From d924253c910ba98d16aa0784527df856d21b18a3 Mon Sep 17 00:00:00 2001 From: Volker Hilsheimer Date: Fri, 7 Apr 2023 11:58:38 +0200 Subject: [PATCH] QSqlResult: remove bad API returning non-const reference QSqlResult::boundValues is a const member function, but returned a non- const reference to a QList. This is a bad and potentially dangerous API, as callers can modify the list stored in QSqlResult. Move that API into the removed_api translation unit, remove it from Qt 6.6 on and replace it with two suitable overloads where the const version returns a QVariantList by value, and the non-const overload returns a mutable reference. Driver implementations that used to call the const overload to get a mutable reference are now calling the non-const overload instead (those calls are all made in the non-const exec() or equivalent driver implementations). As a drive-by, replace "vector" with "list" in the documentation. Change-Id: I6e4fd8f5749b939cdb609bf5876735e9b30b2b5a Reviewed-by: Marc Mutz (cherry picked from commit 3f72b0d5fc70d3cf7daa4badccd5a40fc8b0726a) Reviewed-by: Qt Cherry-pick Bot --- src/sql/compat/removed_api.cpp | 19 ++++++++++++++----- src/sql/kernel/qsqlresult.cpp | 21 ++++++++++++++++++--- src/sql/kernel/qsqlresult.h | 6 +++++- 3 files changed, 37 insertions(+), 9 deletions(-) diff --git a/src/sql/compat/removed_api.cpp b/src/sql/compat/removed_api.cpp index ff223b9967b..9da60eceda0 100644 --- a/src/sql/compat/removed_api.cpp +++ b/src/sql/compat/removed_api.cpp @@ -9,10 +9,6 @@ QT_USE_NAMESPACE #if QT_SQL_REMOVED_SINCE(6, 4) -// #include -// // implement removed functions from qotherheader.h -// order sections alphabetically to reduce chances of merge conflicts - #endif // QT_SQL_REMOVED_SINCE(6, 4) #if QT_SQL_REMOVED_SINCE(6, 5) @@ -36,8 +32,21 @@ void QSqlTableModel::setQuery(const QSqlQuery &query) #endif // QT_CONFIG(sqlmodel) +#endif // QT_SQL_REMOVED_SINCE(6, 5) + +#if QT_SQL_REMOVED_SINCE(6, 6) + +#include "qsqlresult.h" +#include + // #include // // implement removed functions from qotherheader.h // order sections alphabetically to reduce chances of merge conflicts -#endif // QT_SQL_REMOVED_SINCE(6, 5) +QList &QSqlResult::boundValues() const +{ + Q_D(const QSqlResult); + return const_cast(d)->values; +} + +#endif // QT_SQL_REMOVED_SINCE(6, 6) diff --git a/src/sql/kernel/qsqlresult.cpp b/src/sql/kernel/qsqlresult.cpp index 1b7daa8d0f6..aa3608fb8cc 100644 --- a/src/sql/kernel/qsqlresult.cpp +++ b/src/sql/kernel/qsqlresult.cpp @@ -784,17 +784,32 @@ int QSqlResult::boundValueCount() const } /*! - Returns a vector of the result's bound values for the current + Returns a list of the result's bound values for the current record (row). \sa boundValueCount() */ -QList &QSqlResult::boundValues() const +QVariantList QSqlResult::boundValues(QT6_IMPL_NEW_OVERLOAD) const { Q_D(const QSqlResult); - return const_cast(d)->values; + return d->values; } +/*! + \overload + + Returns a mutable reference to the list of the result's bound values + for the current record (row). + + \sa boundValueCount() +*/ +QVariantList &QSqlResult::boundValues(QT6_IMPL_NEW_OVERLOAD) +{ + Q_D(QSqlResult); + return d->values; +} + + /*! Returns the binding syntax used by prepared queries. */ diff --git a/src/sql/kernel/qsqlresult.h b/src/sql/kernel/qsqlresult.h index c16564a5162..1135caf7651 100644 --- a/src/sql/kernel/qsqlresult.h +++ b/src/sql/kernel/qsqlresult.h @@ -69,8 +69,12 @@ protected: QSql::ParamType bindValueType(const QString& placeholder) const; QSql::ParamType bindValueType(int pos) const; int boundValueCount() const; - // ### Qt 7 - don't return a non-const reference from a const function +#if QT_SQL_REMOVED_SINCE(6, 6) QList &boundValues() const; +#endif + QVariantList &boundValues(QT6_DECL_NEW_OVERLOAD); + QVariantList boundValues(QT6_DECL_NEW_OVERLOAD) const; + QString executedQuery() const; QStringList boundValueNames() const; QString boundValueName(int pos) const;