Fix lookups the transition between primitive strings and string objects

Suppose we have

    function foo(x) { return x.constructor; }

and we call it first with

    foo("hello")

then the lookup will be initialized with a primitive getter from the
prototype.

When we subsequently call

    foo(new String("world"))

then the primitiveGetterProto() will check that the provided object is
of the same type as last time, which erroneously succeeds. Indeed, both
are of Managed type. However now we're passing a full-fledged object,
which is not a primitive anymore - hence the additional check to ensure
that we fall back to the generic getter.

Task-number: QTBUG-69898
Change-Id: I3c7a8384bfdf0e31b7c6247cce80fe7448b627b3
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>

1 files changed, 2 insertions, 2 deletions

diff --git a/src/qml/jsruntime/qv4lookup.cpp b/src/qml/jsruntime/qv4lookup.cpp
index 790a5843c2..54bce7d7b3 100644
--- a/src/qml/jsruntime/qv4lookup.cpp
+++ b/src/qml/jsruntime/qv4lookup.cpp
@@ -379,7 +379,7 @@ ReturnedValue Lookup::getterIndexed(Lookup *l, ExecutionEngine *engine, const Va
 
 ReturnedValue Lookup::primitiveGetterProto(Lookup *l, ExecutionEngine *engine, const Value &object)
 {
-    if (object.type() == l->primitiveLookup.type) {
+    if (object.type() == l->primitiveLookup.type && !object.isObject()) {
         Heap::Object *o = l->primitiveLookup.proto;
         if (l->primitiveLookup.protoId == o->internalClass->protoId)
             return l->primitiveLookup.data->asReturnedValue();
@@ -390,7 +390,7 @@ ReturnedValue Lookup::primitiveGetterProto(Lookup *l, ExecutionEngine *engine, c
 
 ReturnedValue Lookup::primitiveGetterAccessor(Lookup *l, ExecutionEngine *engine, const Value &object)
 {
-    if (object.type() == l->primitiveLookup.type) {
+    if (object.type() == l->primitiveLookup.type && !object.isObject()) {
         Heap::Object *o = l->primitiveLookup.proto;
         if (l->primitiveLookup.protoId == o->internalClass->protoId) {
             const Value *getter = l->primitiveLookup.data;