diff options
author | Lars Knoll <lars.knoll@qt.io> | 2018-04-23 09:09:19 +0200 |
---|---|---|
committer | Lars Knoll <lars.knoll@qt.io> | 2018-04-24 10:46:13 +0000 |
commit | 950de04322191c16c3066707889b17b0f5eb2ee6 (patch) | |
tree | 55b77a356ecc876e0ea264ee23790a5eca51195b | |
parent | 7bd77083032c6414f23b994617fb907be32f4d83 (diff) |
Fix crash in Function.prototype.bind
Allocating a 0 sized MemberData hits an assertion
in debug builds.
Change-Id: I0251b2b38f4b48c7ed35d22f88c0c5c4a98e6464
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
-rw-r--r-- | src/qml/jsruntime/qv4functionobject.cpp | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/src/qml/jsruntime/qv4functionobject.cpp b/src/qml/jsruntime/qv4functionobject.cpp index dc8ee550d5..83608070ec 100644 --- a/src/qml/jsruntime/qv4functionobject.cpp +++ b/src/qml/jsruntime/qv4functionobject.cpp @@ -360,13 +360,15 @@ ReturnedValue FunctionPrototype::method_bind(const FunctionObject *b, const Valu BoundFunction *bound = static_cast<BoundFunction *>(target.getPointer()); Scoped<MemberData> oldArgs(scope, bound->boundArgs()); boundThis = bound->boundThis(); - int oldSize = oldArgs->size(); - boundArgs = MemberData::allocate(scope.engine, oldSize + nArgs); - boundArgs->d()->values.size = oldSize + nArgs; - for (uint i = 0; i < static_cast<uint>(oldSize); ++i) - boundArgs->set(scope.engine, i, oldArgs->data()[i]); - for (uint i = 0; i < static_cast<uint>(nArgs); ++i) - boundArgs->set(scope.engine, oldSize + i, argv[i + 1]); + int oldSize = !oldArgs ? 0 : oldArgs->size(); + if (oldSize + nArgs) { + boundArgs = MemberData::allocate(scope.engine, oldSize + nArgs); + boundArgs->d()->values.size = oldSize + nArgs; + for (uint i = 0; i < static_cast<uint>(oldSize); ++i) + boundArgs->set(scope.engine, i, oldArgs->data()[i]); + for (uint i = 0; i < static_cast<uint>(nArgs); ++i) + boundArgs->set(scope.engine, oldSize + i, argv[i + 1]); + } target = bound->target(); } else if (nArgs) { boundArgs = MemberData::allocate(scope.engine, nArgs); |