Merge pull request #9065 from huffman/fix/script-engine-abuse

Fix deleteLater() vulnerability in scripts
2025-03-11 16:13:16 +01:00 · 2017-01-09 11:02:28 -08:00 · 2017-01-09 11:02:28 -08:00 · 39070fe0d1
commit 39070fe0d1
parent 30d5f70e11 601aa51392
2 changed files with 10 additions and 6 deletions
--- a/libraries/script-engine/src/ScriptEngine.cpp
+++ b/libraries/script-engine/src/ScriptEngine.cpp
@ -66,6 +66,8 @@
 #include "MIDIEvent.h"
 static const QString SCRIPT_EXCEPTION_FORMAT = "[UncaughtException] %1 in %2:%3";
 static const QScriptEngine::QObjectWrapOptions DEFAULT_QOBJECT_WRAP_OPTIONS =
                QScriptEngine::ExcludeDeleteLater | QScriptEngine::ExcludeChildObjects;
 Q_DECLARE_METATYPE(QScriptEngine::FunctionSignature)
 int functionSignatureMetaID = qRegisterMetaType<QScriptEngine::FunctionSignature>();
@ -94,7 +96,7 @@ static QScriptValue debugPrint(QScriptContext* context, QScriptEngine* engine){
 }
 QScriptValue avatarDataToScriptValue(QScriptEngine* engine, AvatarData* const &in) {
-    return engine->newQObject(in);
+    return engine->newQObject(in, QScriptEngine::QtOwnership, DEFAULT_QOBJECT_WRAP_OPTIONS);
 }
 void avatarDataFromScriptValue(const QScriptValue &object, AvatarData* &out) {
@ -105,7 +107,7 @@ Q_DECLARE_METATYPE(controller::InputController*)
 //static int inputControllerPointerId = qRegisterMetaType<controller::InputController*>();
 QScriptValue inputControllerToScriptValue(QScriptEngine *engine, controller::InputController* const &in) {
-    return engine->newQObject(in);
+    return engine->newQObject(in, QScriptEngine::QtOwnership, DEFAULT_QOBJECT_WRAP_OPTIONS);
 }
 void inputControllerFromScriptValue(const QScriptValue &object, controller::InputController* &out) {
@ -459,7 +461,8 @@ static QScriptValue scriptableResourceToScriptValue(QScriptEngine* engine, const
    auto object = engine->newQObject(
        const_cast<ScriptableResourceRawPtr>(resource),
-        QScriptEngine::ScriptOwnership);
+        QScriptEngine::ScriptOwnership,
        DEFAULT_QOBJECT_WRAP_OPTIONS);
    return object;
 }
@ -478,7 +481,8 @@ static QScriptValue createScriptableResourcePrototype(QScriptEngine* engine) {
        state->setProperty(metaEnum.key(i), metaEnum.value(i));
    }
-    auto prototypeState = engine->newQObject(state, QScriptEngine::QtOwnership, QScriptEngine::ExcludeSlots | QScriptEngine::ExcludeSuperClassMethods);
+    auto prototypeState = engine->newQObject(state, QScriptEngine::QtOwnership,
       QScriptEngine::ExcludeDeleteLater | QScriptEngine::ExcludeSlots | QScriptEngine::ExcludeSuperClassMethods);
    prototype.setProperty("State", prototypeState);
    return prototype;
@ -611,7 +615,7 @@ void ScriptEngine::registerGlobalObject(const QString& name, QObject* object) {
    if (!globalObject().property(name).isValid()) {
        if (object) {
-            QScriptValue value = newQObject(object);
+            QScriptValue value = newQObject(object, QScriptEngine::QtOwnership, DEFAULT_QOBJECT_WRAP_OPTIONS);
            globalObject().setProperty(name, value);
        } else {
            globalObject().setProperty(name, QScriptValue());
--- a/libraries/shared/src/SpatiallyNestable.cpp
+++ b/libraries/shared/src/SpatiallyNestable.cpp
@ -489,7 +489,7 @@ glm::vec3 SpatiallyNestable::getVelocity() const {
    bool success;
    glm::vec3 result = getVelocity(success);
    if (!success) {
-        qCDebug(shared) << "Warning -- setVelocity failed" << getID();
+        qCDebug(shared) << "Warning -- getVelocity failed" << getID();
    }
    return result;
 }