor(vCoord.xyz * ubuf.dpr + 0.5) / ubuf.dpr; - gl_Position = ubuf.matrix * vec4(dprSnapPos, vCoord.w); + vec4 xformed = ubuf.modelViewMatrix * vCoord; + gl_Position = ubuf.projectionMatrix * vec4(floor(xformed.xyz * ubuf.dpr + 0.5) / ubuf.dpr, xformed.w); } diff --git a/src/quick/scenegraph/shaders_ng/outlinedtext_a.frag b/src/quick/scenegraph/shaders_ng/outlinedtext_a.frag index 5b7bd9ca82..274d891a3c 100644 --- a/src/quick/scenegraph/shaders_ng/outlinedtext_a.frag +++ b/src/quick/scenegraph/shaders_ng/outlinedtext_a.frag @@ -11,11 +11,12 @@ layout(location = 0) out vec4 fragColor; layout(binding = 1) uniform sampler2D _qt_texture; layout(std140, binding = 0) uniform buf { - // must match styledtext - mat4 matrix; + mat4 modelViewMatrix; + mat4 projectionMatrix; vec4 color; vec2 textureScale; float dpr; + // the above must stay compatible with textmask/8bittextmask vec4 styleColor; vec2 shift; } ubuf; diff --git a/src/quick/scenegraph/shaders_ng/styledtext.frag b/src/quick/scenegraph/shaders_ng/styledtext.frag index 0b16396037..2e380dfeae 100644 --- a/src/quick/scenegraph/shaders_ng/styledtext.frag +++ b/src/quick/scenegraph/shaders_ng/styledtext.frag @@ -8,7 +8,8 @@ layout(location = 0) out vec4 fragColor; layout(binding = 1) uniform sampler2D _qt_texture; layout(std140, binding = 0) uniform buf { - mat4 matrix; + mat4 modelViewMatrix; + mat4 projectionMatrix; vec4 color; vec2 textureScale; float dpr; diff --git a/src/quick/scenegraph/shaders_ng/styledtext.vert b/src/quick/scenegraph/shaders_ng/styledtext.vert index beadf07c79..271dae8d8a 100644 --- a/src/quick/scenegraph/shaders_ng/styledtext.vert +++ b/src/quick/scenegraph/shaders_ng/styledtext.vert @@ -7,7 +7,8 @@ layout(location = 0) out vec2 sampleCoord; layout(location = 1) out vec2 shiftedSampleCoord; layout(std140, binding = 0) uniform buf { - mat4 matrix; + mat4 modelViewMatrix; + mat4 projectionMatrix; vec4 color; vec2 textureScale; float dpr; @@ -22,6 +23,6 @@ void main() { sampleCoord = tCoord * ubuf.textureScale; shiftedSampleCoord = (tCoord - ubuf.shift) * ubuf.textureScale; - vec3 dprSnapPos = floor(vCoord.xyz * ubuf.dpr + 0.5) / ubuf.dpr; - gl_Position = ubuf.matrix * vec4(dprSnapPos, vCoord.w); + vec4 xformed = ubuf.modelViewMatrix * vCoord; + gl_Position = ubuf.projectionMatrix * vec4(floor(xformed.xyz * ubuf.dpr + 0.5) / ubuf.dpr, xformed.w); } diff --git a/src/quick/scenegraph/shaders_ng/styledtext_a.frag b/src/quick/scenegraph/shaders_ng/styledtext_a.frag index b673137895..62e162c851 100644 --- a/src/quick/scenegraph/shaders_ng/styledtext_a.frag +++ b/src/quick/scenegraph/shaders_ng/styledtext_a.frag @@ -8,7 +8,8 @@ layout(location = 0) out vec4 fragColor; layout(binding = 1) uniform sampler2D _qt_texture; layout(std140, binding = 0) uniform buf { - mat4 matrix; + mat4 modelViewMatrix; + mat4 projectionMatrix; vec4 color; vec2 textureScale; float dpr; diff --git a/src/quick/scenegraph/shaders_ng/textmask.frag b/src/quick/scenegraph/shaders_ng/textmask.frag index 518d5c965f..ed8da4cd30 100644 --- a/src/quick/scenegraph/shaders_ng/textmask.frag +++ b/src/quick/scenegraph/shaders_ng/textmask.frag @@ -6,7 +6,8 @@ layout(location = 0) out vec4 fragColor; layout(binding = 1) uniform sampler2D _qt_texture; layout(std140, binding = 0) uniform buf { - mat4 matrix; + mat4 modelViewMatrix; + mat4 projectionMatrix; vec4 color; vec2 textureScale; float dpr; diff --git a/src/quick/scenegraph/shaders_ng/textmask.vert b/src/quick/scenegraph/shaders_ng/textmask.vert index 9d80d5dadb..e0b3c01bce 100644 --- a/src/quick/scenegraph/shaders_ng/textmask.vert +++ b/src/quick/scenegraph/shaders_ng/textmask.vert @@ -6,7 +6,8 @@ layout(location = 1) in vec2 tCoord; layout(location = 0) out vec2 