diff options
| author | Simon Hausmann <simon.hausmann@theqtcompany.com> | 2015-04-28 15:38:09 +0200 |
|---|---|---|
| committer | Simon Hausmann <simon.hausmann@theqtcompany.com> | 2015-05-08 04:08:10 +0000 |
| commit | 3b5d37ce3841c4bfdf1c629d33f0e33b881b47fb (patch) | |
| tree | 8b67170484d8675366f72d14af43e62849878a15 /src/qml/jsruntime/qv4qobjectwrapper_p.h | |
| parent | d0dc7cec78e182f04726c5a2adade80dc2983bcf (diff) | |
Fix memory corruption when multiple QML engines have JavaScript wrappers for the same QObject
It's possible that the same QObject is exposed to multiple JavaScript
environments, for which we have this "extra" hack in the form of a QMap. The
common case is that QQmlData has a QV4::WeakValue that points to the JS wrapper
for the object. However in the rare case of multiple exposure, a map in the
other engines stores those references. That map was erroneously storing
pointers to temporary values on the JS stack instead of heap pointers.
Change-Id: I8587f9921a9b4f9efd288326d00cebc25ad0bc12
Task-number: QTBUG-45051
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
Diffstat (limited to 'src/qml/jsruntime/qv4qobjectwrapper_p.h')
| -rw-r--r-- | src/qml/jsruntime/qv4qobjectwrapper_p.h | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/src/qml/jsruntime/qv4qobjectwrapper_p.h b/src/qml/jsruntime/qv4qobjectwrapper_p.h index 1b41ca65c1..5d2378018c 100644 --- a/src/qml/jsruntime/qv4qobjectwrapper_p.h +++ b/src/qml/jsruntime/qv4qobjectwrapper_p.h @@ -173,20 +173,20 @@ struct QmlSignalHandler : public QV4::Object }; class MultiplyWrappedQObjectMap : public QObject, - private QHash<QObject*, Object*> + private QHash<QObject*, QV4::WeakValue> { Q_OBJECT public: - typedef QHash<QObject*, Object*>::ConstIterator ConstIterator; - typedef QHash<QObject*, Object*>::Iterator Iterator; + typedef QHash<QObject*, QV4::WeakValue>::ConstIterator ConstIterator; + typedef QHash<QObject*, QV4::WeakValue>::Iterator Iterator; - ConstIterator begin() const { return QHash<QObject*, Object*>::constBegin(); } - Iterator begin() { return QHash<QObject*, Object*>::begin(); } - ConstIterator end() const { return QHash<QObject*, Object*>::constEnd(); } - Iterator end() { return QHash<QObject*, Object*>::end(); } + ConstIterator begin() const { return QHash<QObject*, QV4::WeakValue>::constBegin(); } + Iterator begin() { return QHash<QObject*, QV4::WeakValue>::begin(); } + ConstIterator end() const { return QHash<QObject*, QV4::WeakValue>::constEnd(); } + Iterator end() { return QHash<QObject*, QV4::WeakValue>::end(); } - void insert(QObject *key, Object *value); - Object *value(QObject *key) const { return QHash<QObject*, Object*>::value(key, 0); } + void insert(QObject *key, Heap::Object *value); + ReturnedValue value(QObject *key) const { return QHash<QObject*, QV4::WeakValue>::value(key).value(); } Iterator erase(Iterator it); void remove(QObject *key); |