diff options
author | Arnaud Vrac <avrac@freebox.fr> | 2016-09-14 11:21:36 +0200 |
---|---|---|
committer | Ulf Hermann <ulf.hermann@qt.io> | 2016-10-10 09:41:55 +0000 |
commit | 4b14c4b4da2294926d649ea767cc22b14bc3061e (patch) | |
tree | 4bb172deb7b7713c6d5ad0313020505a43bb1b8a /src/qml/jsruntime/qv4internalclass.cpp | |
parent | 376077a8e73100ccada6f2bb81c6664817bb44ba (diff) |
Fix corruption when adding or changing properties of JS objects
Commit 833c99db20 introduced this regression by only moving part of the
value data to the proper offset.
Task-number: QTBUG-53261
Change-Id: I11241c57057a57794bc3ca60ee437206e524f355
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Diffstat (limited to 'src/qml/jsruntime/qv4internalclass.cpp')
-rw-r--r-- | src/qml/jsruntime/qv4internalclass.cpp | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/src/qml/jsruntime/qv4internalclass.cpp b/src/qml/jsruntime/qv4internalclass.cpp index 0bc4b9a7fc..65e83d848c 100644 --- a/src/qml/jsruntime/qv4internalclass.cpp +++ b/src/qml/jsruntime/qv4internalclass.cpp @@ -140,16 +140,20 @@ static void insertHoleIntoPropertyData(Object *object, int idx) int icSize = object->internalClass()->size; int from = qMax(idx, inlineSize); int to = from + 1; - if (from < icSize) - memmove(object->propertyData(to), object->propertyData(from), icSize - from - 1); + if (from < icSize) { + memmove(object->propertyData(to), object->propertyData(from), + (icSize - from - 1) * sizeof(Value)); + } if (from == idx) return; if (inlineSize < icSize) *object->propertyData(inlineSize) = *object->propertyData(inlineSize - 1); from = idx; to = from + 1; - if (from < inlineSize - 1) - memmove(object->propertyData(to), object->propertyData(from), inlineSize - from - 1); + if (from < inlineSize - 1) { + memmove(object->propertyData(to), object->propertyData(from), + (inlineSize - from - 1) * sizeof(Value)); + } } static void removeFromPropertyData(Object *object, int idx, bool accessor = false) |