sampleCoord; layout(std140, binding = 0) uniform buf { - mat4 matrix; + mat4 modelViewMatrix; + mat4 projectionMatrix; vec4 color; vec2 textureScale; float dpr; @@ -17,6 +18,6 @@ out gl_PerVertex { vec4 gl_Position; }; void main() { sampleCoord = tCoord * ubuf.textureScale; - vec3 dprSnapPos = floor(vCoord.xyz * ubuf.dpr + 0.5) / ubuf.dpr; - gl_Position = ubuf.matrix * vec4(dprSnapPos, vCoord.w); + vec4 xformed = ubuf.modelViewMatrix * vCoord; + gl_Position = ubuf.projectionMatrix * vec4(floor(xformed.xyz * ubuf.dpr + 0.5) / ubuf.dpr, xformed.w); } diff --git a/tests/manual/scenegraph_lancelot/data/text/text_nativerendering_subpixelpositions.qml b/tests/manual/scenegraph_lancelot/data/text/text_nativerendering_subpixelpositions.qml new file mode 100644 index 0000000000..c60fc4d8b0 --- /dev/null +++ b/tests/manual/scenegraph_lancelot/data/text/text_nativerendering_subpixelpositions.qml @@ -0,0 +1,91 @@ +import QtQuick 2.0 + +//vary font style, native rendering at non-integer offsets + +Item { + id: topLevel + width: 320 + height: 580 + + Repeater { + model: [Text.Normal, Text.Outline, Text.Raised, Text.Sunken] + Text { + y: 20 * index + clip: true + renderType: Text.NativeRendering + width: parent.width + wrapMode: Text.Wrap + font.pointSize: 10 + style: modelData + styleColor: "green" + text: "The quick fox jumps in style " + modelData + } + } + + Repeater { + model: [Text.Normal, Text.Outline, Text.Raised, Text.Sunken] + Text { + y: 100.5 + 20 * index + clip: true + renderType: Text.NativeRendering + width: parent.width + wrapMode: Text.Wrap + font.pointSize: 10 + style: modelData + styleColor: "green" + text: "The quick fox jumps in style " + modelData + } + } + + Repeater { + model: [Text.Normal, Text.Outline, Text.Raised, Text.Sunken] + Text { + y: 200.5 + 20 * index + x: 0.5 + clip: true + renderType: Text.NativeRendering + width: parent.width + wrapMode: Text.Wrap + font.pointSize: 10 + style: modelData + styleColor: "green" + text: "The quick fox jumps in style " + modelData + } + } + + Repeater { + model: [Text.Normal, Text.Outline, Text.Raised, Text.Sunken] + Text { + y: 300.5 + 20 * index + x: 0.5 + clip: true + renderType: Text.NativeRendering + width: parent.width + wrapMode: Text.Wrap + font.pointSize: 10 + style: modelData + styleColor: "green" + text: "The quick fox jumps in style " + modelData + } + } + + Repeater { + model: [Text.Normal, Text.Outline, Text.Raised, Text.Sunken] + Rectangle { + y: 400.5 + 20 * index + x: 0.5 + width: topLevel.width + height: topLevel.height + clip: true + Text { + renderType: Text.NativeRendering + width: parent.width + wrapMode: Text.Wrap + font.pointSize: 10 + style: modelData + styleColor: "green" + text: "The quick fox jumps in style " + modelData + } + } + } +} -- 2.36.0 From 8b0a4b1a329010e056b19fdd9940bad2036b5f57 Mon Sep 17 00:00:00 2001 From: Laszlo Agocs <laszlo.agocs@qt.io> Date: Mon, 11 Oct 2021 15:37:33 +0200 Subject: [PATCH 11/19] Revert "Fix for possible crash in QSGDefaultLayer::grab" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit 1c5de027d0c31d1d6697bd0557128d92207763d8. The fix here is not correct. Calling a QSGRhiLayer function from the gui thread is very wrong and can cause a set of unexpected issues. The Address Sanitizer catches this by recognizing that the render thread is trying to do something with an object destroyed in the meantime on the main thread in the layer->setItem(null) call. The issue the original fix is trying to address needs to be addressed in some different form. Fixes: QTBUG-94975 Pick-to: 6.2 6.1 5.15 Change-Id: I46f904026281201fc6d233ed7d3bdc7080934afe Reviewed-by: Christian Strømme <christian.stromme@qt.io> (cherry picked from commit