Fix marking of prototype objects in internal class pool

As per reported bug, we have to protect ourselves against potential loops
and can mark the internal classes much simpler by just walking through
the memory pool they were allocated in.

Task-number: QTBUG-38299
Change-Id: I3ae96e8082e76d06f4321c5aa6d2e9645d2830a0
Reviewed-by: Lars Knoll <lars.knoll@digia.com>

1 files changed, 7 insertions, 2 deletions

diff --git a/src/qml/jsruntime/qv4internalclass_p.h b/src/qml/jsruntime/qv4internalclass_p.h
index 91c6e264db..bd1828a146 100644
--- a/src/qml/jsruntime/qv4internalclass_p.h
+++ b/src/qml/jsruntime/qv4internalclass_p.h
@@ -44,6 +44,7 @@
 #include <QHash>
 #include <QVector>
 #include "qv4global_p.h"
+#include <private/qqmljsmemorypool_p.h>
 
 QT_BEGIN_NAMESPACE
 
@@ -213,7 +214,7 @@ struct InternalClassTransition
 };
 uint qHash(const QV4::InternalClassTransition &t, uint = 0);
 
-struct InternalClass {
+struct InternalClass : public QQmlJS::Managed {
     ExecutionEngine *engine;
     Object *prototype;
     const ManagedVTable *vtable;
@@ -247,7 +248,6 @@ struct InternalClass {
     InternalClass *frozen();
 
     void destroy();
-    void markObjects();
 
 private:
     InternalClass *addMemberImpl(String *string, PropertyAttributes data, uint *index);
@@ -256,6 +256,11 @@ private:
     InternalClass(const InternalClass &other);
 };
 
+struct InternalClassPool : public QQmlJS::MemoryPool
+{
+    void markObjects(ExecutionEngine *engine);
+};
+
 }
 
 QT_END_NAMESPACE