diff options
author | Lars Knoll <lars.knoll@qt.io> | 2018-02-15 15:39:01 +0100 |
---|---|---|
committer | Lars Knoll <lars.knoll@qt.io> | 2018-02-15 15:39:01 +0100 |
commit | 16ca5eab9bdd31774dc8e657f217e044640eecff (patch) | |
tree | 9bfcec84ff94fb8f817e6de20b87f86cf86d68a2 | |
parent | 421dcfb5792a5ff5e5a9851e0c1edf6e87422680 (diff) |
Fix crash when changing from a simple to a sparse array
After that change, if we ran out of slots in the freeList,
the last entry would point to the first Value in the value
array, not indicating that we ran out of free slots.
Task-number: QTBUG-65828
Change-Id: I3e57bb7a0c2dc29172a485a6ea957b6ab5ac962e
-rw-r--r-- | src/qml/jsruntime/qv4arraydata.cpp | 2 | ||||
-rw-r--r-- | src/qml/jsruntime/qv4sparsearray.cpp | 1 | ||||
-rw-r--r-- | src/qml/jsruntime/qv4sparsearray_p.h | 2 |
3 files changed, 3 insertions, 2 deletions
diff --git a/src/qml/jsruntime/qv4arraydata.cpp b/src/qml/jsruntime/qv4arraydata.cpp index 9b7251f3d0..5e971c8e9b 100644 --- a/src/qml/jsruntime/qv4arraydata.cpp +++ b/src/qml/jsruntime/qv4arraydata.cpp @@ -227,8 +227,8 @@ void ArrayData::realloc(Object *o, Type newType, uint requested, bool enforceAtt sparse->values.values[i].setEmpty(); lastFree = &sparse->values.values[i].rawValueRef(); } - storeValue(lastFree, UINT_MAX); } + storeValue(lastFree, UINT_MAX); Q_ASSERT(Value::fromReturnedValue(sparse->sparse->freeList).isEmpty()); // ### Could explicitly free the old data diff --git a/src/qml/jsruntime/qv4sparsearray.cpp b/src/qml/jsruntime/qv4sparsearray.cpp index b7be66bc31..f295e74adc 100644 --- a/src/qml/jsruntime/qv4sparsearray.cpp +++ b/src/qml/jsruntime/qv4sparsearray.cpp @@ -395,6 +395,7 @@ void SparseArray::freeTree(SparseArrayNode *root, int alignment) SparseArray::SparseArray() : numEntries(0) { + freeList = Primitive::emptyValue(UINT_MAX).asReturnedValue(); header.p = 0; header.left = 0; header.right = 0; diff --git a/src/qml/jsruntime/qv4sparsearray_p.h b/src/qml/jsruntime/qv4sparsearray_p.h index 6dca1e1a34..ca6abcda89 100644 --- a/src/qml/jsruntime/qv4sparsearray_p.h +++ b/src/qml/jsruntime/qv4sparsearray_p.h @@ -151,7 +151,7 @@ struct Q_QML_EXPORT SparseArray SparseArray(const SparseArray &other); - ReturnedValue freeList = 0; + ReturnedValue freeList; private: SparseArray &operator=(const SparseArray &other); |