a5f0361622eb08eab6c3474d5fc249d1962e3d1e) --- src/quick/items/qquickshadereffectsource.cpp | 8 -------- src/quick/items/qquickshadereffectsource_p.h | 1 - 2 files changed, 9 deletions(-) diff --git a/src/quick/items/qquickshadereffectsource.cpp b/src/quick/items/qquickshadereffectsource.cpp index 4f61d61309..b298ed74da 100644 --- a/src/quick/items/qquickshadereffectsource.cpp +++ b/src/quick/items/qquickshadereffectsource.cpp @@ -344,7 +344,6 @@ void QQuickShaderEffectSource::setSourceItem(QQuickItem *item) d->refFromEffectItem(m_hideSource); d->addItemChangeListener(this, QQuickItemPrivate::Geometry); connect(m_sourceItem, SIGNAL(destroyed(QObject*)), this, SLOT(sourceItemDestroyed(QObject*))); - connect(m_sourceItem, SIGNAL(parentChanged(QQuickItem*)), this, SLOT(sourceItemParentChanged(QQuickItem*))); } else { qWarning("ShaderEffectSource: sourceItem and ShaderEffectSource must both be children of the same window."); m_sourceItem = nullptr; @@ -364,13 +363,6 @@ void QQuickShaderEffectSource::sourceItemDestroyed(QObject *item) } -void QQuickShaderEffectSource::sourceItemParentChanged(QQuickItem *parent) -{ - if (!parent && m_texture) - m_texture->setItem(0); -} - - /*! \qmlproperty rect QtQuick::ShaderEffectSource::sourceRect diff --git a/src/quick/items/qquickshadereffectsource_p.h b/src/quick/items/qquickshadereffectsource_p.h index 4deb6c70a3..c0a1ccab78 100644 --- a/src/quick/items/qquickshadereffectsource_p.h +++ b/src/quick/items/qquickshadereffectsource_p.h @@ -173,7 +173,6 @@ Q_SIGNALS: private Q_SLOTS: void sourceItemDestroyed(QObject *item); void invalidateSceneGraph(); - void sourceItemParentChanged(QQuickItem *parent); protected: void releaseResources() override; -- 2.36.0 From 0e201d3561cecc8a1e982f81095f14af1dc3ceca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Arve=20S=C3=A6ther?= <jan-arve.saether@qt.io> Date: Thu, 3 Sep 2020 10:51:01 +0200 Subject: [PATCH 12/19] Fix TapHandler so that it actually registers a tap This bug caused all quick examples that used the shared\LauncherList.qml to be broken. In QtGui, QSinglePointEvent will construct itself with a point id of 0 if there is a valid point, and with a point id of -1 if the point is invalid (the default constructor does the latter). However, QQuickSinglePointHandler::wantsPointerEvent() did not agree with that, because it assumed that a point id of 0 meant uninitialized/invalid point. The fix is to change QQuickSinglePointHandler::wantsPointerEvent() and QQuickHandlerPoint so that it assumes that the id -1 is now an invalid point, (instead of 0) Change-Id: I8c9683dfe06ebb77c5342a26f08174b67e7cbd90 Reviewed-by: Shawn Rutledge <shawn.rutledge@qt.io> (cherry picked from commit 8d3a91016506fd0afedb0be535f7c34a4ca762f6) --- src/quick/handlers/qquickhandlerpoint.cpp | 4 ++-- src/quick/handlers/qquicksinglepointhandler.cpp | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/quick/handlers/qquickhandlerpoint.cpp b/src/quick/handlers/qquickhandlerpoint.cpp index 72efdfd0f4..6aef3545dd 100644 --- a/src/quick/handlers/qquickhandlerpoint.cpp +++ b/src/quick/handlers/qquickhandlerpoint.cpp @@ -82,7 +82,7 @@ void QQuickHandlerPoint::localize(QQuickItem *item) void QQuickHandlerPoint::reset() { - m_id = 0; + m_id = -1; m_uniqueId = QPointingDeviceUniqueId(); m_position = QPointF(); m_scenePosition = QPointF(); @@ -165,7 +165,7 @@ void QQuickHandlerPoint::reset(const QVector<QQuickHandlerPoint> &points) pressureSum += point.pressure(); ellipseDiameterSum += point.ellipseDiameters(); } - m_id = 0; + m_id = -1; m_uniqueId = QPointingDeviceUniqueId(); // all points are required to be from the same event, so pressed buttons and modifiers should be the same m_pressedButtons = points.first().pressedButtons(); diff --git