Fix crash when incubating objects with non-existent initial properties

When incubation is triggered from C++ and reaches the state of setting
the initial properties (as supplied to incubateObject), we'd set
engine->currentStackFrame to a CppStackFrame that provides access to the
correct QML context. As we're not called from the interpreter, the
v4Function pointer would be a null pointer. If during the initial
property setting an exception is thrown (due to non-existent property
access) and a back-trace is created, we'd end up dereferencing
v4Function.

Change-Id: I7f6b0ba7893bfb4186f55d4c213b4bb602d29aa0
Task-number: QTBUG-68416
Reviewed-by: Lars Knoll <lars.knoll@qt.io>

4 files changed, 36 insertions, 2 deletions

diff --git a/src/qml/jsruntime/qv4engine.cpp b/src/qml/jsruntime/qv4engine.cpp
index 5521633db7..835933c043 100644
--- a/src/qml/jsruntime/qv4engine.cpp
+++ b/src/qml/jsruntime/qv4engine.cpp
@@ -769,16 +769,19 @@ QQmlContextData *ExecutionEngine::callingQmlContext() const
 
 QString CppStackFrame::source() const
 {
-    return v4Function->sourceFile();
+    return v4Function ? v4Function->sourceFile() : QString();
 }
 
 QString CppStackFrame::function() const
 {
-    return v4Function->name()->toQString();
+    return v4Function ? v4Function->name()->toQString() : QString();
 }
 
 int CppStackFrame::lineNumber() const
 {
+    if (!v4Function)
+        return -1;
+
     auto findLine = [](const CompiledData::CodeOffsetToLine &entry, uint offset) {
         return entry.codeOffset < offset;
     };
diff --git a/tests/auto/qml/qqmlcomponent/data/InitialPropertyTest.qml b/tests/auto/qml/qqmlcomponent/data/InitialPropertyTest.qml
new file mode 100644
index 0000000000..7de276f2d8
--- /dev/null
+++ b/tests/auto/qml/qqmlcomponent/data/InitialPropertyTest.qml
@@ -0,0 +1,4 @@
+import QtQml 2.0
+QtObject {
+    property bool ok: false
+}
diff --git a/tests/auto/qml/qqmlcomponent/data/nonExistentInitialProperty.qml b/tests/auto/qml/qqmlcomponent/data/nonExistentInitialProperty.qml
new file mode 100644
index 0000000000..ef89e46088
--- /dev/null
+++ b/tests/auto/qml/qqmlcomponent/data/nonExistentInitialProperty.qml
@@ -0,0 +1,9 @@
+import QtQml 2.0
+QtObject {
+    property Component factory: Qt.createComponent(Qt.resolvedUrl("InitialPropertyTest.qml"), Component.PreferSynchronous)
+    property var incubator
+    function startIncubation()
+    {
+        incubator = factory.incubateObject(null, { ok: true, nonExistent: 42 }, Qt.Asynchronous)
+    }
+}
diff --git a/tests/auto/qml/qqmlcomponent/tst_qqmlcomponent.cpp b/tests/auto/qml/qqmlcomponent/tst_qqmlcomponent.cpp
index 6a0dc28ca4..3a70890362 100644
--- a/tests/auto/qml/qqmlcomponent/tst_qqmlcomponent.cpp
+++ b/tests/auto/qml/qqmlcomponent/tst_qqmlcomponent.cpp
@@ -117,6 +117,7 @@ private slots:
     void recursion();
     void recursionContinuation();
     void callingContextForInitialProperties();
+    void setNonExistentInitialProperty();
     void relativeUrl_data();
     void relativeUrl();
 
@@ -583,6 +584,23 @@ void tst_qqmlcomponent::callingContextForInitialProperties()
     QVERIFY(checker->scopeObject->metaObject()->indexOfProperty("incubatedObject") != -1);
 }
 
+void tst_qqmlcomponent::setNonExistentInitialProperty()
+{
+    QQmlIncubationController controller;
+    QQmlEngine engine;
+    engine.setIncubationController(&controller);
+    QQmlComponent component(&engine, testFileUrl("nonExistentInitialProperty.qml"));
+    QScopedPointer<QObject> obj(component.create());
+    QVERIFY(!obj.isNull());
+    QMetaObject::invokeMethod(obj.data(), "startIncubation");
+    QJSValue incubatorStatus = obj->property("incubator").value<QJSValue>();
+    incubatorStatus.property("forceCompletion").callWithInstance(incubatorStatus);
+    QJSValue objectWrapper = incubatorStatus.property("object");
+    QVERIFY(objectWrapper.isQObject());
+    QPointer<QObject> object(objectWrapper.toQObject());
+    QVERIFY(object->property("ok").toBool());
+}
+
 void tst_qqmlcomponent::relativeUrl_data()
 {
     QTest::addColumn<QUrl>("url");