diff options
| author | Robin Burchell <robin.burchell@viroteck.net> | 2016-09-28 00:09:05 +0200 |
|---|---|---|
| committer | Robin Burchell <robin.burchell@viroteck.net> | 2016-09-29 11:23:25 +0000 |
| commit | 3a45458b96bdcbccc189aabf668e998ea03be46f (patch) | |
| tree | 2fe43412c1ee5f0bdec631ddf1e9c867874d29f4 /src/qml/jsruntime/qv4arrayobject.cpp | |
| parent | ef8c6f6a0bf5e4c9ee41306f2df59048ab96038f (diff) | |
Fix crash on Array.prototype.join.call(0)
We (incorrectly) didn't check the return value to make sure we had a valid self.
At the same time, rename the self variable to match up with other methods.
Task-number: QTBUG-53672
Change-Id: Ia0ae5a553e49c4c3b2834c7fdf649fe6373951a2
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
Diffstat (limited to 'src/qml/jsruntime/qv4arrayobject.cpp')
| -rw-r--r-- | src/qml/jsruntime/qv4arrayobject.cpp | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/src/qml/jsruntime/qv4arrayobject.cpp b/src/qml/jsruntime/qv4arrayobject.cpp index 25d3d9329b..324f2c7bf2 100644 --- a/src/qml/jsruntime/qv4arrayobject.cpp +++ b/src/qml/jsruntime/qv4arrayobject.cpp @@ -178,6 +178,10 @@ ReturnedValue ArrayPrototype::method_join(CallContext *ctx) { Scope scope(ctx); ScopedValue arg(scope, ctx->argument(0)); + ScopedObject instance(scope, ctx->thisObject().toObject(scope.engine)); + + if (!instance) + return ctx->d()->engine->newString()->asReturnedValue(); QString r4; if (arg->isUndefined()) @@ -185,8 +189,7 @@ ReturnedValue ArrayPrototype::method_join(CallContext *ctx) else r4 = arg->toQString(); - ScopedObject self(scope, ctx->thisObject()); - ScopedValue length(scope, self->get(ctx->d()->engine->id_length())); + ScopedValue length(scope, instance->get(ctx->d()->engine->id_length())); const quint32 r2 = length->isUndefined() ? 0 : length->toUInt32(); if (!r2) @@ -195,7 +198,7 @@ ReturnedValue ArrayPrototype::method_join(CallContext *ctx) QString R; // ### FIXME - if (ArrayObject *a = self->as<ArrayObject>()) { + if (ArrayObject *a = instance->as<ArrayObject>()) { ScopedValue e(scope); for (uint i = 0; i < a->getLength(); ++i) { if (i) @@ -212,7 +215,7 @@ ReturnedValue ArrayPrototype::method_join(CallContext *ctx) // crazy! // ScopedString name(scope, ctx->d()->engine->newString(QStringLiteral("0"))); - ScopedValue r6(scope, self->get(name)); + ScopedValue r6(scope, instance->get(name)); if (!r6->isNullOrUndefined()) R = r6->toQString(); @@ -221,7 +224,7 @@ ReturnedValue ArrayPrototype::method_join(CallContext *ctx) R += r4; name = Primitive::fromDouble(k).toString(scope.engine); - r12 = self->get(name); + r12 = instance->get(name); if (scope.hasException()) return Encode::undefined(); |