a/src/quick/handlers/qquicksinglepointhandler.cpp b/src/quick/handlers/qquicksinglepointhandler.cpp index b51f53b74f..89081b4e84 100644 --- a/src/quick/handlers/qquicksinglepointhandler.cpp +++ b/src/quick/handlers/qquicksinglepointhandler.cpp @@ -75,7 +75,7 @@ bool QQuickSinglePointHandler::wantsPointerEvent(QQuickPointerEvent *event) if (!QQuickPointerDeviceHandler::wantsPointerEvent(event)) return false; - if (d->pointInfo.id()) { + if (d->pointInfo.id() != -1) { // We already know which one we want, so check whether it's there. // It's expected to be an update or a release. // If we no longer want it, cancel the grab. @@ -125,7 +125,7 @@ bool QQuickSinglePointHandler::wantsPointerEvent(QQuickPointerEvent *event) chosen->setAccepted(); } } - return d->pointInfo.id(); + return d->pointInfo.id() != -1; } void QQuickSinglePointHandler::handlePointerEventImpl(QQuickPointerEvent *event) -- 2.36.0 From 5af400361da5d66427c68bf743c8def70b7cbc8e Mon Sep 17 00:00:00 2001 From: Albert Astals Cid <aacid@kde.org> Date: Tue, 16 Nov 2021 22:43:37 +0100 Subject: [PATCH 13/19] Revert "Fix TapHandler so that it actually registers a tap" This reverts commit 36e8ccd434f948e4f11a8f9d59139ec072e41ff5. It's causing regresions --- src/quick/handlers/qquickhandlerpoint.cpp | 4 ++-- src/quick/handlers/qquicksinglepointhandler.cpp | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/quick/handlers/qquickhandlerpoint.cpp b/src/quick/handlers/qquickhandlerpoint.cpp index 6aef3545dd..72efdfd0f4 100644 --- a/src/quick/handlers/qquickhandlerpoint.cpp +++ b/src/quick/handlers/qquickhandlerpoint.cpp @@ -82,7 +82,7 @@ void QQuickHandlerPoint::localize(QQuickItem *item) void QQuickHandlerPoint::reset() { - m_id = -1; + m_id = 0; m_uniqueId = QPointingDeviceUniqueId(); m_position = QPointF(); m_scenePosition = QPointF(); @@ -165,7 +165,7 @@ void QQuickHandlerPoint::reset(const QVector<QQuickHandlerPoint> &points) pressureSum += point.pressure(); ellipseDiameterSum += point.ellipseDiameters(); } - m_id = -1; + m_id = 0; m_uniqueId = QPointingDeviceUniqueId(); // all points are required to be from the same event, so pressed buttons and modifiers should be the same m_pressedButtons = points.first().pressedButtons(); diff --git a/src/quick/handlers/qquicksinglepointhandler.cpp b/src/quick/handlers/qquicksinglepointhandler.cpp index 89081b4e84..b51f53b74f 100644 --- a/src/quick/handlers/qquicksinglepointhandler.cpp +++ b/src/quick/handlers/qquicksinglepointhandler.cpp @@ -75,7 +75,7 @@ bool QQuickSinglePointHandler::wantsPointerEvent(QQuickPointerEvent *event) if (!QQuickPointerDeviceHandler::wantsPointerEvent(event)) return false; - if (d->pointInfo.id() != -1) { + if (d->pointInfo.id()) { // We already know which one we want, so check whether it's there. // It's expected to be an update or a release. // If we no longer want it, cancel the grab. @@ -125,7 +125,7 @@ bool QQuickSinglePointHandler::wantsPointerEvent(QQuickPointerEvent *event) chosen->setAccepted(); } } - return d->pointInfo.id() != -1; + return d->pointInfo.id(); } void QQuickSinglePointHandler::handlePointerEventImpl(QQuickPointerEvent *event) -- 2.36.0 From 9a3aaa96c58d167ab9eec0d0c8105853e8c6117a Mon Sep 17 00:00:00 2001 From: Marc Mutz <marc.mutz@qt.io> Date: Tue, 21 Dec 2021 09:20:17 +0100 Subject: [PATCH 14/19] QQmlJs::FixedPoolArray: fix UB (precondition violation) in allocate() Says ubsan: qqmljsfixedpoolarray_p.h:90:19: runtime error: null pointer passed as argument 2, which is declared to never be null Fix, like in so many other places, by a size check. Pick-to: 6.3 6.2 5.15 Change-Id: I9181d6ecb467c2dc726978ce7f93b35a6bf2f944 Reviewed-by: Lars Knoll <lars.knoll@qt.io> (cherry picked from commit d74e931f3fc2587ac6d1e2930acbbe54ea5be2b5) --- src/qml/common/qqmljsfixedpoolarray_p.