Merge remote-tracking branch 'origin/5.12' into 5.13

Change-Id: Ic008bf9223a9ac293c925044355ff218f7ed7f78

8 files changed, 58 insertions, 12 deletions

diff --git a/src/3rdparty/masm/yarr/YarrParser.h b/src/3rdparty/masm/yarr/YarrParser.h
index 3e5311f1fb..edc6beb1f0 100644
--- a/src/3rdparty/masm/yarr/YarrParser.h
+++ b/src/3rdparty/masm/yarr/YarrParser.h
@@ -694,7 +694,8 @@ private:
         ASSERT(!hasError(m_errorCode));
         ASSERT(min <= max);
 
-        if (min == UINT_MAX) {
+        const unsigned quantifyLimit = 1 << 24;
+        if (min > quantifyLimit || (max != quantifyInfinite && max > quantifyLimit)) {
             m_errorCode = ErrorCode::QuantifierTooLarge;
             return;
         }
diff --git a/src/qml/compiler/qqmlpropertycachecreator_p.h b/src/qml/compiler/qqmlpropertycachecreator_p.h
index 074dc98648..901602d17b 100644
--- a/src/qml/compiler/qqmlpropertycachecreator_p.h
+++ b/src/qml/compiler/qqmlpropertycachecreator_p.h
@@ -703,8 +703,9 @@ inline QQmlCompileError QQmlPropertyCacheAliasCreator<ObjectContainer>::property
         QVarLengthArray<const QV4::CompiledData::Alias *, 4> seenAliases({lastAlias});
 
         do {
-            const CompiledObject *targetObject = objectContainer->objectAt(
-                    objectForId(component, lastAlias->targetObjectId));
+            const int targetObjectIndex = objectForId(component, lastAlias->targetObjectId);
+            Q_ASSERT(targetObjectIndex >= 0);
+            const CompiledObject *targetObject = objectContainer->objectAt(targetObjectIndex);
             Q_ASSERT(targetObject);
 
             auto nextAlias = targetObject->aliasesBegin();
diff --git a/src/qml/jsruntime/qv4engine.cpp b/src/qml/jsruntime/qv4engine.cpp
index 8057119064..f5c5c49f56 100644
--- a/src/qml/jsruntime/qv4engine.cpp
+++ b/src/qml/jsruntime/qv4engine.cpp
@@ -172,7 +172,7 @@ ExecutionEngine::ExecutionEngine(QJSEngine *jsEngine)
         bool ok = false;
         maxCallDepth = qEnvironmentVariableIntValue("QV4_MAX_CALL_DEPTH", &ok);
         if (!ok || maxCallDepth <= 0) {
-#if defined(QT_NO_DEBUG) && !defined(__SANITIZE_ADDRESS__)
+#if defined(QT_NO_DEBUG) && !defined(__SANITIZE_ADDRESS__) && !QT_HAS_FEATURE(address_sanitizer)
             maxCallDepth = 1234;
 #else
             // no (tail call) optimization is done, so there'll be a lot mare stack frames active
diff --git a/src/qml/jsruntime/qv4qmlcontext.cpp b/src/qml/jsruntime/qv4qmlcontext.cpp
index 12ada7ee70..0c5226d46c 100644
--- a/src/qml/jsruntime/qv4qmlcontext.cpp
+++ b/src/qml/jsruntime/qv4qmlcontext.cpp
@@ -458,11 +458,17 @@ ReturnedValue QQmlContextWrapper::resolveQmlContextPropertyLookupGetter(Lookup *
     // into the handler expression through the locals of the call context. So for onClicked: { ... }
     // the parameters of the clicked signal are injected and we must allow for them to be found here
     // before any other property from the QML context.
-    ExecutionContext &ctx = static_cast<ExecutionContext &>(engine->currentStackFrame->jsFrame->context);
-    if (ctx.d()->type == Heap::ExecutionContext::Type_CallContext) {
-        uint index = ctx.d()->internalClass->indexOfValueOrGetter(name);
-        if (index < UINT_MAX)
-            return static_cast<Heap::CallContext*>(ctx.d())->locals[index].asReturnedValue();
+    for (Heap::ExecutionContext *ctx = engine->currentContext()->d(); ctx; ctx = ctx->outer) {
+        if (ctx->type == Heap::ExecutionContext::Type_CallContext) {
+            const uint index = ctx->internalClass->indexOfValueOrGetter(name);
+            if (index < std::numeric_limits<uint>::max())
+                return static_cast<Heap::CallContext *>(ctx)->locals[index].asReturnedValue();
+        }
+
+        // Skip only block contexts within the current call context.
+        // Other contexts need a regular QML property lookup. See below.
+        if (ctx->type != Heap::ExecutionContext::Type_BlockContext)
+            break;
     }
 
