Fix CompiledData::Function size calculation

JSUnitGenerator::writeFunction would align the inline data that comes
after the Function to an 8-byte boundary. However,
Function::calculateSize didn't take this into account, resulting in
heap pollution.

Change-Id: I173d844e6be997f8cf4c617d0836622f3bcf582f
Reviewed-by: Lars Knoll <lars.knoll@qt.io>

1 files changed, 7 insertions, 1 deletions

diff --git a/src/qml/compiler/qv4compileddata_p.h b/src/qml/compiler/qv4compileddata_p.h
index 7cefac9f98..5f83c1bd19 100644
--- a/src/qml/compiler/qv4compileddata_p.h
+++ b/src/qml/compiler/qv4compileddata_p.h
@@ -256,7 +256,13 @@ struct Function
     inline bool hasQmlDependencies() const { return nDependingIdObjects > 0 || nDependingContextProperties > 0 || nDependingScopeProperties > 0; }
 
     static int calculateSize(int nFormals, int nLocals, int nInnerfunctions, int nIdObjectDependencies, int nPropertyDependencies) {
-        return (sizeof(Function) + (nFormals + nLocals + nInnerfunctions + nIdObjectDependencies + 2 * nPropertyDependencies) * sizeof(quint32) + 7) & ~0x7;
+        int trailingData = nFormals + nLocals + nInnerfunctions +  nIdObjectDependencies +
+                2 * nPropertyDependencies;
+        return align(align(sizeof(Function)) + size_t(trailingData) * sizeof(quint32));
+    }
+
+    static size_t align(size_t a) {
+        return (a + 7) & ~size_t(7);
     }
 };