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/qml/common/qqmljsfixedpoolarray_p.h b/src/qml/common/qqmljsfixedpoolarray_p.h index b65b994d6c..15a8cd6878 100644 --- a/src/qml/common/qqmljsfixedpoolarray_p.h +++ b/src/qml/common/qqmljsfixedpoolarray_p.h @@ -86,7 +86,7 @@ public: if (QTypeInfo<T>::isComplex) { for (int i = 0; i < count; ++i) new (data + i) T(vector.at(i)); - } else { + } else if (count) { memcpy(data, static_cast<const void*>(vector.constData()), count * sizeof(T)); } } -- 2.36.0 From 2dc624d1f7771d4e93ad7f5293fb43cf539b1ca4 Mon Sep 17 00:00:00 2001 From: Ulf Hermann <ulf.hermann@qt.io> Date: Thu, 3 Feb 2022 10:02:06 +0100 Subject: [PATCH 15/19] V4: Do not call dtor of an object we continue to use After destroyObject(), the QObjectWrapper is still alive. We might use its heap object again. Furthermore, the Heap::QObjectWrapper dtor does not actually do anything defined. What we want to do here is clear the QObject pointer because we've just gotten rid of the QObject. There is a method for that: Heap::QObjectWrapper::destroy(). Finally, the internalClass must never ever be nullptr. Assert on that rather than checking it. Pick-to: 5.15 6.2 6.3 Task-number: QTBUG-100431 Change-Id: I794a295c182b2ed4ba80673f58d6143c861b7391 Reviewed-by: Andrei Golubev <andrei.golubev@qt.io> Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org> Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io> (cherry picked from commit 6c197319f34b8098d034f1543eb5feb9d7be54c3) --- src/qml/jsruntime/qv4qobjectwrapper.cpp | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/qml/jsruntime/qv4qobjectwrapper.cpp b/src/qml/jsruntime/qv4qobjectwrapper.cpp index 9899c9274e..272b85069f 100644 --- a/src/qml/jsruntime/qv4qobjectwrapper.cpp +++ b/src/qml/jsruntime/qv4qobjectwrapper.cpp @@ -1160,8 +1160,7 @@ void Heap::QObjectWrapper::markObjects(Heap::Base *that, QV4::MarkStack *markSta void QObjectWrapper::destroyObject(bool lastCall) { Heap::QObjectWrapper *h = d(); - if (!h->internalClass) - return; // destroyObject already got called + Q_ASSERT(h->internalClass); if (h->object()) { QQmlData *ddata = QQmlData::get(h->object(), false); @@ -1191,7 +1190,7 @@ void QObjectWrapper::destroyObject(bool lastCall) } } - h->~Data(); + h->destroy(); } -- 2.36.0 From 5eee7419f55c592a24d9c7746df0f197d8f0a71d Mon Sep 17 00:00:00 2001 From: Vlad Zahorodnii <vlad.zahorodnii@kde.org> Date: Sat, 29 Jan 2022 21:59:33 +0200 Subject: [PATCH 16/19] Make sure QQuickWidget and its offscreen window's screens are always in sync By default, the offscreen window is placed on the primary screen. However, if the parent widget argument is passed to the QQuickWidget's constructor, then QQuickWidget's and the offscreen window's screens can be different and that can create rendering issues, e.g. blurry text if the primary screen and QQuickWidget's screen have different scale factors. Change-Id: I10c62b5635664f943b11828773f14017f198a770 Reviewed-by: David Edmundson <davidedmundson@kde.org> Reviewed-by: Laszlo Agocs <laszlo.agocs@qt.io> (cherry picked from commit a2a2734bffa1459639b31fb3f4f83873ba44ab5c) --- src/quickwidgets/qquickwidget.cpp | 26 +++++++++++--------------- 1 file changed, 11 insertions(+), 15 deletions(-) diff --git a/src/quickwidgets/qquickwidget.cpp b/src/quickwidgets/qquickwidget.cpp index 39780f8de3..223d91f579 100644 --- a/src/quickwidgets/qquickwidget.cpp +++ b/src/quickwidgets/qquickwidget.cpp @@ -106,6 +106,7 @@ void QQuickWidgetPrivate::init(QQmlEngine* e) renderControl = new QQuickWidgetRenderControl(q); offscreenWindow = new QQuickWindow(*new