     bool hasProperty = false;
diff --git a/src/quick/handlers/qquickpinchhandler.cpp b/src/quick/handlers/qquickpinchhandler.cpp
index 9ae2116d39..dc1a9a92f9 100644
--- a/src/quick/handlers/qquickpinchhandler.cpp
+++ b/src/quick/handlers/qquickpinchhandler.cpp
@@ -285,9 +285,9 @@ void QQuickPinchHandler::onActiveChanged()
             m_startScale = m_accumulatedScale;
             m_startRotation = 0;
         }
-        qCInfo(lcPinchHandler) << "activated with starting scale" << m_startScale << "rotation" << m_startRotation;
+        qCDebug(lcPinchHandler) << "activated with starting scale" << m_startScale << "rotation" << m_startRotation;
     } else {
-        qCInfo(lcPinchHandler) << "deactivated with scale" << m_activeScale << "rotation" << m_activeRotation;
+        qCDebug(lcPinchHandler) << "deactivated with scale" << m_activeScale << "rotation" << m_activeRotation;
     }
 }
 
diff --git a/tests/auto/qml/debugger/qv4debugger/tst_qv4debugger.cpp b/tests/auto/qml/debugger/qv4debugger/tst_qv4debugger.cpp
index b75fb6b895..497c721f50 100644
--- a/tests/auto/qml/debugger/qv4debugger/tst_qv4debugger.cpp
+++ b/tests/auto/qml/debugger/qv4debugger/tst_qv4debugger.cpp
@@ -322,6 +322,8 @@ private slots:
     void lastLineOfConditional();
 
     void readThis();
+    void signalParameters();
+
 private:
     QV4Debugger *debugger() const
     {
@@ -899,6 +901,31 @@ void tst_qv4debugger::readThis()
     QCOMPARE(a.value("value").toInt(), 5);
 }
 
+void tst_qv4debugger::signalParameters()
+{
+    QQmlEngine engine;
+    QV4::ExecutionEngine *v4 = engine.handle();
+    v4->setDebugger(new QV4Debugger(v4));
+
+    QQmlComponent component(&engine);
+    component.setData("import QtQml 2.12\n"
+                      "QtObject {\n"
+                      "    id: root\n"
+                      "    property string result\n"
+                      "    signal signalWithArg(string textArg)\n"
+                      "    property Connections connections : Connections {\n"
+                      "        target: root\n"
+                      "        onSignalWithArg: { root.result = textArg; }\n"
+                      "    }\n"
+                      "    Component.onCompleted: signalWithArg('something')\n"
+                      "}", QUrl("test.qml"));
+
+    QVERIFY(component.isReady());
+    QScopedPointer<QObject> obj(component.create());
+    QVERIFY(obj);
+    QCOMPARE(obj->property("result").toString(), QLatin1String("something"));
+}
+
 QTEST_MAIN(tst_qv4debugger)
 
 #include "tst_qv4debugger.moc"
diff --git a/tests/auto/qml/qqmlecmascript/tst_qqmlecmascript.cpp b/tests/auto/qml/qqmlecmascript/tst_qqmlecmascript.cpp
index c714cf5d60..09b271c5f1 100644
--- a/tests/auto/qml/qqmlecmascript/tst_qqmlecmascript.cpp
+++ b/tests/auto/qml/qqmlecmascript/tst_qqmlecmascript.cpp
@@ -368,6 +368,7 @@ private slots:
     void saveAccumulatorBeforeToInt32();
     void intMinDividedByMinusOne();
     void undefinedPropertiesInObjectWrapper();
+    void hugeRegexpQuantifiers();
 
 private:
 //    static void propertyVarWeakRefCallback(v8::Persistent<v8::Value> object, void* parameter);
@@ -8975,6 +8976,16 @@ void tst_qqmlecmascript::undefinedPropertiesInObjectWrapper()
     QVERIFY(!object.isNull());
 }
 
+void tst_qqmlecmascript::hugeRegexpQuantifiers()
+{
+    QJSEngine engine;
+    QJSValue value = engine.evaluate("/({3072140529})?{3072140529}/");
+
+    // It's a regular expression, but it won't match anything.
+    // The RegExp compiler also shouldn't crash.
+    QVERIFY(value.isRegExp());
+}
+
 QTEST_MAIN(tst_qqmlecmascript)
 
 #include "tst_qqmlecmascript.moc"
diff --git a/tools/qmlcachegen/qtquickcompiler.prf b/tools/qmlcachegen/qtquickcompiler.prf
index 9c8c7a7b1e..2f98aadefe 100644
--- a/tools/qmlcachegen/qtquickcompiler.prf
+++ b/tools/qmlcachegen/qtquickcompiler.prf
@@ -1,4 +1,4 @@
-qtc_run: return()
+if(qtc_run|lupdate_run): return()
 
 qtPrepareTool(QML_CACHEGEN, qmlcachegen, _FILTER)
 qtPrepareTool(QMAKE_RCC, rcc, _DEP)