diff options
author | Robin Burchell <robin.burchell@crimson.no> | 2017-02-03 08:45:12 +0100 |
---|---|---|
committer | Simon Hausmann <simon.hausmann@qt.io> | 2017-02-03 12:48:40 +0000 |
commit | b7090f1334ac7b8ad2548f084c749eda4fa82451 (patch) | |
tree | 3187ecc4d3c68e387278b5df8b153a14daf149e7 /src/qml/jsruntime/qv4object.cpp | |
parent | 790cfb2bb26990c8345c860d6a23e4116df92f48 (diff) |
Fix a crash in setInternalClass
Revealed by the ES6 testsuite, ./test/built-ins/Object/freeze/15.2.3.9-2-1.js
and probably others. We cannot unconditionally dereference memberData,
it may not always exist.
ES6 tests test/built-ins/Object/freeze before:
=== Summary ===
- Ran 92 tests
- Passed 66 tests (71.7%)
- Failed 26 tests (28.3%)
after:
=== Summary ===
- Ran 92 tests
- Passed 90 tests (97.8%)
- Failed 2 tests (2.2%)
Change-Id: I22a6c9ca081394ba15edfde09f73769eb3ce47b3
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Diffstat (limited to 'src/qml/jsruntime/qv4object.cpp')
-rw-r--r-- | src/qml/jsruntime/qv4object.cpp | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/qml/jsruntime/qv4object.cpp b/src/qml/jsruntime/qv4object.cpp index 2f664c6398..12157af728 100644 --- a/src/qml/jsruntime/qv4object.cpp +++ b/src/qml/jsruntime/qv4object.cpp @@ -61,7 +61,8 @@ DEFINE_OBJECT_VTABLE(Object); void Object::setInternalClass(InternalClass *ic) { d()->internalClass = ic; - if ((!d()->memberData && ic->size) || (d()->memberData->size < ic->size)) + bool hasMD = d()->memberData != nullptr; + if ((!hasMD && ic->size) || (hasMD && d()->memberData->size < ic->size)) d()->memberData = MemberData::allocate(ic->engine, ic->size, d()->memberData); } |