QQuickOffcreenWindowPrivate(),renderControl); + offscreenWindow->setScreen(q->screen()); offscreenWindow->setTitle(QString::fromLatin1("Offscreen")); offscreenWindow->setObjectName(QString::fromLatin1("QQuickOffScreenWindow")); // Do not call create() on offscreenWindow. @@ -901,9 +902,7 @@ void QQuickWidgetPrivate::createContext() context = new QOpenGLContext; context->setFormat(offscreenWindow->requestedFormat()); - const QWindow *win = q->window()->windowHandle(); - if (win && win->screen()) - context->setScreen(win->screen()); + context->setScreen(q->screen()); QOpenGLContext *shareContext = qt_gl_global_share_context(); if (!shareContext) shareContext = QWidgetPrivate::get(q->window())->shareContext(); @@ -1520,19 +1519,16 @@ bool QQuickWidget::event(QEvent *e) d->handleWindowChange(); break; - case QEvent::ScreenChangeInternal: - if (QWindow *window = this->window()->windowHandle()) { - QScreen *newScreen = window->screen(); - - if (d->offscreenWindow) - d->offscreenWindow->setScreen(newScreen); - if (d->offscreenSurface) - d->offscreenSurface->setScreen(newScreen); + case QEvent::ScreenChangeInternal: { + QScreen *newScreen = screen(); + if (d->offscreenWindow) + d->offscreenWindow->setScreen(newScreen); + if (d->offscreenSurface) + d->offscreenSurface->setScreen(newScreen); #if QT_CONFIG(opengl) - if (d->context) - d->context->setScreen(newScreen); + if (d->context) + d->context->setScreen(newScreen); #endif - } if (d->useSoftwareRenderer #if QT_CONFIG(opengl) @@ -1545,7 +1541,7 @@ bool QQuickWidget::event(QEvent *e) d->render(true); } break; - + } case QEvent::Show: case QEvent::Move: d->updatePosition(); -- 2.36.0 From 51efb2ed2f071beda188270a23ac450fe4b318f7 Mon Sep 17 00:00:00 2001 From: Fabian Kosmale <fabian.kosmale@qt.io> Date: Wed, 4 May 2022 09:10:54 +0200 Subject: [PATCH 17/19] QQuickItem: Guard against cycles in nextPrevItemInTabFocusChain MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit nextPrevItemInTabFocusChain already had a check to prevent running into cycles, it would however only detect if we reached the original item. If our cycle instead would loop between reachable items without ever returning to the initial one, as in the diagram below, then we would never terminate the loop. /-->other item<---next item initial-item \ ^ \ | --->different item To prevent this from happening, we keep track of all items we've seen so far. One last complications arises due to the fact that we do visit the parent twice under some cicrcumstances, but we already have the skip variable to indicate that case – we simply skip the duplicate check if it is set to true. Pick-to: 6.2 6.3 Fixes: QTBUG-87190 Change-Id: I1449a7ebf8f325f00c296e8a8db4360faf1049e4 Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io> (cherry picked from commit e74bcf751495d9fe27efd195bc04e2a6ae6732a4) --- src/quick/items/qquickitem.cpp | 7 ++++++- .../data/activeFocusOnTab_infiniteLoop3.qml | 13 +++++++++++++ tests/auto/quick/qquickitem2/tst_qquickitem.cpp | 12 ++++++++++++ 3 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 tests/auto/quick/qquickitem2/data/activeFocusOnTab_infiniteLoop3.qml diff --git a/src/quick/items/qquickitem.cpp b/src/quick/items/qquickitem.cpp index 497672b497..81b0db0b69 100644 --- a/src/quick/items/qquickitem.cpp +++ b/src/quick/items/qquickitem.cpp @@ -59,6 +59,7 @@ #include <QtCore/private/qnumeric_p.h> #include <QtGui/qpa/qplatformtheme.h> #include <QtCore/qloggingcategory.h> +#include <QtCore/private/qduplicatetracker_p.h> #include <private/qqmlglobal_p.h> #include <private/qqmlengine_p.h> @@ -2520,6 +2521,7 @@ QQuickItem* QQuickItemPrivate::nextPrevItemInTabFocusChain(QQuickItem *item, boo QQuickItem *current = item; qCDebug(DBG_FOCUS) << "QQuickItemPrivate::nextPrevItemInTabFocusChain: