diff options
author | Lars Knoll <lars.knoll@qt.io> | 2018-02-15 15:39:01 +0100 |
---|---|---|
committer | Lars Knoll <lars.knoll@qt.io> | 2018-02-16 08:16:37 +0000 |
commit | 8fdf466741f31bc9f33db7b5d09c2e282f0b6bbe (patch) | |
tree | 611fd52836925a0f3623cc36831f094f52ed7e3f | |
parent | 557e7629ac7a1d1b11adf8f7018bb2ae611e9242 (diff) |
Fix crash when changing from a simple to a sparse array
After that change, if we ran out of slots in the freeList,
the last entry would point to the first Value in the value
array, not indicating that we ran out of free slots.
Conflicts:
src/qml/jsruntime/qv4sparsearray_p.h
Task-number: QTBUG-65828
Change-Id: I3e57bb7a0c2dc29172a485a6ea957b6ab5ac962e
(cherry picked from commit 16ca5eab9bdd31774dc8e657f217e044640eecff)
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
-rw-r--r-- | src/qml/jsruntime/qv4arraydata.cpp | 2 | ||||
-rw-r--r-- | src/qml/jsruntime/qv4arraydata_p.h | 4 |
2 files changed, 5 insertions, 1 deletions
diff --git a/src/qml/jsruntime/qv4arraydata.cpp b/src/qml/jsruntime/qv4arraydata.cpp index dac899e23f..0944e6d271 100644 --- a/src/qml/jsruntime/qv4arraydata.cpp +++ b/src/qml/jsruntime/qv4arraydata.cpp @@ -214,8 +214,8 @@ void ArrayData::realloc(Object *o, Type newType, uint requested, bool enforceAtt sparse->arrayData[i].setEmpty(); lastFree = &sparse->arrayData[i].rawValueRef(); } - storeValue(lastFree, UINT_MAX); } + storeValue(lastFree, UINT_MAX); Q_ASSERT(Value::fromReturnedValue(sparse->freeList).isEmpty()); // ### Could explicitly free the old data diff --git a/src/qml/jsruntime/qv4arraydata_p.h b/src/qml/jsruntime/qv4arraydata_p.h index daf8c36814..ac6087891d 100644 --- a/src/qml/jsruntime/qv4arraydata_p.h +++ b/src/qml/jsruntime/qv4arraydata_p.h @@ -156,6 +156,10 @@ struct SimpleArrayData : public ArrayData { V4_ASSERT_IS_TRIVIAL(SimpleArrayData) struct SparseArrayData : public ArrayData { + void init() { + ArrayData::init(); + freeList = Primitive::emptyValue(UINT_MAX).asReturnedValue(); + } void destroy() { delete sparse; ArrayData::destroy(); |