aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@digia.com>2014-05-05 15:01:10 +0200
committerThe Qt Project <gerrit-noreply@qt-project.org>2014-05-05 20:59:07 +0200
commitbef0fd5fe9bdcdfa6eb9f0e14fa096038f391139 (patch)
tree989d25ef99a33165c5ba26babac98368835cdca3
parentd98362f5e9cc5c07cff5f32672aa448b0a0c31c4 (diff)
Android: Fix crash in String.replace() in release buildsv5.3.0-rc1
When enabling optimizations in the compiler, it produces bogus code for the regExp->value deref in the line nMatchOffsets += regExp->value->captureCount() * 2 This is a random refactoring to work around the compiler bug. The only line that actually needs to be touched is the one mentioned above, but I replaced all uses of regExp->value so that it wouldn't look too weird. Task-number: QTBUG-38692 Change-Id: Ib33a523a86ce51ebc6c7095a803fedaebcaa8e63 Reviewed-by: Lars Knoll <lars.knoll@digia.com> Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>
-rw-r--r--src/qml/jsruntime/qv4stringobject.cpp11
1 files changed, 7 insertions, 4 deletions
diff --git a/src/qml/jsruntime/qv4stringobject.cpp b/src/qml/jsruntime/qv4stringobject.cpp
index 7c38ae4f01..f1e51703a8 100644
--- a/src/qml/jsruntime/qv4stringobject.cpp
+++ b/src/qml/jsruntime/qv4stringobject.cpp
@@ -508,21 +508,24 @@ ReturnedValue StringPrototype::method_replace(CallContext *ctx)
Scoped<RegExpObject> regExp(scope, searchValue);
if (regExp) {
uint offset = 0;
+
+ // We extract the pointer here to work around a compiler bug on Android.
+ Scoped<RegExp> re(scope, regExp->value);
while (true) {
int oldSize = nMatchOffsets;
- if (allocatedMatchOffsets < nMatchOffsets + regExp->value->captureCount() * 2) {
- allocatedMatchOffsets = qMax(allocatedMatchOffsets * 2, nMatchOffsets + regExp->value->captureCount() * 2);
+ if (allocatedMatchOffsets < nMatchOffsets + re->captureCount() * 2) {
+ allocatedMatchOffsets = qMax(allocatedMatchOffsets * 2, nMatchOffsets + re->captureCount() * 2);
uint *newOffsets = (uint *)malloc(allocatedMatchOffsets*sizeof(uint));
memcpy(newOffsets, matchOffsets, nMatchOffsets*sizeof(uint));
if (matchOffsets != _matchOffsets)
free(matchOffsets);
matchOffsets = newOffsets;
}
- if (regExp->value->match(string, offset, matchOffsets + oldSize) == JSC::Yarr::offsetNoMatch) {
+ if (re->match(string, offset, matchOffsets + oldSize) == JSC::Yarr::offsetNoMatch) {
nMatchOffsets = oldSize;
break;
}
- nMatchOffsets += regExp->value->captureCount() * 2;
+ nMatchOffsets += re->captureCount() * 2;
if (!regExp->global)
break;
offset = qMax(offset + 1, matchOffsets[oldSize + 1]);