startItem:" << startItem; qCDebug(DBG_FOCUS) << "QQuickItemPrivate::nextPrevItemInTabFocusChain: firstFromItem:" << firstFromItem; + QDuplicateTracker<QQuickItem *> cycleDetector; do { qCDebug(DBG_FOCUS) << "QQuickItemPrivate::nextPrevItemInTabFocusChain: current:" << current; qCDebug(DBG_FOCUS) << "QQuickItemPrivate::nextPrevItemInTabFocusChain: from:" << from; @@ -2586,7 +2588,10 @@ QQuickItem* QQuickItemPrivate::nextPrevItemInTabFocusChain(QQuickItem *item, boo // traversed all of the chain (by compare the [current] item with [startItem]) // Since the [startItem] might be promoted to its parent if it is invisible, // we still have to check [current] item with original start item - if ((current == startItem || current == originalStartItem) && from == firstFromItem) { + // We might also run into a cycle before we reach firstFromItem again + // but note that we have to ignore current if we are meant to skip it + if (((current == startItem || current == originalStartItem) && from == firstFromItem) || + (!skip && cycleDetector.hasSeen(current))) { // wrapped around, avoid endless loops if (item == contentItem) { qCDebug(DBG_FOCUS) << "QQuickItemPrivate::nextPrevItemInTabFocusChain: looped, return contentItem"; diff --git a/tests/auto/quick/qquickitem2/data/activeFocusOnTab_infiniteLoop3.qml b/tests/auto/quick/qquickitem2/data/activeFocusOnTab_infiniteLoop3.qml new file mode 100644 index 0000000000..889e480f3b --- /dev/null +++ b/tests/auto/quick/qquickitem2/data/activeFocusOnTab_infiniteLoop3.qml @@ -0,0 +1,13 @@ +import QtQuick 2.6 + +Item { + visible: true + Item { + visible: false + Item { + objectName: "hiddenChild" + activeFocusOnTab: true + focus: true + } + } +} diff --git a/tests/auto/quick/qquickitem2/tst_qquickitem.cpp b/tests/auto/quick/qquickitem2/tst_qquickitem.cpp index f65650cf9c..eeff768bb4 100644 --- a/tests/auto/quick/qquickitem2/tst_qquickitem.cpp +++ b/tests/auto/quick/qquickitem2/tst_qquickitem.cpp @@ -66,6 +66,7 @@ private slots: void activeFocusOnTab10(); void activeFocusOnTab_infiniteLoop_data(); void activeFocusOnTab_infiniteLoop(); + void activeFocusOnTab_infiniteLoopControls(); void nextItemInFocusChain(); void nextItemInFocusChain2(); @@ -1055,6 +1056,17 @@ void tst_QQuickItem::activeFocusOnTab_infiniteLoop() QCOMPARE(item, window->rootObject()); } + +void tst_QQuickItem::activeFocusOnTab_infiniteLoopControls() +{ + auto source = testFileUrl("activeFocusOnTab_infiniteLoop3.qml"); + QScopedPointer<QQuickView>window(new QQuickView()); + window->setSource(source); + window->show(); + QVERIFY(window->errors().isEmpty()); + QTest::keyClick(window.get(), Qt::Key_Tab); // should not hang +} + void tst_QQuickItem::nextItemInFocusChain() { if (!qt_tab_all_widgets()) -- 2.36.0 From 415cb49010e1f28405a6eeac16f3eb5a461330e5 Mon Sep 17 00:00:00 2001 From: Marc Mutz <marc.mutz@kdab.com> Date: Tue, 16 Jul 2019 11:23:37 +0200 Subject: [PATCH 18/19] QSGOpenGLDistanceFieldGlyphCache: fix multiplication result truncation The type of the expression int * int is int, so truncation has already happened when the result is assigned to a qint64. Fix by casting one of the multiplicants to qint64 before performing the multiplication. This multiplication cannot overflow, because int is 32-bit on all supported platforms. The addition of 'size' to the pointer will still truncate the result, on 32bit platforms, but that check is in itself UB. A follow-up commit will fix the check, and with it the last truncation to 32bit. Coverity-Id: 218769 Pick-to: 6.3 6.2 5.15 Change-Id: I0d71950695b9743db8c96d825e68bb1e9c47de02 Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io> Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> (cherry picked from commit cacfc1dbb9719c0ef55cff69dad0921ce1405438) --- src/quick/scenegraph/qsgrhidistancefieldglyphcache.