QML: Don't crash when calling coerceAndCall() with null thisObject

Pick-to: 6.5
Fixes: QTBUG-119395
Change-Id: I5877beef9a53d358a6f58f9ce5029688bd9dcedb
Reviewed-by: Olivier De Cannière <olivier.decanniere@qt.io>
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
(cherry picked from commit 87d27d06543b442f1ab1c29c22a1ad4f2432034e)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>

4 files changed, 37 insertions, 2 deletions

diff --git a/src/qml/jsruntime/qv4jscall_p.h b/src/qml/jsruntime/qv4jscall_p.h
index a84689f5e1..f9c07e0260 100644
--- a/src/qml/jsruntime/qv4jscall_p.h
+++ b/src/qml/jsruntime/qv4jscall_p.h
@@ -128,10 +128,13 @@ ReturnedValue convertAndCall(
         values[0] = nullptr;
     }
 
-    if (const QV4::QObjectWrapper *cppThisObject = thisObject->as<QV4::QObjectWrapper>())
+    if (const QV4::QObjectWrapper *cppThisObject = thisObject
+                ? thisObject->as<QV4::QObjectWrapper>()
+                : nullptr) {
         call(cppThisObject->object(), values, types, argc);
-    else
+    } else {
         call(nullptr, values, types, argc);
+    }
 
     ReturnedValue result;
     if (values[0]) {
diff --git a/tests/auto/qml/qmlcppcodegen/data/CMakeLists.txt b/tests/auto/qml/qmlcppcodegen/data/CMakeLists.txt
index a4aa6e12ff..8c28f578ea 100644
--- a/tests/auto/qml/qmlcppcodegen/data/CMakeLists.txt
+++ b/tests/auto/qml/qmlcppcodegen/data/CMakeLists.txt
@@ -194,6 +194,7 @@ set(qml_files
     popContextAfterRet.qml
     prefixedMetaType.qml
     pressAndHoldButton.qml
+    reduceWithNullThis.qml
     readEnumFromInstance.qml
     registerPropagation.qml
     registerelimination.qml
diff --git a/tests/auto/qml/qmlcppcodegen/data/reduceWithNullThis.qml b/tests/auto/qml/qmlcppcodegen/data/reduceWithNullThis.qml
new file mode 100644
index 0000000000..c6fda8c739
--- /dev/null
+++ b/tests/auto/qml/qmlcppcodegen/data/reduceWithNullThis.qml
@@ -0,0 +1,18 @@
+import QtQml
+
+QtObject {
+    id: mainItem
+    property int topPadding: 12
+    property int bottomPadding: 12
+
+    property int preferredHeight: mainItem.children.reduce(maximumImplicitHeightReducer, 0) + topPadding + bottomPadding
+    function maximumImplicitHeightReducer(accumulator: real, item: Binding): real {
+        return Math.max(accumulator, (item.objectName + "b").length);
+    }
+
+    property int preferredHeight2: mainItem.children.reduce((accumulator, item) => {
+        return Math.max(accumulator, (item.objectName + "b").length);
+    }, 0) + topPadding + bottomPadding
+
+    property list<Binding> children: [ Binding { objectName: "aaa" } ]
+}
diff --git a/tests/auto/qml/qmlcppcodegen/tst_qmlcppcodegen.cpp b/tests/auto/qml/qmlcppcodegen/tst_qmlcppcodegen.cpp
index 9a330c4c06..3b1c5d47fe 100644
--- a/tests/auto/qml/qmlcppcodegen/tst_qmlcppcodegen.cpp
+++ b/tests/auto/qml/qmlcppcodegen/tst_qmlcppcodegen.cpp
@@ -159,6 +159,7 @@ private slots:
     void popContextAfterRet();
     void prefixedType();
     void propertyOfParent();
+    void reduceWithNullThis();
     void readEnumFromInstance();
     void registerElimination();
     void registerPropagation();
@@ -3370,6 +3371,18 @@ void tst_QmlCppCodegen::propertyOfParent()
     }
 }
 
+void tst_QmlCppCodegen::reduceWithNullThis()
+{
+    QQmlEngine engine;
+    QQmlComponent component(&engine, QUrl(u"qrc:/qt/qml/TestTypes/reduceWithNullThis.qml"_s));
+    QVERIFY2(component.isReady(), component.errorString().toUtf8());
+    QScopedPointer<QObject> object(component.create());
+    QVERIFY(!object.isNull());
+
+    QCOMPARE(object->property("preferredHeight").toDouble(), 28.0);
+    QCOMPARE(object->property("preferredHeight2").toDouble(), 28.0);
+}
+
 void tst_QmlCppCodegen::readEnumFromInstance()
 {
     QQmlEngine engine;