diff options
| author | Ulf Hermann <ulf.hermann@qt.io> | 2020-01-06 16:02:08 +0100 |
|---|---|---|
| committer | Ulf Hermann <ulf.hermann@qt.io> | 2020-01-07 08:44:17 +0100 |
| commit | 09c4ec32028aff82dcec6f1c74d721f7c6279738 (patch) | |
| tree | 2c2c7c0ea628da34ba309fee29abd56493e1b7a1 | |
| parent | f60cde61149655d004343ab97f18b3414871d75b (diff) | |
V4: Catch error when compiling broken RegExps
Otherwise we try to assign an invalid RegExp object, which crashes.
Change-Id: I85478406524a2a9d7542758caaa1b42b4090bb93
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
| -rw-r--r-- | src/qml/jsruntime/qv4regexpobject.cpp | 4 | ||||
| -rw-r--r-- | tests/auto/qml/qjsengine/tst_qjsengine.cpp | 17 |
2 files changed, 19 insertions, 2 deletions
diff --git a/src/qml/jsruntime/qv4regexpobject.cpp b/src/qml/jsruntime/qv4regexpobject.cpp index c1a42c4afa..f1375e4ca4 100644 --- a/src/qml/jsruntime/qv4regexpobject.cpp +++ b/src/qml/jsruntime/qv4regexpobject.cpp @@ -961,8 +961,8 @@ ReturnedValue RegExpPrototype::method_compile(const FunctionObject *b, const Val return scope.engine->throwTypeError(); Scoped<RegExpObject> re(scope, scope.engine->regExpCtor()->callAsConstructor(argv, argc)); - - r->d()->value.set(scope.engine, re->value()); + if (re) // Otherwise the regexp constructor should have thrown an exception + r->d()->value.set(scope.engine, re->value()); return Encode::undefined(); } diff --git a/tests/auto/qml/qjsengine/tst_qjsengine.cpp b/tests/auto/qml/qjsengine/tst_qjsengine.cpp index 9f697e5a74..43c931ecf7 100644 --- a/tests/auto/qml/qjsengine/tst_qjsengine.cpp +++ b/tests/auto/qml/qjsengine/tst_qjsengine.cpp @@ -254,6 +254,7 @@ private slots: void triggerBackwardJumpWithDestructuring(); void arrayConcatOnSparseArray(); void sortSparseArray(); + void compileBrokenRegexp(); public: Q_INVOKABLE QJSValue throwingCppMethod1(); @@ -5003,6 +5004,22 @@ void tst_QJSEngine::sortSparseArray() QVERIFY(value.property(10).isUndefined()); } +void tst_QJSEngine::compileBrokenRegexp() +{ + QJSEngine engine; + const auto value = engine.evaluate( + "(function() {" + "var ret = new RegExp(Array(4097).join(" + " String.fromCharCode(58)) + Array(4097).join(String.fromCharCode(480)) " + " + Array(65537).join(String.fromCharCode(5307)));" + "return RegExp.prototype.compile.call(ret, 'a','b');" + "})();" + ); + + QVERIFY(value.isError()); + QCOMPARE(value.toString(), "SyntaxError: Invalid flags supplied to RegExp constructor"); +} + QTEST_MAIN(tst_QJSEngine) #include "tst_qjsengine.moc" |