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/quick/scenegraph/qsgrhidistancefieldglyphcache.cpp b/src/quick/scenegraph/qsgrhidistancefieldglyphcache.cpp index 53b6fe117f..f7cb8bede3 100644 --- a/src/quick/scenegraph/qsgrhidistancefieldglyphcache.cpp +++ b/src/quick/scenegraph/qsgrhidistancefieldglyphcache.cpp @@ -512,7 +512,7 @@ bool QSGRhiDistanceFieldGlyphCache::loadPregeneratedCache(const QRawFont &font) int width = texInfo->allocatedArea.width(); int height = texInfo->allocatedArea.height(); - qint64 size = width * height; + qint64 size = qint64(width) * height; if (reinterpret_cast<const char *>(textureData + size) > qtdfTableEnd) { qWarning("qtdf table too small in font '%s'.", qPrintable(font.familyName())); -- 2.36.0 From 2454c808bfe99b50084aea59adb917e805c27afa Mon Sep 17 00:00:00 2001 From: Marc Mutz <marc.mutz@kdab.com> Date: Tue, 16 Jul 2019 11:31:01 +0200 Subject: [PATCH 19/19] QSGOpenGLDistanceFieldGlyphCache: fix UB (ordering of pointers not from the same array) The code performed out of bounds checks by adding the size of the buffer to a pointer and comparing the result to the the one-past-the-end pointer of the buffer. This is UB, for three reasons: - in one case, a qint64 is added to a pointer, silently truncating the result on 32bit platforms - if the buffer overflow is large, the pointer value may wrap around, yielding a result that is numerically less than the end pointer, but still out-of-bounds. - pointer order is only defined within a C array, plus one past the end. On failure, pointers outside that range are compared. Fix by comparing distance(it, end) with the required size for the chunk to be written instead. Pick-to: 6.3 6.2 5.15 Change-Id: I356bb8c8a65a93b8b1c1eb7bac381dd64bea719e Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io> Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> (cherry picked from commit 8d9bd6b381bfc759d575954801b683354ad6a790) --- src/quick/scenegraph/qsgrhidistancefieldglyphcache.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/quick/scenegraph/qsgrhidistancefieldglyphcache.cpp b/src/quick/scenegraph/qsgrhidistancefieldglyphcache.cpp index f7cb8bede3..219cdd5966 100644 --- a/src/quick/scenegraph/qsgrhidistancefieldglyphcache.cpp +++ b/src/quick/scenegraph/qsgrhidistancefieldglyphcache.cpp @@ -446,7 +446,7 @@ bool QSGRhiDistanceFieldGlyphCache::loadPregeneratedCache(const QRawFont &font) const char *textureRecord = allocatorData; for (int i = 0; i < textureCount; ++i, textureRecord += Qtdf::TextureRecordSize) { - if (textureRecord + Qtdf::TextureRecordSize > qtdfTableEnd) { + if (qtdfTableEnd - textureRecord < Qtdf::TextureRecordSize) { qWarning("qtdf table too small in font '%s'.", qPrintable(font.familyName())); return false; @@ -462,7 +462,7 @@ bool QSGRhiDistanceFieldGlyphCache::loadPregeneratedCache(const QRawFont &font) const char *glyphRecord = textureRecord; for (quint32 i = 0; i < glyphCount; ++i, glyphRecord += Qtdf::GlyphRecordSize) { - if (glyphRecord + Qtdf::GlyphRecordSize > qtdfTableEnd) { + if (qtdfTableEnd - glyphRecord < Qtdf:: GlyphRecordSize) { qWarning("qtdf table too small in font '%s'.", qPrintable(font.familyName())); return false; @@ -513,7 +513,7 @@ bool QSGRhiDistanceFieldGlyphCache::loadPregeneratedCache(const QRawFont &font) int width = texInfo->allocatedArea.width(); int height = texInfo->allocatedArea.height(); qint64 size = qint64(width) * height; - if (reinterpret_cast<const char *>(textureData + size) > qtdfTableEnd) { + if (qtdfTableEnd - reinterpret_cast<const char *>(textureData) < size) { qWarning("qtdf table too small in font '%s'.", qPrintable(font.familyName())); return false; -- 2.36.0